Subject: Re: [boost] fuzzing boost at OSS-Fuzz
From: Kostya Serebryany (kcc_at_[hidden])
Date: 2017-10-31 05:08:55
Any interest in fuzzing parts of boost on OSS-Fuzz?
BTW, John Maddock is actively fixing boost::regex bugs found by fuzzing:
On Tue, Sep 26, 2017 at 8:51 PM, Kostya Serebryany <kcc_at_[hidden]> wrote:
> I would like to invite boost developers to use OSS-Fuzz, a continuous
> automated fuzzing service.
> I've made the initial set up that fuzzes boost::regex and it found 8 bugs
> there, see
> 3460 boost: Integer-overflow in boost::re_detail_NUMBER::
> 3464 boost: Integer-overflow in boost::re_detail_NUMBER::perl_matcher...
> 3469 boost: ASSERT: jmp->type == syntax_element_jump
> 3471 boost: Stack-overflow in boost::re_detail_NUMBER::
> 3472 boost: Stack-overflow in boost::re_detail_NUMBER::perl_matcherâ¦
> 3478 boost: Stack-buffer-overflow in boost::re_detail_NUMBER::perl_
> 3479 boost: Null-dereference READ in boost::re_detail_NUMBER::
> Vinnie Falco pointed me to Jens Weller's blog post about fuzzing beast:
> https://www.meetingcpp.com/blog/items/fuzzing-beast.html .
> Jens used libFuzzer, which is one of the two fuzzing engines used by
> Adding a boost library to OSS-Fuzz will look very similar to this blog
> For those of you who are at CppCon this week: we can discuss this face to
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk