-
Ok, rewind to early 2017. My team was going to write a SPIR-V backend to DXC, lovingly called Spiregg https://github.com/microsoft/DirectXShaderCompiler/blob/master/docs/SPIR-V.rst …. Question was: how were we going to test it?
#ossfuzzPrikaži ovu nit -
GDAL 2.3.0 released! Sadly, I didn't get to test the release candidates (newborn human in the house)
@EvenRouault has been crazy productive and this... "More than 1000 fixes for issues/vulnerabilities found by OSS-Fuzz" https://lists.osgeo.org/pipermail/gdal-dev/2018-May/048527.html …#ossfuzz -
-
Fuzz Driver Generation at Scale! Check out the preprint of our
@FSEconf paper at: https://ai.google/research/pubs/pub48314 … work w/ D. Babic,@sbucur, Y. Chen,@fivancic, T. King, M. Kusano,@cestlemieux, W. Wang. See you at@FSEconf in August!#esecfse#google#fuzzing#ossfuzz -
I am really proud of my team for receiving a best paper award at
#esecfse19! Check it out at https://ai.google/research/pubs/pub48314 …. We synthesize drivers that find security and reliability issues using fuzzing. Many run in#ossfuzz - supported with integration rewards https://security.googleblog.com/2018/11/a-new-chapter-for-oss-fuzz.html …pic.twitter.com/eQpF6rlCTz
-
Finally got
@gstreamer integrated into#ossfuzz
and interesting bugs from 2003 code are popping up :) -
#GDAL has so far been > 14% of the#OSSFuzz bugs. Measured by 675 commits crediting OSS Fuzz and OSS Fuzz being at about bug 4672. Credit to@EvenRouault for bug fixing! -
#ossfuzz is now fuzzing GDAL on i386 and has already found a few 32-bit specific (or generic but easier to spot) bugs -
#ossfuzz creativity makes me discover features of GDAL I was unaware of. For example "ogr2ogr myoutputdatasource myinputdatasourcewithseverallayers -nln somename" will 'merge' all the input layers into a single one (for drivers that support adding fields to non empty layers) -
Sharing
#ossfuzz bounty with@unicorn_engine... Help would now be appreciated for merging it with latest#qemu -
-
Ironically the
#ossfuzz fuzzer for ogr2ogr I wrote to find bugs in the writing part of drivers also helps finding bugs in the reading part :-) -
Who analyses an OSS project’s security over time? Check out these 4 open security examples that are raising the bar -
#ossfuzz@github#internetbugbountyhttps://hubs.ly/H0jt4CY0 -
I'm crediting
#OSSFuzz in ticket commits for bugs it discovered in ... fuzzers I wrote for it... -
oss-fuzz integration has been merged into {fmt}: https://github.com/fmtlib/fmt/pull/1199 … Thanks to
@PaulDreik!#ossfuzz#fmtlib -
@kurtschwehr Discovering from Bas email that someone has taken care of registering a CVE at least for one of the GDAL#ossfuzz issues: https://nvd.nist.gov/vuln/detail/CVE-2019-17545 … . Why this one and not others is a mystery :-) -
-
Crazy that this UK/Ordnance Survey NTF vector format, that no one no longer uses, generates so many
#OSSFuzz bug reports. -
Proposed
#libidn2 inclusion in#ossfuzz. Hoping for the best. https://github.com/google/oss-fuzz/pull/543 … -
Ok, first fix of a fuzzer bug is: https://github.com/google/effcee/pull/32 … When parsing the checks string, there are cases where a string intended as a regexp isn't a valid RE2 regexp. The fix is to check those cases and fail early. Prevents a heap-buffer-overflow later on
#ossfuzzPrikaži ovu nit
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.