<p dir="ltr"><br>
On 30 Aug 2015 20:04, "Kostya Serebryany" <<a href="mailto:kcc@google.com">kcc@google.com</a>> wrote:<br>
><br>
><br>
> In my (biased) opinion libFuzzer is particularly well suited for this task<br>
> (fuzzing individual libraries, as opposed to fuzzing the whole postgress).<br>
> I've played with a dozen of regular expression libs and found bugs in all of them<br>
> (e.g. search for "Fuzzer" in <a href="http://vcs.pcre.org/pcre2/code/trunk/ChangeLog?view=markup&pathrev=360">http://vcs.pcre.org/pcre2/code/trunk/ChangeLog?view=markup&pathrev=360</a>)<br>
> <br>
><br>
>>><br>
>>> To do this effectively I think it would be best to invoke the fuzzer<br>
>>> from inside Postgres.<br>
><br>
><br>
> Never tied this. <br>
> Can't you just link libFuzzer with a part of the code you want to test? </p>
<p dir="ltr">The problem I'm specifically trying to tackle is that the code in question can use any of the internal postgres APIs and might have dependencies on anything in the environment.</p>
<p dir="ltr">Even the simplest cases like the date/tone parser will depends on the timezone library which is initialised at startup, the server session state which specifies the current timezone and default date format, etc. </p>
<p dir="ltr">The more interesting cases like arrays and other compound objects will depend on the internal caches of the database schema which is where it finds things like meta information about the data types stored within.</p>