Skip to content

Add fuzzing harness for g_utf8_normalize()

Todd Carson requested to merge toc/glib:fuzz-normalize-utf8 into main

g_utf8_normalize() is potentially exposed to untrusted input, as not all applications call g_utf8_validate() first.

Add a fuzzing harness to exercise g_utf8_normalize() on both terminated and counted strings. Catch any crashes or cases where the output is different if a string is counted versus terminated.

See !3341 (merged) for an example of a crash that this can shake out.

Merge request reports