libFuzzer success story

Kostya, team,

Just wanted to share a libFuzzer success story. I’d used it with Python quite a bit and found a bug some many months ago. It was never really recognized as a security issue but I gave them all kinds of time to evaluate it just in case it was determined to be.

But anyways, even non-vulnerability bugs should go in the trophy case, right?

Here’s the bug:

Thanks for the great news! Indeed, adding the the trophy list