Qt wiki will be updated on October 12th 2023 starting at 11:30 AM (EEST) and the maintenance will last around 2-3 hours. During the maintenance the site will be unavailable.

Qt Contributors Summit 2019 -Fuzzing Qt

From Qt Wiki

Jump to navigation Jump to search

Introduction

Explained briefly what fuzzing is in general
Showed how to fuzz Qt itself
See readme file

What's missing to test Qt in oss-fuzz?

Google offers infrastructure and workflow for fuzzing free software, see oss-fuzz.

Qt still needs to support more sanitizers
A docker image defines how to build Qt and the fuzz targets
A prototype exists, but needs tuning

Robert is working on both.

Which code needs fuzz testing the most?

Agreed criteria: Code that operates on possibly untrusted data

Proposals from the audience:

Classes
- QCborValue
- QCommandLineParser
- QDataStream
- QImage and its plugins
- QJsonValue
- QRegularExpression
- QSslCertificate
- QPdf?
- QTextCodec
- QTextStream
- QTranslator
Functions
- *::fromRawData
- QTextDocumentFragment::fromHtml
- QUrl::fromUserInput
- QWebEngineView::setContent
Further mentions which were considered tricky
- QAbstractSocket
- QString::asprintf

Robert will try adding them one by one. If you'd like to contribute some, he will happily review them.

If you have further proposals, please comment here or write to Robert directly.

Retrieved from "https://wiki-qt-io-staging.herokuapp.com/index.php?title=Qt_Contributors_Summit_2019_-Fuzzing_Qt&oldid=36474"

QtCS2019