Security actions to mitigate future vulnerabilities
Luís Ferreira
contact@lsferreira.net
Tue Sep 28 16:21:53 GMT 2021
During my fuzzing test with libfuzzer I found out that GCC is not part
of OSS-Fuzz project. Would be cool to discuss here a bit more about
fuzzing GCC codebase in order to mitigate some future vulnerabilities
that may appear. I can volunteer myself to add the necessary steps to
fuzz GCC on the OSS Fuzz side, but I would like to get some status on:
- Does GCC build system support at least AFL or libfuzzer?
- Is there any infrastructure to automatically test this?
- How to test GCC with fuzzing, if possible
--
Sincerely,
Luís Ferreira @ lsferreira.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://gcc.gnu.org/pipermail/gcc/attachments/20210928/1e2a58c9/attachment.sig>
More information about the Gcc
mailing list