Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:106318 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 69648 invoked from network); 29 Jul 2019 10:15:36 -0000 Received: from unknown (HELO mail-lj1-f182.google.com) (209.85.208.182) by pb1.pair.com with SMTP; 29 Jul 2019 10:15:36 -0000 Received: by mail-lj1-f182.google.com with SMTP id v24so57688891ljg.13 for ; Mon, 29 Jul 2019 00:40:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IwfemaC7tBBQRwGwQOLfbiWYqbh5jWSaK0prrS1Z0iU=; b=CJarws0M2X2pKVKhBB6q7ZjpGXAJdq6jomUTw+CR1+pF1cpYwvPMARqhI8wSLnmpja L1Ey8kcmFSU2NexT706GeNNP2PPaLZvgfi2FnbB1vlLoKv0Ck92PYum1mJPv/8BVdkWz /hVacJh1rwTeG9ujP8m2klUtjVAXy1gj8nN3ewQPy/5Qfz27bGUjuKpnzu9m5Y+XXfN0 3MW9srT99+QfY+rKHQZSdQE8/jJz+8RNUo8xMyMSGV0n2AMAlP79co3UcNEpPB9PBmIs pVEzE28sikQaRfmO7xfZnRBsFvzJyjF2COsA3g0HhUUfw99airqaZ9iSCPjA9QACuqkX ruKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IwfemaC7tBBQRwGwQOLfbiWYqbh5jWSaK0prrS1Z0iU=; b=kbXXjL2juRQQRYvZsaFjeiJObdVbNjBQh/cVt9rQt+D0upW/wbWNFdq+qwGWqPVayW kG6/H13XdVIXxIQfhbkguvTG4yh6rWU9BVRD1GWUoJZMeRC6UdXZoEHvhBaq8JL6dj00 4YwWh1Vz9LIZ7UKQCvOT8ufbRT7vMT6xdeZIhgfUI4u3qQkR/lLUvswKM3bCG+KRZDBd uObp8xQplsp9giOJOg/0SxU88RLOK6CM2/BOgqNNaI5ycN9/Zu0q6TNKJQbcg6ESKSSq 0Ygv5Cqw2SmeIJukE4ohQgbGeC/rl/wpKMSDNNMx1MMcJr76P2eP/vNQTxqxeK2cBI+a jdxA== X-Gm-Message-State: APjAAAVSdkYZ2sgOWNMQsTXH67cx99Jr79MKTSWRPJpeRKcxYq55yxb3 RpHDgSEBdp0d+LkRZWyTT5gUyeGRPFtyygmk9/g= X-Google-Smtp-Source: APXvYqxaYnxQsWPnYQh9h3HmxpfLIps8k5Ski12/fx7dLHDr0SWQmzFQ9F5DZgAfbgn3SBc+CXSs9jUB+rKobBDc/M8= X-Received: by 2002:a2e:8195:: with SMTP id e21mr54123265ljg.62.1564386011614; Mon, 29 Jul 2019 00:40:11 -0700 (PDT) MIME-Version: 1.0 References: <35af7db3-5cba-fe59-1d04-960eacb5aba7@gmail.com> In-Reply-To: <35af7db3-5cba-fe59-1d04-960eacb5aba7@gmail.com> Date: Mon, 29 Jul 2019 09:39:55 +0200 Message-ID: To: Stanislav Malyshev Cc: PHP Internals Content-Type: multipart/alternative; boundary="0000000000008392af058ecd000d" Subject: Re: [PHP-DEV] Merging fuzzing SAPI into core From: nikita.ppv@gmail.com (Nikita Popov) --0000000000008392af058ecd000d Content-Type: text/plain; charset="UTF-8" On Mon, Jul 29, 2019 at 2:48 AM Stanislav Malyshev wrote: > Hi! > > As you probably know, we've been running PHP fuzzing under Google's > OSS-Fuzz[1] project for a while now (and found and fixed some bugs due > to it). > > This has been enabled by the PHP fuzzing API SAPI[2] which currently > lives in a separate repository. Since the setup is working pretty well > for a while now, I would like to propose to merge it into core > repository as a core SAPI, and make Travis CI setup build it as part of > the CI tests. > > This would ensure the fuzzing scripts are not broken by core changes > (happened several times recently) and would provide wider exposure to > the fuzzing setup we have, hopefully prompting extension authors and > other contributors to add more fuzzing modules to it, thus enhancing PHP > security and reliability. > > Are there any objections or suggestions about this? Do we need an RFC > for it? Note that this is only for master branch (only master is being > fuzzed now), though it would not be hard to port to other branches if > there's interest, the fuzzer should work on pretty much any recent > branch with small code changes. > > [1] https://github.com/google/oss-fuzz/ > [2] https://github.com/php/php-fuzzing-sapi Sounds good to me. Feel free to submit a PR for review. Nikita --0000000000008392af058ecd000d--