Hi again,
Any interest in fuzzing parts of boost on OSS-Fuzz?
BTW, John Maddock is actively fixing boost::regex bugs found by fuzzing:
https://github.com/boostorg/regex/search?q=oss-fuzz&type=Commits
(Thanks John!)
--kcc
On Tue, Sep 26, 2017 at 8:51 PM, Kostya Serebryany
Hi,
I would like to invite boost developers to use OSS-Fuzz, a continuous automated fuzzing service. https://github.com/google/oss-fuzz https://opensource.googleblog.com/2017/05/oss-fuzz-five- months-later-and.html
I've made the initial set up that fuzzes boost::regex and it found 8 bugs there, see https://svn.boost.org/trac10/ticket/12818#comment:7
3460 boost: Integer-overflow in boost::re_detail_NUMBER:: basic_regex_parser... 3464 boost: Integer-overflow in boost::re_detail_NUMBER::perl_matcher... 3469 boost: ASSERT: jmp->type == syntax_element_jump 3471 boost: Stack-overflow in boost::re_detail_NUMBER:: basic_regex_parser... 3472 boost: Stack-overflow in boost::re_detail_NUMBER::perl_matcher… 3478 boost: Stack-buffer-overflow in boost::re_detail_NUMBER::perl_ matcher... 3479 boost: Null-dereference READ in boost::re_detail_NUMBER:: basic_regex...
Vinnie Falco pointed me to Jens Weller's blog post about fuzzing beast: https://www.meetingcpp.com/blog/items/fuzzing-beast.html . Jens used libFuzzer, which is one of the two fuzzing engines used by OSS-Fuzz. Adding a boost library to OSS-Fuzz will look very similar to this blog post.
For those of you who are at CppCon this week: we can discuss this face to face.
--kcc