[openjpeg] Release cmake build type #5209
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Seems that some bugs in openjpeg can be triggered only in release mode. More specifically, I was trying to reproduce uclouvain/openjpeg#1228 using the OSS-Fuzz harness and I failed. I figured out that the bug is indeed reachable by the harness, but can be uncovered only in Release mode, otherwise, an assertion error blocks it. I guess that they use assertions only in Debug mode (WTF) and remove them in Release. So, IMO openjpeg should be fuzzed in Release mode as the configuration used in production is the one relevant for security.
|
i agree, @rouault - ok to merge? |
|
seems fine, merging for now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Seems that some bugs in openjpeg can be triggered only in release mode.
More specifically, @elManto and I were trying to reproduce uclouvain/openjpeg#1228 using the OSS-Fuzz harness and we failed.
I figured out that the bug is indeed reachable by the harness, but can be uncovered only in Release mode, otherwise, an assertion error blocks it.
I guess that they use assertions only in Debug mode (WTF) and remove them in Release.
So, IMO openjpeg should be fuzzed in Release mode as the configuration used in production is the one relevant for security.