[tor-bugs] #33140 [Core Tor]: Clusterfuzz environment flags reused for dependencies
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 3 16:39:19 UTC 2020
#33140: Clusterfuzz environment flags reused for dependencies
-----------------------------------+------------------------
Reporter: cypherpunks | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor | Version:
Severity: Normal | Resolution:
Keywords: clusterfuzz, oss-fuzz | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------+------------------------
Comment (by cypherpunks):
If tor doesn't use openssl correctly tor fails the test. Openssl is fuzzed
upstream so the instrumentation doesn't help because we don't complete the
openssl fuzz build, we complete the tor fuzz build.
That and when used with zlib you literally have no choice but to fully
instrument the zlib build or expect zlib to to break eventually.
I'm going to leave this here for open discussion and check in
periodically.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33140#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list