[libvirt] Should Libvirt apply for OSS-Fuzz?
Martin Kletzander
mkletzan at redhat.com
Fri Dec 2 09:14:22 UTC 2016
On Fri, Dec 02, 2016 at 08:44:48AM +0100, Michal Privoznik wrote:
>Google announced OSS-Fuzz project [1]. It's aim is to test projects with
>significant user base and/or critical projects to the global
>infrastructure. I like to think that libvirt falls in both categories :-)
>You can find a list of already accepted projects here [2]. Once accepted
>to the project we would have to provide some scripts that build libvirt
>and run some tests.
>
I was thinking about that too. And danpb would like that as well, I
guess, since he came up with the fuzzing idea for GSoC.
>One of the disadvantages is that we have to provide a docker(!) image
>where the scripts would run from.
>
But it's not like the whole libvirt has to be installed and running
there, right? It's unit-test fuzzing, it will just link against
libvirt.la and run random APIs (mostly public ones, I guess).
>What are your thoughts on this? Should we apply?
>
I was already reading up on it when you sent the mail, so I'd say yes.
>Michal
>
>
>1:
>https://opensource.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html
>
>2: https://github.com/google/oss-fuzz
>
>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20161202/0266f1e8/attachment-0001.sig>
More information about the libvir-list
mailing list