OSS-Fuzz Integration

Question

OSS-Fuzz Integration

ennamarie19 opened this issue 5 months ago · 4 comments

My name is McKenna Dallmeyer and I would like to submit pdf2image to OSS-Fuzz.

If you are not familiar with the project, OSS-Fuzz is Google's platform for continuous fuzzing of Open Source Software.

In order to get the most out of this program, it would be greatly beneficial to be able to merge-in my fuzz harness and build scripts into the upstream repository and contribute bug fixes if they come up. Is this something that you would support me putting the effort into?

Thank you!

Answer 1 · 2024-06-05T21:14:36.000Z

Hi and thank you for your interest in making pdf2image more secure. I'd be happy to merge contributions seeking to make the package more robust, that being said, due to recent events I will be refusing any binaries and any code that I cannot fully understand/audit myself.

Can you share an example of fuzz harness and build scripts?

Answer 2 · 2024-06-06T21:09:54.000Z

Totally understand! Sure thing!

Here is a fuzz harness that I wrote hosted in the upstream repository - https://github.com/collective/icalendar/tree/master/src/icalendar/fuzzing

Here is the link to what is hosted on OSS-Fuzz for this project - https://github.com/google/oss-fuzz/tree/master/projects/icalendar

Please let me know how you wish to proceed! Thank you again!

Answer 3 · 2024-06-11T21:07:19.000Z

Hi @Belval were you able to access what I shared? Thoughts?

Answer 4 · 2024-10-07T21:44:31.000Z

Hi again @Belval
Were you able to take a look at the examples for OSS-Fuzz integration? Would love to contribute this to the project if you're up for it!