Integrate fuzz tests in source tree and extend test cases

[bshastry]

Hi,

In the long run, it is better to merge fuzz tests in your source tree instead of in oss-fuzz repo.

Also, it would be useful to extend the current test set with more test cases for other parsing APIs perhaps.

I'd be happy to take this up together with the dev team :-)

[obgm]

Thank you, any help with that is highly appreciated! What exactly needs to be added to the source tree to do that?

And yes, more tests would be good. As far as I understand, specific corpora could enhance the testing as well.

[bshastry]

Thank you, any help with that is highly appreciated! What exactly needs to be added to the source tree to do that?

Basically, all the fuzzer test cases need to move to this repo in a folder like tests/oss-fuzz from oss-fuzz. This will help you maintain fuzzer test cases like you maintain other code.

And yes, more tests would be good. As far as I understand, specific corpora could enhance the testing as well.

Exactly. There are two things that could be added:

• corpora (generated by the fuzzer), dictionaries specific to test cases
• new test cases for APIs that process potentially attacker controlled data

[bshastry]

Hello,

Any updates on this? 😄 (CC #211)

[bshastry]

Ping :-)

[obgm]

I have not yet have a deeper look nor found somebody to contribute to this. Anyway, feel free to open a PR addressing this any time.