On Tue, 28 Sept 2021 at 17:23, Luís Ferreira <cont...@lsferreira.net> wrote: > > During my fuzzing test with libfuzzer I found out that GCC is not part > of OSS-Fuzz project. Would be cool to discuss here a bit more about > fuzzing GCC codebase in order to mitigate some future vulnerabilities > that may appear. I can volunteer myself to add the necessary steps to > fuzz GCC on the OSS Fuzz side, but I would like to get some status on: > > - Does GCC build system support at least AFL or libfuzzer? > - Is there any infrastructure to automatically test this? > - How to test GCC with fuzzing, if possible
I'd like the libstdc++ <iostream> and <regex> code to get fuzzed, and maybe std::filesystem::path construction. I've discussed it with people before, but none of us got around to setting it up.
