Summary
In this episode, Jason advocates for the essential practice of fuzz testing in C++ development. He demonstrates how fuzz testing — a technique that generates random inputs to discover vulnerabilities — can quickly identify critical bugs that static analysis tools miss. Through practical examples, including a parser with an unchecked loop and a bit rotation function with undefined behavior, he shows how fuzzing with sanitizers catches buffer overflows and integer overflows that could become security vulnerabilities. Jason argues that failing to fuzz test critical libraries might constitute negligence, as vulnerabilities that remain undiscovered by you are likely being exploited by others.
Related C++ Standard Sections
This episode covers topics found in these sections of the C++ standard:
-
[tuple.apply]40% match