Skip to content

Commit

Permalink
Zip: Initial Project Proposal (#12451)
Browse files Browse the repository at this point in the history 
I am requesting permission to integrate
[zip](https://github.com/kuba--/zip) into OSSFuzz. I believe that this
project is a good candidate for OSS-Fuzz integration as it serves as a
preeminent file compression / decompression library used by many
prominent projects (Windows
[PowerToys](https://github.com/microsoft/PowerToys), The [Ring
Programming Language](https://ring-lang.github.io/), and the [V
Programming Language](https://github.com/vlang/v) to name a few). In
addition to the possibility of uncovering edge-cases and bugs in the
decompression of zip files, there is the possibility of a malicious
actor crafting a corrupted zip file that could achieve DoS or, in an
extreme case, privilege escalation and RCE.

EDIT: Please see upstream approval for integration (and listing me as
the primary contact) [here](https://github.com/kuba--/zip/issues/355)
  • Loading branch information
@capuanob
capuanob authored Oct 7, 2024
1 parent 0fe8dae commit 7c3fe25
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions projects/zip/project.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
homepage: "https://github.com/kuba--/zip"
language: c
primary_contact: "[email protected]"
main_repo: "https://github.com/kuba--/zip.git"

0 comments on commit 7c3fe25

Please sign in to comment.