Closed 5225225 closed 2 years ago
Ah, turns out the existing packet
fuzzer catches this.
We clearly need a better setup for actually getting the fuzzers regular runtime...
https://google.github.io/clusterfuzzlite/running-clusterfuzzlite/ maybe? Never used it, nor have I worked with anyone who's used it. But it looks decent.
That, or get this project to be part of oss-fuzz so google fuzzes it continuously for you. Or both.
Reproduction:
cargo run --example server ./
). I suspect any server will work, but the example server is good.echo "iQAAAAEBAAAbG4QbAAAAAD8A" | base64 -d | nc -u localhost 4433
This results in
The fuzzer I used to find this (I'll make it more powerful and make a PR with it, but if I forget to, feel free to just put it in yourself) is