Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the project to OSS-Fuzz #83

Open
mgeisler opened this issue Sep 20, 2023 · 5 comments
Open

Add the project to OSS-Fuzz #83

mgeisler opened this issue Sep 20, 2023 · 5 comments
Assignees
@kdarkhan
Labels
good first issue Good for newcomers help wanted Extra attention is needed

Comments

@mgeisler
Copy link
Collaborator

Instead of running fuzzers for a short amount of time on every PR, we should see if we can get added to OSS-Fuzz.
@mgeisler mgeisler added good first issue Good for newcomers help wanted Extra attention is needed labels Sep 20, 2023
@mgeisler mgeisler mentioned this issue Sep 21, 2023
Merged
@mgeisler
Copy link
Collaborator Author

Note that this can be worked on in parallel to #57 and #65.

@mgeisler mgeisler changed the title See if we can be added to OSS-Fuzz Add the project to OSS-Fuzz Oct 3, 2023
@kdarkhan
Copy link
Collaborator

kdarkhan commented Nov 1, 2023
edited
Loading

When running the fuzz tests locally for longer time, I was able to trigger a panic which is caused by the parser of pulldown-cmark. I checked the version from master of pulldown-cmark and see that the issue does not trigger there.

Once pulldown-cmark releases a new version/tag, I know the issue will be fixed. Now, if I will add the project to OSS-Fuzz, it will probably show those issues caused by the old pulldown-cmark tag. How should those be handled? Is it OK to just wait for a new release of the dependency?

@mgeisler
Copy link
Collaborator Author

mgeisler commented Nov 3, 2023

When running the fuzz tests locally for longer time, I was able to trigger a panic which is caused by the parser of pulldown-cmark. I checked the version from master of pulldown-cmark and see that the issue does not trigger there.

Cool, thanks for checking this! They might not know about it in the upstream repository, so we should let them know so they can create a new release.

Once pulldown-cmark releases a new version/tag, I know the issue will be fixed. Now, if I will add the project to OSS-Fuzz, it will probably show those issues caused by the old pulldown-cmark tag. How should those be handled?

I'm not super sure how to handle this, actually. From my own projects, I seem to remember that you get a mail about any fuzz errors found. I hope it will cluster errors so that a known problem will send just one mail 🙂

Is it OK to just wait for a new release of the dependency?

Yeah, we can wait for pulldown-cmark to be fixed before we look into this. Are you okay with being assigned to this bug since you now have all the relevant context?

@kdarkhan
Copy link
Collaborator

kdarkhan commented Nov 6, 2023

Sure, you can assign the bug to me.

@kdarkhan kdarkhan mentioned this issue May 25, 2024
Merged
jonathanmetzman pushed a commit to google/oss-fuzz that referenced this issue Jun 4, 2024
@kdarkhan
mdbook-i18n-helpers: Initial integration (#11997)
61fe71f 
[mdbook-i18n-helpers](https://github.com/google/mdbook-i18n-helpers/) is
a plugin for [mdbook](https://rust-lang.github.io/mdBook/) which enables
localization support.
According to [crates](https://crates.io/crates/mdbook-i18n-helpers), it
was downloaded ~100k times.

The project already defines [several fuzzers within its
repo](https://github.com/google/mdbook-i18n-helpers/tree/main/fuzz).

I am one of the maintainers of the project. The main maintainer
@mgeisler approves of this request as can be seen from
google/mdbook-i18n-helpers#83.
@kdarkhan
Copy link
Collaborator

kdarkhan commented Nov 1, 2024
edited
Loading

The first PR that was merged defines the project definition.

I created the next PR which should enable fuzzing but after several months it has not been reviewed yet.

google/oss-fuzz#12215

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kdarkhan kdarkhan

Labels
good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mgeisler @kdarkhan