How is this library tested? #18
Labels
enhancement
New feature or request
Comments
|
Thanks for looking into this. Would you mind sharing your fuzzer? I'd love to improve the security aspect of the lib. |
|
I would recommend libfuzzer or AFL, I just used the example code and provided an entrypoint to be tested. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There are no tests shipped with the source code, are there internal tests and if so wouldn't it be better to ship them as well? High quality code is something that comes with tests. Memory safety is also a huge issue with this library, I wrote a small fuzzer for this library and it doesn't look too good. Considering this is supposed to replace DIA then it should at least have basic bound checks in place since people may load PDBs of untrusted sources.
Its probably best to include in the description that this library is potentially dangerous when PDBs are used from unknown sources.
The text was updated successfully, but these errors were encountered: