oss-fuzz icon indicating copy to clipboard operation
oss-fuzz copied to clipboard
verified publisher icon google

[lz4_flex] project proposal

Open tristan-f-r opened this issue 1 year ago • 1 comments

(Approved by the maintainer)

lz4_flex is a ridiculously fast compression library for rust implementing LZ4. It has a prevalent use of unsafe in its faster variant (which could mean not just denial of service, but potential RCE vulnerabilities) , has a high chance of taking in user input, used in large open-source projects:

Its used in bevy, polars, wasmer, chroma, FiloDB, SlateDB, and many other databases. It even has usage in Google's sedpack. This package is a go-to for fast compression, yet only fuzzes in CI: this package is a prime candidate for this project.

tristan-f-r avatar Oct 17 '24 15:10 tristan-f-r

LeoDog896 is integrating a new project:
- Main repo: https://github.com/PSeitz/lz4_flex.git
- Criticality score: 0.46960

github-actions[bot] avatar Oct 17 '24 16:10 github-actions[bot]

We approve of adding this project.

jonathanmetzman avatar Oct 21 '24 18:10 jonathanmetzman