starred/qBittorrent

Fork 0

mirror of https://github.com/qbittorrent/qBittorrent.git synced 2026-03-02 22:57:32 -05:00

Apply to/make use of Google's OSS-Fuzz (Fuzz testing/Sanitizers) #8447

New issue

Open

opened 2026-02-21 19:37:12 -05:00 by deekerman · 15 comments

deekerman commented

2026-02-21 19:37:12 -05:00

Owner

Originally created by @necros2k7 on GitHub (Mar 9, 2019).

OSS-Fuzz: Continuous Fuzzing for Open Source Software

Apply to https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/

Fuzz testing

Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community.

In cooperation with the Core Infrastructure Initiative and the OpenSSF, OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution.

We support the libFuzzer, AFL++, and Honggfuzz fuzzing engines in combination with Sanitizers, as well as ClusterFuzz, a distributed fuzzer execution environment and reporting tool.

Currently, OSS-Fuzz supports C/C++, Rust, Go and Python code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.

Ref: https://github.com/google/oss-fuzz

Sanitizers

This project is the home for Sanitizers: AddressSanitizer, MemorySanitizer, ThreadSanitizer, LeakSanitizer, and more The actual code resides in the LLVM repository. Here we keep extended documentation, bugfixes and some helper code.

The documentation for our tools:

AddressSanitizer (detects addressability issues) and LeakSanitizer (detects memory leaks)
ThreadSanitizer (detects data races and deadlocks) for C++ and Go
MemorySanitizer (detects use of uninitialized memory)
HWASAN, or Hardware-assisted AddressSanitizer, a newer variant of AddressSanitizer that consumes much less memory
UBSan, or UndefinedBehaviorSanitizer

Ref:https://github.com/google/sanitizers

Originally created by @necros2k7 on GitHub (Mar 9, 2019). ### OSS-Fuzz: Continuous Fuzzing for Open Source Software Apply to https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/ #### Fuzz testing ---- Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community. In cooperation with the Core Infrastructure Initiative and the OpenSSF, OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution. We support the libFuzzer, AFL++, and Honggfuzz fuzzing engines in combination with Sanitizers, as well as ClusterFuzz, a distributed fuzzer execution environment and reporting tool. Currently, OSS-Fuzz supports C/C++, Rust, Go and Python code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds. ---- Ref: https://github.com/google/oss-fuzz #### Sanitizers ---- This project is the home for Sanitizers: AddressSanitizer, MemorySanitizer, ThreadSanitizer, LeakSanitizer, and more The actual code resides in the LLVM repository. Here we keep extended documentation, bugfixes and some helper code. The documentation for our tools: AddressSanitizer (detects addressability issues) and LeakSanitizer (detects memory leaks) ThreadSanitizer (detects data races and deadlocks) for C++ and Go MemorySanitizer (detects use of uninitialized memory) HWASAN, or Hardware-assisted AddressSanitizer, a newer variant of AddressSanitizer that consumes much less memory UBSan, or UndefinedBehaviorSanitizer ---- Ref:https://github.com/google/sanitizers

deekerman added the

Feature request

Project management

Code cleanup

labels

2026-02-21 19:37:12 -05:00

deekerman commented

2026-02-21 19:37:14 -05:00

Author

Owner

@xavier2k6 commented on GitHub (Mar 16, 2021):

@necros2k7 We really only allow one issue/request..... (I should close it, but.......)

Appveyor/Travis daily build in Releases tab

Elaborate on this, Do the GHA builds not suffice for you?

Update to :
libtorrent 2.0.1

WIP

OpenSSL 3

This is still in "ALPHA" Stage.

Apply to https://github.com/google/oss-fuzz

Unsure if this is required/needed.

@thalieht @FranciscoPombal thoughts?

@xavier2k6 commented on GitHub (Mar 16, 2021): @necros2k7 We really only allow one issue/request..... (I should close it, but.......) >Appveyor/Travis daily build in Releases tab Elaborate on this, Do the GHA builds not suffice for you? >Update to : libtorrent 2.0.1 WIP >OpenSSL 3 This is still in "ALPHA" Stage. >Apply to https://github.com/google/oss-fuzz Unsure if this is required/needed. @thalieht @FranciscoPombal thoughts?

deekerman commented

2026-02-21 19:37:14 -05:00

Author

Owner

@necros2k7 commented on GitHub (Mar 16, 2021):

What`s GHA builds?

@necros2k7 commented on GitHub (Mar 16, 2021): What`s GHA builds?

deekerman commented

2026-02-21 19:37:14 -05:00

Author

Owner

@sakkamade commented on GitHub (Mar 16, 2021):

Github Actions
https://github.com/qbittorrent/qBittorrent/actions

@sakkamade commented on GitHub (Mar 16, 2021): Github Actions https://github.com/qbittorrent/qBittorrent/actions

deekerman commented

2026-02-21 19:37:15 -05:00

Author

Owner

@necros2k7 commented on GitHub (Mar 17, 2021):

Github Actions
https://github.com/qbittorrent/qBittorrent/actions

can you point to actual latest binary?

@necros2k7 commented on GitHub (Mar 17, 2021): > Github Actions > https://github.com/qbittorrent/qBittorrent/actions can you point to actual latest binary?

deekerman commented

2026-02-21 19:37:15 -05:00

Author

Owner

@thalieht commented on GitHub (Mar 17, 2021):

can you point to actual latest binary?

In that list, which is sorted by time, if the middle column says "master" (or first column starts with "Merged pull request...") that is the latest change that was accepted and merged in master branch (which contains all changes since the last release). Every change comes in pairs of 2 lines. Pick the one that doesn't mention "file health", go down to "Artifacts" and dl what you want.

@thalieht commented on GitHub (Mar 17, 2021): >can you point to actual latest binary? In that list, which is sorted by time, if the middle column says "master" (or first column starts with "Merged pull request...") that is the latest change that was accepted and merged in master branch (which contains all changes since the last release). Every change comes in pairs of 2 lines. Pick the one that doesn't mention "file health", go down to "Artifacts" and dl what you want.

deekerman commented

2026-02-21 19:37:15 -05:00

Author

Owner

@xavier2k6 commented on GitHub (Mar 17, 2021):

can you point to actual latest binary?

In that list, which is sorted by time, if the middle column says "master" (or first column starts with "Merged pull request...") that is the latest change that was accepted and merged in master branch (which contains all changes since the last release). Every change comes in pairs of 2 lines. Pick the one that doesn't mention "file health", go down to "Artifacts" and dl what you want.

Simply get the newest/latest "master" that will always appear at the top of this list from below link (this excludes the "file health"):
https://github.com/qbittorrent/qBittorrent/actions/workflows/ci.yaml?query=branch%3Amaster

Click the newest/latest "Merge pull request #..... from"
Scroll down to Artifacts
Click on relevant named file for "Your OS" e.g. if running windows -> qBittorrent-CI_Windows-x64

@xavier2k6 commented on GitHub (Mar 17, 2021): > > can you point to actual latest binary? > > In that list, which is sorted by time, if the middle column says "master" (or first column starts with "Merged pull request...") that is the latest change that was accepted and merged in master branch (which contains all changes since the last release). Every change comes in pairs of 2 lines. Pick the one that doesn't mention "file health", go down to "Artifacts" and dl what you want. Simply get the newest/latest "master" that will always appear at the top of this list from below link (this excludes the "file health"): https://github.com/qbittorrent/qBittorrent/actions/workflows/ci.yaml?query=branch%3Amaster - Click the newest/latest **"Merge pull request #..... from"** - Scroll down to **Artifacts** - Click on relevant named file for **"Your OS"** e.g. if running windows -> `qBittorrent-CI_Windows-x64`

deekerman commented

2026-02-21 19:37:15 -05:00

Author

Owner

@xavier2k6 commented on GitHub (Mar 17, 2021):

@necros2k7 This should basically cover all from https://github.com/qbittorrent/qBittorrent/issues/10360#issuecomment-800354697 except for the OSS-Fuzz request.

The OSS-Fuzz request is legitimate enough & I would probably suggest to create a "new issue" for that & close this if you are satisfied that your previous needs have been fulfilled?!

@thalieht If necros2k7 creates a "new issue" for the OSS-Fuzz request we could potentially close #5449 in favour of it?

@xavier2k6 commented on GitHub (Mar 17, 2021): @necros2k7 This should basically cover all from https://github.com/qbittorrent/qBittorrent/issues/10360#issuecomment-800354697 except for the `OSS-Fuzz` request. The `OSS-Fuzz` request is legitimate enough & I would probably suggest to create a "new issue" for that & close this if you are satisfied that your previous needs have been fulfilled?! @thalieht If necros2k7 creates a "new issue" for the `OSS-Fuzz` request we could potentially close #5449 in favour of it?

deekerman commented

2026-02-21 19:37:15 -05:00

Author

Owner

@thalieht commented on GitHub (Mar 17, 2021):

@thalieht If necros2k7 creates a "new issue" for the OSS-Fuzz request we could potentially close #5449 in favour of it?

I don't know, are they the same thing?

@thalieht commented on GitHub (Mar 17, 2021): >@thalieht If necros2k7 creates a "new issue" for the OSS-Fuzz request we could potentially close #5449 in favour of it? I don't know, are they the same thing?

deekerman commented

2026-02-21 19:37:15 -05:00

Author

Owner

@necros2k7 commented on GitHub (Mar 17, 2021):

@necros2k7 This should basically cover all from #10360 (comment) except for the OSS-Fuzz request.

The OSS-Fuzz request is legitimate enough & I would probably suggest to create a "new issue" for that & close this if you are satisfied that your previous needs have been fulfilled?!

@thalieht If necros2k7 creates a "new issue" for the OSS-Fuzz request we could potentially close #5449 in favour of it?

Last time I posted feat.req. for OSS Fuzz on some of my favorite projects - Github tried to ban me for spam, and during week I explained what I meant with techsup., so sorry I can`t make new issue) If anyone likes pls do.

@necros2k7 commented on GitHub (Mar 17, 2021): > > > @necros2k7 This should basically cover all from [#10360 (comment)](https://github.com/qbittorrent/qBittorrent/issues/10360#issuecomment-800354697) except for the `OSS-Fuzz` request. > > The `OSS-Fuzz` request is legitimate enough & I would probably suggest to create a "new issue" for that & close this if you are satisfied that your previous needs have been fulfilled?! > > @thalieht If necros2k7 creates a "new issue" for the `OSS-Fuzz` request we could potentially close #5449 in favour of it? Last time I posted feat.req. for OSS Fuzz on some of my favorite projects - Github tried to ban me for spam, and during week I explained what I meant with techsup., so sorry I can`t make new issue) If anyone likes pls do.

deekerman commented

2026-02-21 19:37:15 -05:00

Author

Owner

@necros2k7 commented on GitHub (Mar 17, 2021):

@thalieht If necros2k7 creates a "new issue" for the OSS-Fuzz request we could potentially close #5449 in favour of it?

I don't know, are they the same thing?

OSS fuzz is free service as I undersand and AFL is app, so maybe it can be beneficial to merge these two into something "Fuzzing" named issue

@necros2k7 commented on GitHub (Mar 17, 2021): > > > > @thalieht If necros2k7 creates a "new issue" for the OSS-Fuzz request we could potentially close #5449 in favour of it? > > I don't know, are they the same thing? OSS fuzz is free service as I undersand and AFL is app, so maybe it can be beneficial to merge these two into something "Fuzzing" named issue

deekerman commented

2026-02-21 19:37:15 -05:00

Author

Owner

@xavier2k6 commented on GitHub (Mar 18, 2021):

@thalieht

I don't know, are they the same thing?

OSS-Fuzz currently uses AFL but are replacing/integrating AFL++

Ref.:
Integrate afl++ with OSS-Fuzz, deprecate vanilla afl.

@xavier2k6 commented on GitHub (Mar 18, 2021): @thalieht >I don't know, are they the same thing? `OSS-Fuzz` currently uses AFL but are replacing/integrating AFL++ Ref.: [Integrate afl++ with OSS-Fuzz, deprecate vanilla afl.](https://github.com/google/oss-fuzz/issues/4280)

deekerman commented

2026-02-21 19:37:15 -05:00

Author

Owner

@thalieht commented on GitHub (Mar 18, 2021):

Guess we can close the other issue then.

@thalieht commented on GitHub (Mar 18, 2021): Guess we can close the other issue then.

deekerman commented

2026-02-21 19:37:15 -05:00

Author

Owner

@necros2k7 commented on GitHub (Mar 18, 2021):

So I guess there is no need in OSSfuzz? Just correct AFL++ setup?

@necros2k7 commented on GitHub (Mar 18, 2021): So I guess there is no need in OSSfuzz? Just correct AFL++ setup?

deekerman commented

2026-02-21 19:37:15 -05:00

Author

Owner

@xavier2k6 commented on GitHub (Mar 19, 2021):

So I guess there is no need in OSSfuzz? Just correct AFL++ setup?

I believe there is a need for it or to at least implement our own parts of what is on offer......

OSSfuzz also includes sanitizers (AddressSanitizer, MemorySanitizer, ThreadSanitizer, LeakSanitizer) so I think overall this would be a good idea to look in to more thoroughly indeed.

@xavier2k6 commented on GitHub (Mar 19, 2021): > So I guess there is no need in OSSfuzz? Just correct AFL++ setup? I believe there is a need for it or to at least implement our own parts of what is on offer...... `OSSfuzz` also includes `sanitizers` (AddressSanitizer, MemorySanitizer, ThreadSanitizer, LeakSanitizer) so I think overall this would be a good idea to look in to more thoroughly indeed.

deekerman commented

2026-02-21 19:37:15 -05:00

Author

Owner

@xavier2k6 commented on GitHub (May 23, 2025):

ANNOUNCEMENT!

For anybody coming across this "Feature Request" & would like/love to see a potential implementation in the future!
Here are some options available to you:

Please select/click the 👍 &/or ❤ reactions in the original/opening post of this ticket.
Please feel free (If you have the "skillset") to create a "Pull Request" implementing what's being requested in this ticket.
(new/existing contributors/developers are always welcome)

DO:

Provide constructive feedback.
Display how other projects implemented same/similar etc.

DO NOT:

Add a "Bump", "me too", "2nd/3rd" etc. or "criticizing" comment(s).
(These will be disregarded/hidden as "spam/abuse/off-topic" etc. as they don't provide anything constructive.)

@xavier2k6 commented on GitHub (May 23, 2025): ## ANNOUNCEMENT! For anybody coming across this **_"Feature Request"_** & would like/love to see a potential implementation in the future! **Here are some options available to you:** 1. Please select/click the 👍 **&/or** ❤ `reactions` in the original/opening post of this ticket. 2. Please feel free _(If you have the "skillset")_ to create a **_"Pull Request"_** implementing what's being requested in this ticket. **_(new/existing contributors/developers are always welcome)_** ____ **DO:** * Provide constructive feedback. * Display how other projects implemented same/similar etc. **DO NOT:** * Add a "Bump", "me too", "2nd/3rd" etc. or "criticizing" comment(s). **(These will be disregarded/hidden as "spam/abuse/off-topic" etc. as they don't provide anything constructive.)**