Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
Fuzzing the library brought great stability improvements in the last couple releases. But the current integration in oss-fuzz has only a limited scope. Fuzzing is only done on the following classes:
- SevenZFile
- TarFile
- ZipFile
Additionally those fuzzing tests only open the file and are not reading the file content.
IMHO the tests should be expanded to cover the following:
- Fuzz all supported formats (stream based and file based)
- Read the whole fuzzed file
I don't know if it makes sense to also fuzz archive creation. The only thing which might be worth there would be the ArchiveEntries since fuzzing the file content seems useless.