On Mon, Apr 8, 2024 at 10:24 PM Michael Paquier <mich...@paquier.xyz> wrote: > At the end, having a way to generate JSON blobs randomly to test this > stuff would be more appealing
For the record, I'm working on an LLVM fuzzer target for the JSON parser. I think that would be a lot more useful than anything we can hand-code. But I want it to cover both the recursive and incremental code paths, and we'd need to talk about where it would live. libfuzzer is seeded with a bunch of huge incomprehensible blobs, which is something we're now trying to avoid checking in. There's also the security aspect of "what do we do when it finds something", and at that point maybe we need to look into a service like oss-fuzz. Thanks, --Jacob
