[ https://issues.apache.org/jira/browse/COMPRESS-632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17784229#comment-17784229 ]
Yakov Shafranovich edited comment on COMPRESS-632 at 11/8/23 11:07 PM: ----------------------------------------------------------------------- I am going to be submitting a pull request with some minor fixes and unit tests for several archivers/compressors that prevented the fuzzers from working. Once those are merged in, I will submit a PR to oss-fuzz covering most of the archivers and compressors. There are several that I held back on for now while trying to fix some of the minor bugs preventing fuzzing, and I will submit those as a follow-up PR. I did not enable fuzzing for those archivers and compressors that are supported via third party libraries such xz and zstandard, since those are already being fuzzed in oss-fuzz. Let me know if that's ok, otherwise I can add fuzzing coverage for those as well. And please keep this issue open while I wrap up the remaining archivers/compressors. was (Author: JIRAUSER302028): I am going to be submitting a pull request with some minor fixes and unit tests for several archivers/compressors that prevented the fuzzers from working. Once those are merged in, I will submit a PR to oss-fuzz covering most of the archivers and compressors. There are several that I held back on for now while trying to fix some of the minor bugs preventing fuzzing, and I will submit those as a follow-up PR. > Improve fuzzing coverage in oss-fuzz > ------------------------------------ > > Key: COMPRESS-632 > URL: https://issues.apache.org/jira/browse/COMPRESS-632 > Project: Commons Compress > Issue Type: Improvement > Reporter: Robin Schimpf > Priority: Major > > Fuzzing the library brought great stability improvements in the last couple > releases. But the current integration in oss-fuzz has only a limited scope. > Fuzzing is only done on the following classes: > * SevenZFile > * TarFile > * ZipFile > Additionally those fuzzing tests only open the file and are not reading the > file content. > IMHO the tests should be expanded to cover the following: > * Fuzz all supported formats (stream based and file based) > * Read the whole fuzzed file > I don't know if it makes sense to also fuzz archive creation. The only thing > which might be worth there would be the ArchiveEntries since fuzzing the file > content seems useless. -- This message was sent by Atlassian Jira (v8.20.10#820010)