minutes of ESC call ...
dtardon at redhat.com
Thu Apr 6 14:27:17 UTC 2017
On Thu, Apr 06, 2017 at 08:22:04AM +1000, Chris Sherlock wrote:
> > On 31 Mar 2017, at 10:59 pm, David Tardon <dtardon at redhat.com> wrote:
> >> On Thu, Mar 30, 2017 at 04:08:18PM +0100, Michael Meeks wrote:
> >> * Crashtest update (Caolan)
> >> + Google / ossfuzz: 24 fuzzers active now, unchanged
> >> + not added any more tests – existing giving out enough noise
> >> + lots of horsepower: they are also testing for local leaks & hangs
> >> + previously ignoring those; lots in this category.
> >> + fast-hangs are more interesting than timeout – but fixing ...
> > As I missed the call yesterday...
> > I've started adding DLP libraries to oss-fuzz. There are 2 active fuzzers so far: for libmspub and OLE2 parser in librevenge. I have
> > submitted pull requests for 3 more: libcdr, libpagemaker and libwpd. Another 2, libwpg and libvisio, are in progress. I plan to add all the
> > libraries ultimately (if Google allows :-)
> > The yield is rather low, which is good. After all, the libraries have been fuzzed quite extensively in the past...
> > D.
> Ah! After months (a year or more?) of being away from LO I noticed a whole bunch of fuzzing files... that's amazing work! A real boon for LibreOffice David, great work.
Actually the fuzzers in LibreOffice are Caolan's work. Fuzzers for DLP
libs are in the libs themselves.
> Is there a wiki page on how to use and integrate fuzzing?
Nothing LibreOffice-specific, no. You can look at
and bin/oss-fuzz-build .
More information about the LibreOffice