[
https://issues.apache.org/jira/browse/COMPRESS-632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17784229#comment-17784229
]
Yakov Shafranovich edited comment on COMPRESS-632 at 11/8/23 11:07 PM:
-----------------------------------------------------------------------
I am going to be submitting a pull request with some minor fixes and unit tests
for several archivers/compressors that prevented the fuzzers from working. Once
those are merged in, I will submit a PR to oss-fuzz covering most of the
archivers and compressors. There are several that I held back on for now while
trying to fix some of the minor bugs preventing fuzzing, and I will submit
those as a follow-up PR.
I did not enable fuzzing for those archivers and compressors that are supported
via third party libraries such xz and zstandard, since those are already being
fuzzed in oss-fuzz. Let me know if that's ok, otherwise I can add fuzzing
coverage for those as well.
And please keep this issue open while I wrap up the remaining
archivers/compressors.
was (Author: JIRAUSER302028):
I am going to be submitting a pull request with some minor fixes and unit tests
for several archivers/compressors that prevented the fuzzers from working. Once
those are merged in, I will submit a PR to oss-fuzz covering most of the
archivers and compressors. There are several that I held back on for now while
trying to fix some of the minor bugs preventing fuzzing, and I will submit
those as a follow-up PR.
> Improve fuzzing coverage in oss-fuzz
> ------------------------------------
>
> Key: COMPRESS-632
> URL: https://issues.apache.org/jira/browse/COMPRESS-632
> Project: Commons Compress
> Issue Type: Improvement
> Reporter: Robin Schimpf
> Priority: Major
>
> Fuzzing the library brought great stability improvements in the last couple
> releases. But the current integration in oss-fuzz has only a limited scope.
> Fuzzing is only done on the following classes:
> * SevenZFile
> * TarFile
> * ZipFile
> Additionally those fuzzing tests only open the file and are not reading the
> file content.
> IMHO the tests should be expanded to cover the following:
> * Fuzz all supported formats (stream based and file based)
> * Read the whole fuzzed file
> I don't know if it makes sense to also fuzz archive creation. The only thing
> which might be worth there would be the ArchiveEntries since fuzzing the file
> content seems useless.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
