[Proj] Submitting proj.4 to Google OSS Fuzz ?

Even Rouault even.rouault at spatialys.com
Tue May 23 12:51:01 EST 2017 

On mardi 23 mai 2017 17:23:32 CEST Even Rouault wrote:
> On mardi 23 mai 2017 14:24:11 CEST Kristian Evers wrote:
> > > That's the most convenient. You can run OSS-Fuzz locally as instructed
> > > in
> > > proj.4 tests/fuzzers/README.TXT (but you need Linux and Docker for
> > > that),
> > > and there you could point the oss-fuzz/projects/proj4/Dockerfile to a
> > > branch of yours (that's how I tested it before submitting it)
> > 
> > Yeah, I figured. It would be super cool if you could trigger OSS-Fuzz
> > targeting a specific bug via a pull request. Maybe that will be possible
> > in
> > the future...
> > 
> > Thanks for the help. I will try to run OSS-Fuzz locally to confirm fixes
> > before I commit them to master.
> 
> Well, in that case that means you're running Linux, so build proj.4 with
> CFLAGS="- fsanitize=undefined,address" and running the standalone
> standard_fuzzer should be sufficient (and much faster)

Note: make sure the proj lib is built with a PROJ_LIB define that points to something valid, or 
define PROJ_LIB to point to the in-source nad directory when running standard_fuzzer as it 
can make a difference (in particular since the fuzzer might generate strings without +no_defs 
and ellipsoid values, and in that case they are valid due to nad/proj_def.dat containing 
ellps=WGS84. Whereas if you run standard_fuzzer with no valid PROJ_LIB you'll get an early 
exit due to proj_init() having failed. I've updated the example in test/fuzzers/README.TXT 
with that)

> 
> > Kristian
> > 
> > Fra: Even Rouault [mailto:even.rouault at spatialys.com]
> > Sendt: 23. maj 2017 16:09
> > Til: proj at lists.maptools.org
> > Cc: Kristian Evers
> > Emne: Re: [Proj] Submitting proj.4 to Google OSS Fuzz ?
> > 
> > On mardi 23 mai 2017 13:41:50 CEST Kristian Evers wrote:
> > > Kurt, Even,
> > > 
> > > 
> > > 
> > > Thanks for your suggestions. Very helpful. I do have access to a Linux
> > > 
> > > server and if necessary I can work on that. It is just slightly
> > > 
> > > inconvenient when on the move etc.
> > > 
> > > 
> > > 
> > > 
> > > 
> > > I must say, it is a very impressive piece software google has created!
> > > 
> > > Although it is a bit hard to grasp the finer details :-) I think I can
> > > fix
> > > 
> > > some of the discovered issues just from looking at the report, as you
> > > 
> > > suggest, Even.
> > > 
> > > 
> > > 
> > > 
> > > 
> > > The only way to triggers OSS-Fuzz to test code is to commit on the
> > > 
> > > master-branch, correct?
> > 
> > That's the most convenient. You can run OSS-Fuzz locally as instructed in
> > proj.4 tests/fuzzers/README.TXT (but you need Linux and Docker for that),
> > and there you could point the oss-fuzz/projects/proj4/Dockerfile to a
> > branch of yours (that's how I tested it before submitting it)
> > 
> > > /Kristian
> > > 
> > > _______________________________________________
> > > 
> > > Proj mailing list
> > > 
> > > Proj at lists.maptools.org<mailto:Proj at lists.maptools.org>
> > > 
> > > http://lists.maptools.org/mailman/listinfo/proj
> > 
> > --
> > 
> > Spatialys - Geospatial professional services
> > 
> > http://www.spatialys.com


-- 
Spatialys - Geospatial professional services
http://www.spatialys.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.maptools.org/pipermail/proj/attachments/20170523/f4623379/attachment.htm

More information about the Proj mailing list