You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently fuzz tests for CQL values like FuzzCqlValueInt32 test that data == deserialize(serialize(data)). However, these kinds of tests are unlikely to find issues like panics because of missing bounds checks when parsing data, since they only try to parse valid data.
For example, CqlValue.AsStringMap seems that it will panic if the CQLValue.Value field does not have enough bytes (although I haven't tried running the function yet).
Consider adding fuzz tests that do deserialize(random bytes) and test that the parsing functions never panic for cql values as well.
The text was updated successfully, but these errors were encountered:
Currently fuzz tests for CQL values like
FuzzCqlValueInt32test thatdata == deserialize(serialize(data)). However, these kinds of tests are unlikely to find issues like panics because of missing bounds checks when parsing data, since they only try to parse valid data.For example,
CqlValue.AsStringMapseems that it will panic if the CQLValue.Value field does not have enough bytes (although I haven't tried running the function yet).Consider adding fuzz tests that do
deserialize(random bytes)and test that the parsing functions never panic for cql values as well.The text was updated successfully, but these errors were encountered: