[issue29505] Submit the re, json, & csv modules to oss-fuzz testing
Guido Vranken
report at bugs.python.org
Mon Jul 8 10:11:58 EDT 2019
Guido Vranken <guidovranken at gmail.com> added the comment:
Hi,
I've built a generic Python fuzzer and submitted it to OSS-Fuzz.
It works by implementing a "def FuzzerRunOne(FuzzerInput):" function in Python in which some arbitrary code is run based on FuzzerInput, which is a bytes object.
This is a more versatile solution than the current re, json, csv fuzzers as it requires no custom C code and adding more fuzzing targets is as easy as writing a new harness in Python and adding a build rule.
Code coverage is measured at both the CPython level (*.c) and the Python level (*.py). CPython is compiled with AddressSanitizer. What this means is that both CPython memory bugs and Python library bugs (excessive memory consumption, hangs, slowdowns, unexpected exceptions) are expected to transpire.
You can see my current set of fuzzers here: https://github.com/guidovranken/python-library-fuzzers
The PR to OSS-Fuzz is https://github.com/google/oss-fuzz/pull/2567
Currently, the only Python maintainer who will be receiving automated bug reports is gpshead. Are there any other developers who normally process Python security bug reports and would like to receive notifications?
Feel free to respond directly in the OSS-Fuzz PR thread.
----------
nosy: +Guido
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue29505>
_______________________________________
More information about the Python-bugs-list
mailing list