[Proj] Submitting proj.4 to Google OSS Fuzz ?

Sat May 20 16:06:21 EST 2017

Hi,

OSS-Fuzz is Continuous Fuzzing for Open Source Software :
https://github.com/google/oss-fuzz/  (it has a good intro on what it consists of)

Basically OSS Fuzz checkouts the source code repo every day, builds it, runs fuzzing tools
on test program you create, files bugs when it finds some and notify developers,
and close them automatically once it has verified that a fix has been pushed to the repo
(within one or two days)

I've experimented in integrating proj.4 with it (after having used it successfully
in GDAL since more than one week)

If you have Docker installed, you can test it locally with :

git clone --branch=add_proj git at github.com:rouault/oss-fuzz.git
cd oss-fuzz
export PROJECT_NAME=proj4
python infra/helper.py build_image $PROJECT_NAME
# or --sanitizer undefined
python infra/helper.py build_fuzzers --sanitizer address $PROJECT_NAME
python infra/helper.py run_fuzzer $PROJECT_NAME standard_fuzzer

See https://github.com/google/oss-fuzz/blob/master/docs/new_project_guide.md for more details.

In a few seconds, it has found 2 issues for which I have a PR ready;
https://github.com/OSGeo/proj.4/pull/516
It is likely that more are pending...

The integration in OSS Fuzz is in 2 parts :
- a few new files to Google OSS Fuzz repository, mostly to mention the
proj.4 code source repo and bootstrap the build with fuzzers
https://github.com/google/oss-fuzz/compare/master...rouault:add_proj

- a few new files to proj.4 repository with the code to run under the fuzzer:
https://github.com/OSGeo/proj.4/compare/master...rouault:ossfuzz
I've create a simple fuzzer, fuzzers/standard_fuzzer.cpp, that checks that there
are 3 lines in the random (*) input provided by the fuzzer code to our code ,
takes the first one as a potential source proj.4 string, the second one as a
potential target proj.4 string, the third one as a potential pair of coordinates and
runs pj_transform() on it.
And that's it (we don't really care about the return of pj_transform() itself). If none of the above
crashes, raises undefined behaviour, leaks memory, allocates tons of memory or takes forever
to complete, things are good. Otherwise oss fuzz will raise a bug.
It would be easy to add fuzzer targets similar to the above to test other parts of the API.

QUESTION 1:
Are people happy if we submit 
https://github.com/google/oss-fuzz/compare/master...rouault:add_proj?expand=1
to Google - if they accept it since they are still in beta for now -, so they run it on
their clusters ? (actually the projects/proj4/Dockerfile will be modified to point to
proj.4 master instead of my clone, once I've merged my proj.4 ossfuzz branch to master)

If they don't accept it yet, we can also merge my proj.4 ossfuzz branch to master and
people interested can follow the above procedure to run it locally on their machine.

I've put Howard and Kristian in the CC list of bug notifications that will be privately accessible
in the first 90 days of their discovery.

QUESTION 2 to Howard and Kristian :
Please confirm you are interested in being CC'ed of bugs, and
tell me if the email I put is associated with a Google email account (if not, you
will not be able to access the bug details / bug list) :
https://github.com/google/oss-fuzz/compare/master...rouault:add_proj?expand=1#diff-76deaed2c7f4f80693f34903d9f7ae34
(actually I had an issue when I did the GDAL integration: it seems the email must be
a Google email, not just associated with a Google account)

If other proj.4 developers are interested, tell me and give me your Google email.

Even

(*) not so random input since the fuzzers are quite smart to build a relevant dictionnary, but
it is also possible to feed it with a relevant initial dictionnary too. For example we could
put some grid names, proj parameter names, etc...

-- 
Spatialys - Geospatial professional services
http://www.spatialys.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.maptools.org/pipermail/proj/attachments/20170520/027f52cb/attachment.htm 