On 14 Jul 2024, at 21:55, Michael Niedermayer wrote:
> On Sat, Jul 13, 2024 at 11:12:40PM +0200, Kacper Michajlow wrote: >> On Thu, 27 Jun 2024 at 02:50, Kacper Michajlow <kaspe...@gmail.com> wrote: >>> >>> On Thu, 27 Jun 2024 at 00:45, Michael Niedermayer >>> <mich...@niedermayer.cc> wrote: >>>> >>>> On Wed, Jun 26, 2024 at 09:07:42PM +0200, Kacper Michajlow wrote: >>>>> Hi, >>>>> >>>>> Like in the topic. I think it would be useful to enable MSAN on >>>>> OSS-Fuzz. We get some tiny issues and it would be probably good to >>>>> have them tracked upstream. All infra is here, so enabling it is as >>>>> simple as adding it to the project.yaml. Except libbz2.so and libz.so >>>>> would have to be built inline instead, looking at the build.sh, they >>>>> are prebuilt. The rest should just work (TM), but needs to be tested. >>>>> You can set an "experimental' flag to have it not create issues on >>>>> monorail, initially. >>>> >>>> I assumed ossfuzz would enable all sanitizers by default >>> >>> They do not do that by default, because MSAN requires all dependencies >>> to be instrumented too. See >>> https://google.github.io/oss-fuzz/getting-started/new-project-guide/#sanitizers >>> >>> Looking at build.sh for ffmpeg, it should be fine to enable it. >>> Obviously I have not tested everything, but I was running some tests >>> locally with MSAN and also tested it with mpv oss-fuzz builds where we >>> build ffmpeg too with MSAN. >>> >>> - Kacper >> >> I've sent a PR to enable MSAN and a few other build improvements. >> Please take a look https://github.com/google/oss-fuzz/pull/12211 >> > >> Also, would it be ok to add myself to auto_ccs for ffmpeg? Mostly to >> monitor what issues are reported upstream, as we get some reports in >> mpv fuzzing and I never know if I should report it upstream (ffmpeg) >> or it is already found by first-party fuzzing and I shouldn't make >> more noise. > > you are welcome to submit bug reports, you are welcome to submit bug fixes > if you find issues in FFmpeg. > > If someones work in FFmpeg or rather FFmpeg benefits from someone having > access to the reports, then (s)he should receive access. This seems not > to apply here This seems quite rude… Maybe you did not intend it but thats how it reads to me… > > Also i expect the number of outstanding ossfuzz issues to decrease now > after the bulk of coverity issues has been dealt with > > thx > > [...] > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > The real ebay dictionary, page 1 > "Used only once" - "Some unspecified defect prevented a second use" > "In good condition" - "Can be repaird by experienced expert" > "As is" - "You wouldnt want it even if you were payed for it, if you knew ..." > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
