Just wanted to share a libFuzzer success story. I’d used it with Python quite a bit and found a bug some many months ago. It was never really recognized as a security issue but I gave them all kinds of time to evaluate it just in case it was determined to be.
But anyways, even non-vulnerability bugs should go in the trophy case, right?
Here’s the bug: