On Feb 13, 2025, at 23:28, Daniel Gutson <danielgut...@gmail.com> wrote: > > Curious: is there any info about how this was discovered?
The bug was discovered with basic fuzz testing. As libxml2 maintainer, I found more and more issues in various iconv implementations by accident which is a strong indicator that all this code isn't tested enough. The iconv API is also trivial to fuzz, so it seemed like a nice weekend project. Nick
