|
Boost : |
Subject: [boost] fuzzing boost at OSS-Fuzz
From: Kostya Serebryany (kcc_at_[hidden])
Date: 2017-09-27 03:51:53
Hi,
I would like to invite boost developers to use OSS-Fuzz, a continuous
automated fuzzing service.
https://github.com/google/oss-fuzz
https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html
I've made the initial set up that fuzzes boost::regex and it found 8 bugs
there, see
https://svn.boost.org/trac10/ticket/12818#comment:7
3460 boost: Integer-overflow in
boost::re_detail_NUMBER::basic_regex_parser...
3464 boost: Integer-overflow in boost::re_detail_NUMBER::perl_matcher...
3469 boost: ASSERT: jmp->type == syntax_element_jump
3471 boost: Stack-overflow in boost::re_detail_NUMBER::basic_regex_parser...
3472 boost: Stack-overflow in boost::re_detail_NUMBER::perl_matcherâ¦
3478 boost: Stack-buffer-overflow in
boost::re_detail_NUMBER::perl_matcher...
3479 boost: Null-dereference READ in boost::re_detail_NUMBER::basic_regex...
Vinnie Falco pointed me to Jens Weller's blog post about fuzzing beast:
https://www.meetingcpp.com/blog/items/fuzzing-beast.html .
Jens used libFuzzer, which is one of the two fuzzing engines used by
OSS-Fuzz.
Adding a boost library to OSS-Fuzz will look very similar to this blog
post.
For those of you who are at CppCon this week: we can discuss this face to
face.
--kcc
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk