Currently fuzz tests for CQL values like FuzzCqlValueInt32 test that data == deserialize(serialize(data)). However, these kinds of tests are unlikely to find issues like panics because of missing bounds checks when parsing data, since they only try to parse valid data.
For example, CqlValue.AsStringMap seems that it will panic if the CQLValue.Value field does not have enough bytes (although I haven't tried running the function yet).
Consider adding fuzz tests that do deserialize(random bytes) and test that the parsing functions never panic for cql values as well.
Currently fuzz tests for CQL values like
FuzzCqlValueInt32
test thatdata == deserialize(serialize(data))
. However, these kinds of tests are unlikely to find issues like panics because of missing bounds checks when parsing data, since they only try to parse valid data.For example,
CqlValue.AsStringMap
seems that it will panic if the CQLValue.Value field does not have enough bytes (although I haven't tried running the function yet).Consider adding fuzz tests that do
deserialize(random bytes)
and test that the parsing functions never panic for cql values as well.