Hi, in [1], I promised to keep you updated about Qt in oss-fuzz and it's high time.
I'm happy to inform you that since the beginning of this year, Google's oss-fuzz [2] is running tests on Qt 5.15. So far, only four functions are being tested directly, but much more code is covered through these, as you can see in [3]. This already found a number of issues which I forward to the security mailing list. 90 days after finding them or 30 days after verifying the fix - whatever comes first - they are being published in [4]. One by one, I'll now add tests for more code, starting with that mentioned on QtCS. [5] If you have any ideas, questions or complaints, please don't hesitate to send them to me. Cheers, Robert [1] https://lists.qt-project.org/pipermail/development/2019-January/034894.html [2] https://github.com/google/oss-fuzz [3] https://storage.googleapis.com/oss-fuzz-coverage/qt/reports/20200312/linux/report.html [4] https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj%3Dqt&can=1 [5] https://wiki.qt.io/Qt_Contributors_Summit_2019_-Fuzzing_Qt _______________________________________________ Development mailing list [email protected] https://lists.qt-project.org/listinfo/development
