[tor-bugs] #33140 [Core Tor]: Clusterfuzz environment flags reused for dependencies

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 3 16:39:19 UTC 2020


#33140: Clusterfuzz environment flags reused for dependencies
-----------------------------------+------------------------
 Reporter:  cypherpunks            |          Owner:  (none)
     Type:  defect                 |         Status:  new
 Priority:  Medium                 |      Milestone:
Component:  Core Tor               |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:  clusterfuzz, oss-fuzz  |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+------------------------

Comment (by cypherpunks):

 If tor doesn't use openssl correctly tor fails the test. Openssl is fuzzed
 upstream so the instrumentation doesn't help because we don't complete the
 openssl fuzz build, we complete the tor fuzz build.

 That and when used with zlib you literally have no choice but to fully
 instrument the zlib build or expect zlib to to break eventually.

 I'm going to leave this here for open discussion and check in
 periodically.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33140#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list