Bugs in libmongocrypt mean bugs in all 12 drivers. A fuzzer will give us more coverage for odd edge cases of malformed ciphertexts, key documents, etc.
Stuart has written a guide for setting up the AFL with the C driver.
I envision we'll create small runnable examples that exercise a piece of code to run through the fuzzer. E.g. example-parse-key-document or example-parse-ciphertext.
It'd be great if we could fuzz with evergreen tasks, having the fuzzer run for a fixed period of time.
- depends on
-
MONGOCRYPT-186 Implement entry points suitable for libfuzzer
- Backlog