Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(hdf5): remove options and run h5_read_fuzzer #12426

Merged
merged 5 commits into from
Aug 30, 2024
Merged

fix(hdf5): remove options and run h5_read_fuzzer #12426

merged 5 commits into from
Aug 30, 2024

Conversation

hyoklee
Copy link
Contributor

@hyoklee hyoklee commented Aug 29, 2024

@google-cla Google CLA
Copy link

google-cla bot commented Aug 29, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@github-actions GitHub Actions
Copy link

hyoklee is a new contributor to projects/hdf5. The PR must be approved by known contributors before it can be merged. The past contributors are: maflcko, derobins, DonggeLiu

@DavidKorczynski
Copy link
Collaborator

We don't need to run the fuzzer in the build script, the harnesses are only meant to be put in $OUT and OSS-Fuzz will take of the running of them.

Notice the comment here: #11806 (comment) from a perspective of there is a backlog of other issues. The idea behind not having leak detection in this case is to focus on more severe issues by allowing the harness to bypass potentially often-seen issues, I'd probably recommend focusing on those before leaks.You can see an overview of issues here https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj%3Dhdf5&can=2

I can see you're a contributor to the project, so I would propose adding your email to https://github.com/google/oss-fuzz/blob/master/projects/hdf5/project.yaml and then you can see details of the already-found issues.

DavidKorczynski
DavidKorczynski requested changes Aug 30, 2024
View reviewed changes
Copy link
Collaborator

@DavidKorczynski DavidKorczynski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see above

@DavidKorczynski DavidKorczynski merged commit 561e0b4 into google:master Aug 30, 2024
15 checks passed
@hyoklee
Copy link
Contributor Author

hyoklee commented Aug 30, 2024

@DavidKorczynski , thank you so much reviewing and approving PR quickly!

@DavidKorczynski
Copy link
Collaborator

All good -- it's great to see the fuzzing additions you've added in the HDF5 project recently!

@DavidKorczynski
Copy link
Collaborator

If it would make things easier for you @hyoklee then feel free to migrate the fuzzing harnesses + build.sh to upstream hdf5. It may help manage the fuzzing set up since you get more control.

@DavidKorczynski
Copy link
Collaborator

For inspiration on upstream set ups, you can take a look at net-snmp:

https://github.com/net-snmp/net-snmp/tree/master/testing/fuzzing holds the fuzzing artifacts in the upstream repository. Consequently, the OSS-Fuzz project is quite simple: https://github.com/google/oss-fuzz/tree/master/projects/net-snmp

@hyoklee
Copy link
Contributor Author

hyoklee commented Aug 30, 2024

@DavidKorczynski , you're amazing! That's exactly what I was looking for.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DavidKorczynski DavidKorczynski DavidKorczynski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hyoklee @DavidKorczynski