Hi Kevin and the prism team,
I've submitted a PR to add prism to Google OSS-Fuzz,
Google's continuous fuzzing infrastructure for open-source projects.
OSS-Fuzz PR: google/oss-fuzz#15339
What this adds
Two fuzz targets that run 24/7 on Google's ClusterFuzz infrastructure:
| Target |
What it fuzzes |
fuzz_parse |
Prism.parse, Prism.dump, Prism.parse_stream, Prism.parse_comments |
fuzz_lex |
Prism.lex, Prism.parse_lex |
Seed corpus: 986 fixture files from prism's own test/prism/fixtures/ tree
(including version-specific subdirs and the seattlerb/whitequark/unparser edge cases).
Dictionary: Ruby keywords and operators from prism's own fuzz/dict.
Why this matters
prism is Ruby's official parser — fuzzing it continuously with AddressSanitizer and
UndefinedBehaviorSanitizer can surface memory safety issues (buffer overflows,
use-after-free, integer overflows) before they reach production.
What the OSS-Fuzz reviewers need
The reviewers typically ask the primary project maintainer to leave an LGTM comment on
the PR. If you're open to this integration, a comment on
google/oss-fuzz#15339 would be very helpful.
Happy to answer any questions or adjust the integration if you have suggestions.
Thanks!
Hi Kevin and the prism team,
I've submitted a PR to add prism to Google OSS-Fuzz,
Google's continuous fuzzing infrastructure for open-source projects.
OSS-Fuzz PR: google/oss-fuzz#15339
What this adds
Two fuzz targets that run 24/7 on Google's ClusterFuzz infrastructure:
fuzz_parsePrism.parse,Prism.dump,Prism.parse_stream,Prism.parse_commentsfuzz_lexPrism.lex,Prism.parse_lexSeed corpus: 986 fixture files from prism's own
test/prism/fixtures/tree(including version-specific subdirs and the seattlerb/whitequark/unparser edge cases).
Dictionary: Ruby keywords and operators from prism's own
fuzz/dict.Why this matters
prism is Ruby's official parser — fuzzing it continuously with AddressSanitizer and
UndefinedBehaviorSanitizer can surface memory safety issues (buffer overflows,
use-after-free, integer overflows) before they reach production.
What the OSS-Fuzz reviewers need
The reviewers typically ask the primary project maintainer to leave an LGTM comment on
the PR. If you're open to this integration, a comment on
google/oss-fuzz#15339 would be very helpful.
Happy to answer any questions or adjust the integration if you have suggestions.
Thanks!