Google Git
Sign in
android / platform / external / oss-fuzz / da812b19f
commitda812b19f2014bc5f6b429ab6e229814eb4f1891[log] [tgz]
authorDRC <information@virtualgl.org>Fri Apr 02 13:14:06 2021 -0500
committerGitHub <noreply@github.com>Fri Apr 02 11:14:06 2021 -0700
tree3d73cc1bd93d915484b50150895485a9945ff99f
parent513bb48b4286c0907652511e5752c507dfbe1cef [diff]
[libjpeg-turbo] Use new fuzzers in project repo (#5537)

- Eliminate unnecessary packages from Docker image (Autotools has not
  been required since libjpeg-turbo 1.5.x.)

- Obtain seed corpora from a new Git repository maintained by The
  libjpeg-turbo Project.  (This new repo contains the old corpora from
  https://lcamtuf.coredump.cx, with duplicates removed, and some new
  corpora curated from historical libjpeg-turbo bug reports.)

- Remove build.sh.  (The libjpeg-turbo Project is now maintaining its
  own build script in order to facilitate the future creation of new
  fuzz targets.)

- Remove fuzz target source code.  (The libjpeg-turbo Project is now
  maintaining its own fuzz targets with better code coverage.)

- Update the project home page in project.yaml.

- Change the project language to C in project.yaml.  (The new fuzz
  targets are written in pure C rather than C++, since libjpeg-turbo is
  a C-only project.)
4 files changed
tree: 3d73cc1bd93d915484b50150895485a9945ff99f
  1. .github/
  2. docs/
  3. infra/
  4. projects/
  5. .dockerignore
  6. .gitignore
  7. .pylintrc
  8. .style.yapf
  9. CONTRIBUTING.md
  10. LICENSE
  11. README.md
README.md

OSS-Fuzz: Continuous Fuzzing for Open Source Software

Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community.

In cooperation with the Core Infrastructure Initiative and the OpenSSF, OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution.

We support the libFuzzer, AFL++, and Honggfuzz fuzzing engines in combination with Sanitizers, as well as ClusterFuzz, a distributed fuzzer execution environment and reporting tool.

Currently, OSS-Fuzz supports C/C++, Rust, Go, Python and Java/JVM code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.

Overview

OSS-Fuzz process diagram

Documentation

Read our detailed documentation to learn how to use OSS-Fuzz.

Trophies

As of January 2021, OSS-Fuzz has found over 25,000 bugs in 375 open source projects.

Blog posts