Qt Contributors Summit 2019 -Fuzzing Qt: Difference between revisions
Jump to navigation
Jump to search
(created) |
(Add to category QtCS2019) |
||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
[[Category:QtCS2019]] | |||
== Introduction == | == Introduction == | ||
* Explained briefly what fuzzing is in general | * Explained briefly what fuzzing is in general | ||
Line 33: | Line 34: | ||
** [https://doc.qt.io/qt-5/qabstractsocket.html QAbstractSocket] | ** [https://doc.qt.io/qt-5/qabstractsocket.html QAbstractSocket] | ||
** [https://doc.qt.io/qt-5/qstring.html#asprintf QString::asprintf] | ** [https://doc.qt.io/qt-5/qstring.html#asprintf QString::asprintf] | ||
Robert will try adding them one by one. If you'd like to contribute some, he will | Robert will try adding them one by one. If you'd like to contribute some, he will happily review them. | ||
If you have further proposals, please comment here or write to [mailto:robert.loehning@qt.io Robert] directly. | If you have further proposals, please comment here or write to [mailto:robert.loehning@qt.io Robert] directly. |
Latest revision as of 15:23, 22 November 2019
Introduction
- Explained briefly what fuzzing is in general
- Showed how to fuzz Qt itself
See readme file
What's missing to test Qt in oss-fuzz?
Google offers infrastructure and workflow for fuzzing free software, see oss-fuzz.
- Qt still needs to support more sanitizers
- A docker image defines how to build Qt and the fuzz targets
A prototype exists, but needs tuning
Robert is working on both.
Which code needs fuzz testing the most?
Agreed criteria: Code that operates on possibly untrusted data
Proposals from the audience:
- Classes
- QCborValue
- QCommandLineParser
- QDataStream
- QImage and its plugins
- QJsonValue
- QRegularExpression
- QSslCertificate
- QPdf?
- QTextCodec
- QTextStream
- QTranslator
- Functions
- Further mentions which were considered tricky
Robert will try adding them one by one. If you'd like to contribute some, he will happily review them.
If you have further proposals, please comment here or write to Robert directly.