Kostya Serebryany

@sboukortt thanks for the leak fix. Maybe you can suggest improvements to my experimental PNG fuzz target? https://github.com/google/oss-fuzz/blob/master/projects/libpng-proto/libpng_transforms_fuzzer.cc The goal is to be able to cover more parts of the...

Err. What do you mean by "try again"? The fuzzing runs automatically and picks up the fresh master every day. (I've just realized that asan has been disabled on oss-fuzz...

FTR, here is the coverage report for the libpng fuzzers that we run 24/7 Vanilla (using the upstream fuzz target): https://oss-fuzz.com/coverage-report/job/libfuzzer_asan_libpng/latest Experimental: https://oss-fuzz.com/coverage-report/job/libfuzzer_asan_libpng-proto/latest In both cases large chunks of code...

Thank you! When writing tests, pleeeease also consider adding functionality to https://github.com/glennrp/libpng/blob/libpng16/contrib/oss-fuzz/libpng_read_fuzzer.cc Removing unused/untested code is obviously even better. Are you aware of https://www.google.com/about/appsecurity/patch-rewards/ ? It explicitly mentions libpng: ```...

Please send a pull request adding yourself to https://github.com/google/oss-fuzz/blob/master/projects/libpng/project.yaml

yes, auto_ccs. >> Can you confirm that there is not difference with the images stored here Not sure I understand

> @kcc could you help us to understand how to achieve the same level of coverage? (in https://github.com/glennrp/libpng/issues/419) not sure what the question is

yes, you will now have access to the corpus (maybe, give it a few hours?). With the corpus, you should see the same coverage. But is your question about how...

No such plans yet, I want to polish the simplest workflow first. Besides, I am not sure if that will make any sense, after all if you have two things...

DFSan supports ~ 2^16 labels, but I would put a much lower threshold, e.g. 2^14 bytes for now. We can extend later at the cost of some (small) extra complexity....