El vie, 14 feb 2025, 07:14, Nick Wellnhofer <wellnho...@aevum.de> escribió:
> On Feb 13, 2025, at 23:28, Daniel Gutson <danielgut...@gmail.com> wrote: > > > > Curious: is there any info about how this was discovered? > > The bug was discovered with basic fuzz testing. As libxml2 maintainer, I > found more and more issues in various iconv implementations by accident > which is a strong indicator that all this code isn't tested enough. The > iconv API is also trivial to fuzz, so it seemed like a nice weekend project. > Thanks, AFL? My work is related to static checkers and linters (we will contribute an important patch to weggli soon), so I was wondering if you used something that used symbolic execution. Nice job! > Nick > >
