jpegoptim icon indicating copy to clipboard operation
jpegoptim copied to clipboard
verified publisher icon tjko

OSS-Fuzz Integration Inquiry

Open capuanob opened this issue 1 year ago • 2 comments

Hello!

I have integrated a few open-sourced projects into OSS-Fuzz, a program sponsored by Google to provide continuous fuzz-testing of impactful open-sourced projects, and am wondering if jpegoptim's maintainers would approve me undertaking the work to develop a harness to fuzz-test this library and integrate it into OSS-Fuzz.

If you would like more details on what OSS-Fuzz is and what this work would entail, more details can be found here.

If so, all I would need is an email address of the primary contract, who will receive access to ClusterFuzz to view crash reports. I could also list myself as the primary contact, if desired.

Thank you for your consideration and I look forward to working with you all!

capuanob avatar Jan 05 '25 05:01 capuanob

Hi @capuanob, that sounds great. You can use my email (found in project README, etc..)

I recall that in the past people doing "fuzzing" independently have found some issues, so this could prove out to be useful addition.
Also, it would seem rather likely that OSS-Fuzz could find issues in the underlying JPEG library (libjpeg, libjpeg-turbo, mozjpeg, ...), would it be possible to build harness so that it can build/test jpegoptim against different libraries, etc?

tjko avatar Jan 05 '25 18:01 tjko

@tjko Thank you! I will submit this to the panel for their consideration.

If approved, I will get started shortly thereafter. I can definitely support testing against the different, underlying libraries

capuanob avatar Jan 06 '25 21:01 capuanob