Added fuzzer to integrate Hiredis into OSS-fuzz #902
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a fuzzer that targets
redisFormatCommand
.Fuzzing is a method of testing whereby pseudo-random data is passed to an application with the goal of finding bugs and vulnerabilities.
I have worked on running this fuzzer continuously through OSS-fuzz and have set up an integration on the OSS-fuzz side for this. If there is interest in fuzzing Hiredis continuously, all that is needed is for this fuzzer to be merged and at least one maintainers email address on the OSS-fuzz side. This will allow OSS-fuzz to run this fuzzer as well as all future fuzzers continuously, and in case bugs are found, maintainers get notified with an email containing a link to a detailed bug report. The service is free for open source projects and is offered with an implied expectation that bugs are fixed, so that the resources spent on fuzzing Hiredis go towards resolving bugs.