{"id":13367108,"url":"https://github.com/dvyukov/Go-fuzz","last_synced_at":"2025-03-12T18:31:59.135Z","repository":{"id":30441026,"uuid":"33994380","full_name":"dvyukov/go-fuzz","owner":"dvyukov","description":"Randomized testing for Go","archived":false,"fork":false,"pushed_at":"2024-09-24T07:00:22.000Z","size":5571,"stargazers_count":4811,"open_issues_count":58,"forks_count":279,"subscribers_count":84,"default_branch":"master","last_synced_at":"2025-03-11T12:46:48.631Z","etag":null,"topics":["fuzzing","go","testing"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dvyukov.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-04-15T13:07:50.000Z","updated_at":"2025-03-08T13:38:13.000Z","dependencies_parsed_at":"2023-12-14T15:47:20.130Z","dependency_job_id":"ee3ccc9a-800e-4c72-ac8b-5a6f24147eca","html_url":"https://github.com/dvyukov/go-fuzz","commit_stats":{"total_commits":760,"total_committers":85,"mean_commits":8.941176470588236,"dds":0.3236842105263158,"last_synced_commit":"b1ce7bc07150b190caefe82a3313a3a0a23aff6d"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvyukov%2Fgo-fuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvyukov%2Fgo-fuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvyukov%2Fgo-fuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvyukov%2Fgo-fuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dvyukov","download_url":"https://codeload.github.com/dvyukov/go-fuzz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243271460,"owners_count":20264462,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzzing","go","testing"],"created_at":"2024-07-30T00:01:38.672Z","updated_at":"2025-03-12T18:31:59.106Z","avatar_url":"https://github.com/dvyukov.png","language":"Go","funding_links":[],"categories":["测试","測試"],"sub_categories":["高级控制台界面","高級控制台界面"],"readme":"# go-fuzz: randomized testing for Go\n\nGo-fuzz is a coverage-guided [fuzzing solution](http://en.wikipedia.org/wiki/Fuzz_testing) for testing of Go packages.\nFuzzing is mainly applicable to packages that parse complex inputs (both text\nand binary), and is especially useful for hardening of systems that parse inputs\nfrom potentially malicious users (e.g. anything accepted over a network).\n\n**Note:** go-fuzz has recently added preliminary support for fuzzing [Go Modules](https://github.com/golang/go/wiki/Modules).  See the [section below](https://github.com/dvyukov/go-fuzz/blob/master/README.md#modules-support) for more details. \nIf you encounter a problem with modules, please file an issue with details. A workaround might be to disable modules via `export GO111MODULE=off`.\n\n## Usage\n\nFirst, you need to write a test function of the form:\n```go\nfunc Fuzz(data []byte) int\n```\nData is a random input generated by go-fuzz, note that in most cases it is\ninvalid. The function must return 1 if the fuzzer should increase priority\nof the given input during subsequent fuzzing (for example, the input is\nlexically correct and was parsed successfully); -1 if the input must not be\nadded to corpus even if gives new coverage; and 0 otherwise; other values are\nreserved for future use.\n\nThe `Fuzz` function must be in a package that `go-fuzz` can import. This means\nthe code you want to test can't be in package `main`.  Fuzzing `internal`\npackages is supported, however.\n\nIn its basic form the Fuzz function just parses the input, and\ngo-fuzz ensures that it does not panic, crash the program, allocate insane\namount of memory nor hang. Fuzz function can also do application-level checks,\nwhich will make testing more efficient (discover more bugs). For example,\nFuzz function can serialize all inputs that were successfully deserialized,\nthus ensuring that serialization can handle everything deserialization can\nproduce. Or, Fuzz function can deserialize-serialize-deserialize-serialize\nand check that results of first and second serialization are equal. Or, Fuzz\nfunction can feed the input into two different implementations (e.g. dumb and\noptimized) and check that the output is equal. To communicate application-level\nbugs Fuzz function should panic (os.Exit(1) will work too, but panic message\ncontains more info). Note that Fuzz function should not output to stdout/stderr,\nit will slow down fuzzing and nobody will see the output anyway. The exception\nis printing info about a bug just before panicking.\n\nHere is an example of a simple Fuzz function for image/png package:\n```go\npackage png\n\nimport (\n\t\"bytes\"\n\t\"image/png\"\n)\n\nfunc Fuzz(data []byte) int {\n\tpng.Decode(bytes.NewReader(data))\n\treturn 0\n}\n```\n\nA more useful Fuzz function would look like:\n```go\nfunc Fuzz(data []byte) int {\n\timg, err := png.Decode(bytes.NewReader(data))\n\tif err != nil {\n\t\tif img != nil {\n\t\t\tpanic(\"img != nil on error\")\n\t\t}\n\t\treturn 0\n\t}\n\tvar w bytes.Buffer\n\terr = png.Encode(\u0026w, img)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\treturn 1\n}\n```\n\nThe second step is collection of initial input corpus. Ideally, files in the\ncorpus are as small as possible and as diverse as possible. You can use inputs\nused by unit tests and/or generate them. For example, for an image decoding\npackage you can encode several small bitmaps (black, random noise, white with\nfew non-white pixels) with different levels of compressions and use that as the\ninitial corpus. Go-fuzz will deduplicate and minimize the inputs. So throwing in\na thousand of inputs is fine, diversity is more important.\n\nPut the initial corpus into the workdir/corpus directory (in our case\n```examples/png/corpus```). Go-fuzz will add own inputs to the corpus directory.\nConsider committing the generated inputs to your source control system, this\nwill allow you to restart go-fuzz without losing previous work.\n\nThe [go-fuzz-corpus repository](https://github.com/dvyukov/go-fuzz-corpus) contains \na bunch of examples of test functions and initial input corpuses for various packages.\n\nThe next step is to get go-fuzz:\n\n```\n$ go install github.com/dvyukov/go-fuzz/go-fuzz@latest github.com/dvyukov/go-fuzz/go-fuzz-build@latest\n```\n\nThen, download the corpus and build the test program with necessary instrumentation:\n```\n$ git clone https://github.com/dvyukov/go-fuzz-corpus.git\n$ cd go-fuzz-corpus\n$ cd png\n$ go-fuzz-build\n```\nThis will produce png-fuzz.zip archive.\n\nNow we are ready to go:\n```\n$ go-fuzz\n```\n\nGo-fuzz will generate and test various inputs in an infinite loop. Workdir is\nused to store persistent data like current corpus and crashers, it allows fuzzer\nto continue after restart. Discovered bad inputs are stored in workdir/crashers\ndir; where file without a suffix contains binary input, file with .quoted suffix\ncontains quoted input that can be directly copied into a reproducer program or a\ntest, file with .output suffix contains output of the test on this input. Every\nfew seconds go-fuzz prints logs to stderr of the form:\n```\n2015/04/25 12:39:53 workers: 500, corpus: 186 (42s ago), crashers: 3,\n     restarts: 1/8027, execs: 12009519 (121224/sec), cover: 2746, uptime: 1m39s\n```\nWhere ```workers``` means number of tests running in parallel (set with -procs\nflag). ```corpus``` is current number of interesting inputs the fuzzer has\ndiscovered, time in brackets says when the last interesting input was\ndiscovered. ```crashers``` is number of discovered bugs (check out\nworkdir/crashers dir). ```restarts``` is the rate with which the fuzzer restarts\ntest processes. The rate should be close to 1/10000 (which is the planned\nrestart rate); if it is considerably higher than 1/10000, consider fixing already\ndiscovered bugs which lead to frequent restarts. ```execs``` is total number of\ntest executions, and the number in brackets is the average speed of test\nexecutions. ```cover``` is number of bits set in a hashed coverage bitmap, if this number\ngrows fuzzer uncovers new lines of code; size of the bitmap is 64K; ideally ```cover```\nvalue should be less than ~5000, otherwise fuzzer can miss new interesting inputs\ndue to hash collisions. And finally ```uptime``` is uptime of the process. This same\ninformation is also served via http (see the ```-http``` flag).\n\n## Modules support\n\ngo-fuzz has preliminary support for fuzzing [Go Modules](https://github.com/golang/go/wiki/Modules). \ngo-fuzz respects the standard `GO111MODULE` environment variable, which can be set to `on`, `off`, or `auto`. \n\ngo-fuzz-build will add a `require` for `github.com/dvyukov/go-fuzz` to your go.mod. If desired, you may remove this once the build is complete.\n\nVendoring with modules is not yet supported. A `vendor` directory will be ignored, and go-fuzz will report an error if `GOFLAGS=-mod=vendor` is set.\n\nNote that while modules are used to prepare the build, the final instrumented build is still done in GOPATH mode.\nFor most modules, this should not matter.\n\n## libFuzzer support\n\ngo-fuzz-build can also generate an archive file\nthat can be used with [libFuzzer](https://llvm.org/docs/LibFuzzer.html)\ninstead of go-fuzz (requires linux).\n\nSample usage:\n\n```\n$ cd $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/fmt\n$ go-fuzz-build -libfuzzer  # produces fmt.a\n$ clang -fsanitize=fuzzer fmt.a -o fmt.libfuzzer\n$ ./fmt.libfuzzer\n```\n\nWhen run with `-libfuzzer`, go-fuzz-build adds the additional build tag\n`gofuzz_libfuzzer` when building code.\n\n## Continuous Fuzzing\n\nJust as unit-testing, fuzzing is better done continuously.\n\nCurrently there are 2 services that offer continuous fuzzing based on go-fuzz:\n\n- [gitlab.com](https://gitlab.com) ([tutorial](https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/))\n- [fuzzbuzz.io](https://fuzzbuzz.io/) ([tutorial](https://docs.fuzzbuzz.io/getting-started/find-your-first-bug-in-go))\n\n## Random Notes\n\ngo-fuzz-build builds the program with gofuzz build tag, this allows to put the\nFuzz function implementation directly into the tested package, but exclude it\nfrom normal builds with ```// +build gofuzz``` directive.\n\nIf your inputs contain a checksum, it can make sense to append/update the checksum\nin the ```Fuzz``` function. The chances that go-fuzz will generate the correct\nchecksum are very low, so most work will be in vain otherwise.\n\nGo-fuzz can utilize several machines. To do this, start the coordinator process\nseparately:\n```\n$ go-fuzz -workdir=examples/png -coordinator=127.0.0.1:8745\n```\nIt will manage persistent corpus and crashers and coordinate work of worker processes.\nThen run one or more worker processes as:\n```\n$ go-fuzz -bin=./png-fuzz.zip -worker=127.0.0.1:8745 -procs=10\n```\n\n## External Articles\n\n- [go-fuzz github.com/arolek/ase](https://medium.com/@dgryski/go-fuzz-github-com-arolek-ase-3c74d5a3150c): A step-by-step tutorial\n- [DNS parser, meet Go fuzzer](https://blog.cloudflare.com/dns-parser-meet-go-fuzzer/): A success story with suggestions on how to write the ```Fuzz``` function\n- [Automated Testing with go-fuzz](https://speakerdeck.com/filosottile/automated-testing-with-go-fuzz)\n- [Going down the rabbit hole with go-fuzz](https://mijailovic.net/2017/07/29/go-fuzz/)\n- [Fuzzing markdown parser with go-fuzz](https://blog.kowalczyk.info/article/n/fuzzing-markdown-parser-written-in-go.html)\n\n## History rewrite\n\ngo-fuzz repository history was recently rewritten to exclude examples directory\nto reduce total repository size and download time (see\n[#88](https://github.com/dvyukov/go-fuzz/issues/88),\n[#114](https://github.com/dvyukov/go-fuzz/issues/114) and\nhttps://github.com/dvyukov/go-fuzz-corpus). Unfortunately, that means that\n`go get -u` command will fail if you had a previous version installed.\nPlease remove $GOPATH/github.com/dvyukov/go-fuzz before running `go get` again.\n\n## Credits and technical details\n\nGo-fuzz fuzzing logic is heavily based on [american fuzzy lop](http://lcamtuf.coredump.cx/afl/),\nso refer to [AFL readme](http://lcamtuf.coredump.cx/afl/README.txt) if you are\ninterested in technical details. AFL is written and maintained by\n[Michal Zalewski](http://lcamtuf.coredump.cx/). Some of the mutations employed\nby go-fuzz are inspired by work done by Mateusz Jurczyk, Gynvael Coldwind and\n[Felix Gröbert](https://twitter.com/fel1x).\n\n## Trophies\n\n- [spec: non-integral constant can be converted to int](https://github.com/golang/go/issues/11350) **fixed**\n- [cmd/compile: out of fixed registers](https://github.com/golang/go/issues/11352) **fixed**\n- [cmd/compile: truncates constants](https://github.com/golang/go/issues/11326) **fixed**\n- [cmd/compile: overflow in int -\u003e string](https://github.com/golang/go/issues/11330) **fixed**\n- [cmd/compile: bad HMUL](https://github.com/golang/go/issues/11358) **fixed**\n- [cmd/compile: treecopy Name](https://github.com/golang/go/issues/11361) **fixed**\n- [cmd/compile: accepts invalid identifiers](https://github.com/golang/go/issues/11359) **fixed**\n- [cmd/compile: hangs compiling hex fp constant](https://github.com/golang/go/issues/11364) **fixed**\n- [cmd/compile: mishandles int-\u003ecomplex conversion](https://github.com/golang/go/issues/11365) **fixed**\n- [cmd/compile: allows to define blank methods on builtin types](https://github.com/golang/go/issues/11366) **fixed**\n- [cmd/compile: mis-calculates a constant](https://github.com/golang/go/issues/11369) **fixed**\n- [cmd/compile: interface conversion panic](https://github.com/golang/go/issues/11540) **fixed**\n- [cmd/compile: nil pointer dereference](https://github.com/golang/go/issues/11588) **fixed**\n- [cmd/compile: nil pointer dereference (2)](https://github.com/golang/go/issues/11666) **fixed**\n- [cmd/compile: internal compiler error: plain block b3 len(Succs)==2, want 1](https://github.com/golang/go/issues/11589) **fixed**\n- [cmd/compile: internal compiler error: b3.Succs has duplicate block b3](https://github.com/golang/go/issues/11593) **fixed**\n- [cmd/compile: internal compiler error: newname nil](https://github.com/golang/go/issues/11610) **fixed**\n- [cmd/compile: accepts invalid function type](https://github.com/golang/go/issues/11595) **fixed**\n- [cmd/compile: internal compiler error: getinarg: not a func int](https://github.com/golang/go/issues/11596) **fixed**\n- [cmd/compile: hangs converting int const to complex64](https://github.com/golang/go/issues/11597) **fixed**\n- [cmd/compile: nil deref in error message](https://github.com/golang/go/issues/11614) **fixed**\n- [cmd/compile: use of untyped nil in switch](https://github.com/golang/go/issues/11668) **fixed**\n- [cmd/compile: implicitly converts complex constant to integer](https://github.com/golang/go/issues/11669) **fixed**\n- [cmd/compile: assignment to entry in nil map](https://github.com/golang/go/issues/11670) **fixed**\n- [cmd/compile: does not diagnose constant division by zero](https://github.com/golang/go/issues/11674) **fixed**\n- [cmd/compile: does not detect a missing return](https://github.com/golang/go/issues/11698) **fixed**\n- [cmd/compile: symbol \"\"._.args_stackmap listed multiple times](https://github.com/golang/go/issues/11699) **fixed**\n- [cmd/compile: \"0\"[0] should not be a constant](https://github.com/golang/go/issues/11370) **fixed**\n- [cmd/compile: unexpected %!(NOVERB)](https://github.com/golang/go/issues/13266) **fixed**\n- [cmd/compile: wrong line number in error message](https://github.com/golang/go/issues/13267) **fixed**\n- [cmd/compile: not-deterministic output](https://github.com/golang/go/issues/13268) **fixed**\n- [cmd/compile: parsing problem](https://github.com/golang/go/issues/13270) **fixed**\n- [cmd/compile: compiles incorrect program](https://github.com/golang/go/issues/13272) **fixed**\n- [cmd/compile: does not compile correct program](https://github.com/golang/go/issues/13273)\n- [cmd/compile: compiles incorrect program (2)](https://github.com/golang/go/issues/13274) **fixed**\n- [cmd/compile: internal compiler error: want FUNC, but have int](https://github.com/golang/go/issues/17038) **fixed**\n- [cmd/compile: nil deref](https://github.com/golang/go/issues/24447) **fixed**\n- [cmd/asm: index out of range](https://github.com/golang/go/issues/11759) **fixed**\n- [cmd/asm: index out of range (2)](https://github.com/golang/go/issues/12466) **fixed**\n- [cmd/asm: index out of range (3)](https://github.com/golang/go/issues/12467) **fixed**\n- [cmd/asm: index out of range (4)](https://github.com/golang/go/issues/12657) **fixed**\n- [cmd/asm: slice bounds out of range](https://github.com/golang/go/issues/11760) **fixed**\n- [cmd/asm: hang](https://github.com/golang/go/issues/11764) **fixed**\n- [cmd/asm: hang (2)](https://github.com/golang/go/issues/12469) **fixed**\n- [cmd/asm: hang (3)](https://github.com/golang/go/issues/12656) **fixed**\n- [cmd/asm: nil deref](https://github.com/golang/go/issues/11765) **fixed**\n- [cmd/asm: nil deref (2)](https://github.com/golang/go/issues/12468) **fixed**\n- [cmd/asm: nil deref (3)](https://github.com/golang/go/issues/12614) **fixed**\n- [cmd/asm: nil deref (4)](https://github.com/golang/go/issues/12627) **fixed**\n- [cmd/asm: nil deref (5)](https://github.com/golang/go/issues/12655) **fixed**\n- [cmd/asm: cannot happen: slice col](https://github.com/golang/go/issues/12654) **fixed**\n- [cmd/asm: unactionable \"invalid local variable type 0\"](https://github.com/golang/go/issues/12658)\n- [internal/trace: index out of range](https://github.com/golang/go/issues/11766) **fixed**\n- [internal/trace: index out of range (2)](https://github.com/golang/go/issues/11769) **fixed**\n- [internal/trace: nil deref](https://github.com/golang/go/issues/11767) **fixed**\n- [internal/trace: nil deref (2)](https://github.com/golang/go/issues/11770) **fixed**\n- [fmt: Printf loops on invalid verb spec](https://github.com/golang/go/issues/10674) **fixed**\n- [fmt: incorrect overflow detection](https://github.com/golang/go/issues/10695) **fixed**\n- [fmt: index out of range](https://github.com/golang/go/issues/10675) **fixed**\n- [fmt: index out of range (2)](https://github.com/golang/go/issues/10745) **fixed**\n- [fmt: index out of range (3)](https://github.com/golang/go/issues/10770) **fixed**\n- [fmt: index out of range (4)](https://github.com/golang/go/issues/10771) **fixed**\n- [fmt: index out of range (5)](https://github.com/golang/go/issues/10945) **fixed**\n- [fmt: index out of range (6)](https://github.com/golang/go/issues/11376) **fixed**\n- [regexp: slice bounds out of range](https://github.com/golang/go/issues/11176) **fixed**\n- [regexp: slice bounds out of range (2)](https://github.com/golang/go/issues/11178) **fixed**\n- [regexp: LiteralPrefix lies about completeness](https://github.com/golang/go/issues/11172)\n- [regexp: LiteralPrefix lies about completeness (2)](https://github.com/golang/go/issues/11175)\n- [regexp: POSIX regexp takes 4 seconds to execute](https://github.com/golang/go/issues/11181)\n- [regexp: confusing behavior on invalid utf-8 sequences](https://github.com/golang/go/issues/11185)\n- [regexp: considers \"\\Q\\E*\" as valid regexp](https://github.com/golang/go/issues/11187) **fixed**\n- [time: allows signs for year/tz in format string](https://github.com/golang/go/issues/11128)\n- [time: RFC3339 time.Parse can not parse string that come from time.Format](https://github.com/golang/go/issues/20555)\n- [time: Parse panic: runtime error: index out of range](https://github.com/golang/go/issues/21113) **fixed**\n- [math/big: incorrect string-\u003eFloat conversion](https://github.com/golang/go/issues/11341) **fixed**\n- [math/big: MakeFromLiteral with 0 mantissa and large exponent hangs](https://github.com/golang/go/issues/16176) **fixed**\n- [net/http: can't send star request](https://github.com/golang/go/issues/11202) **fixed**\n- [net/http: allows empty header names](https://github.com/golang/go/issues/11205) **fixed**\n- [net/http: allows invalid characters in header values](https://github.com/golang/go/issues/11207) **fixed**\n- [net/http: allows %-encoding after \\[\\]](https://github.com/golang/go/issues/11208) **fixed**\n- [net/mail: ParseAddress/String corrupt address](https://github.com/golang/go/issues/11292) **fixed**\n- [net/mail: parses invalid address](https://github.com/golang/go/issues/11293) **fixed**\n- [net/mail: fails to escape address](https://github.com/golang/go/issues/11294) **fixed**\n- [net/textproto: fails to trim header value](https://github.com/golang/go/issues/11204) **fixed**\n- [archive/zip: cap out of range](https://github.com/golang/go/issues/10956) **fixed**\n- [archive/zip: bad file size](https://github.com/golang/go/issues/10957) **fixed**\n- [archive/zip: unexpected EOF](https://github.com/golang/go/issues/11144) **fixed**\n- [archive/zip: file with wrong checksum is successfully decompressed](https://github.com/golang/go/issues/11146) **fixed**\n- [archive/zip: unexpected EOF when reading archive](https://github.com/golang/go/issues/12449) **fixed**\n- [archive/tar: slice bounds out of range](https://github.com/golang/go/issues/10959) **fixed**\n- [archive/tar: slice bounds out of range (2)](https://github.com/golang/go/issues/10960) **fixed**\n- [archive/tar: slice bounds out of range (3)](https://github.com/golang/go/issues/10966) **fixed**\n- [archive/tar: slice bounds out of range (4)](https://github.com/golang/go/issues/10967) **fixed**\n- [archive/tar: slice bounds out of range (5)](https://github.com/golang/go/issues/11167) **fixed**\n- [archive/tar: deadly hang](https://github.com/golang/go/issues/10968) **fixed**\n- [archive/tar: invalid memory address or nil pointer dereference](https://github.com/golang/go/issues/11168) **fixed**\n- [archive/tar: invalid memory address or nil pointer dereference (2)](https://github.com/golang/go/issues/12435) **fixed**\n- [archive/tar: Reader.Next returns nil header](https://github.com/golang/go/issues/11169) **fixed**\n- [archive/tar: Writer incorrectly encodes header data](https://github.com/golang/go/issues/11171) **fixed**\n- [archive/tar: incorrectly claims huge file size](https://github.com/golang/go/issues/12434)\n- [archive/tar: reader returns bogus headers](https://github.com/golang/go/issues/12436) **fixed**\n- [encoding/gob: panic: drop](https://github.com/golang/go/issues/10272) **fixed**\n- [encoding/gob: makeslice: len out of range](https://github.com/golang/go/issues/10273) [3 bugs] **fixed**\n- [encoding/gob: stack overflow](https://github.com/golang/go/issues/10415) **fixed**\n- [encoding/gob: excessive memory consumption](https://github.com/golang/go/issues/10490) **fixed**\n- [encoding/gob: decoding hangs](https://github.com/golang/go/issues/10491) **fixed**\n- [encoding/gob: pointers to zero values are not initialized in Decode](https://github.com/golang/go/issues/11119)\n- [encoding/gob: crash on malicious input](https://github.com/golang/go/issues/24447)\n- [encoding/xml: allows invalid comments](https://github.com/golang/go/issues/11112)\n- [encoding/json: detect circular data structures when encoding](https://github.com/golang/go/issues/10769)\n- [encoding/asn1: index out of range](https://github.com/golang/go/issues/11129) **fixed**\n- [encoding/asn1: incorrectly handles incorrect utf8 strings](https://github.com/golang/go/issues/11126) **fixed**\n- [encoding/asn1: slice is lost during marshal/unmarshal](https://github.com/golang/go/issues/11130) **fixed**\n- [encoding/asn1: call of reflect.Value.Type on zero Value](https://github.com/golang/go/issues/11127) **fixed**\n- [encoding/asn1: Unmarshal accepts negative dates](https://github.com/golang/go/issues/11134) **fixed**\n- [encoding/pem: can't decode encoded message](https://github.com/golang/go/issues/10980) **fixed**\n- [crypto:x509: input not full blocks](https://github.com/golang/go/issues/11215) **fixed**\n- [crypto/x509: division by zero](https://github.com/golang/go/issues/11233) **fixed**\n- [image/jpeg: unreadByteStuffedByte call cannot be fulfilled](https://github.com/golang/go/issues/10387) **fixed**\n- [image/jpeg: index out of range](https://github.com/golang/go/issues/10388) **fixed**\n- [image/jpeg: invalid memory address or nil pointer dereference](https://github.com/golang/go/issues/10389) **fixed**\n- [image/jpeg: Decode hangs](https://github.com/golang/go/issues/10413) **fixed**\n- [image/jpeg: excessive memory usage](https://github.com/golang/go/issues/10532) **fixed**\n- [image/png: slice bounds out of range](https://github.com/golang/go/issues/10414) **fixed**\n- [image/png: slice bounds out of range (2)](https://github.com/golang/go/issues/12545) **fixed**\n- [image/png: interface conversion: color.Color is color.NRGBA, not color.RGBA](https://github.com/golang/go/issues/10423) **fixed**\n- [image/png: nil deref](https://github.com/golang/go/issues/10493) **fixed**\n- [image/gif: image block is out of bounds](https://github.com/golang/go/issues/10676) **fixed**\n- [image/gif: Decode returns an image with empty palette](https://github.com/golang/go/issues/11150) **fixed**\n- [image/gif: LoopCount changes on round trip](https://github.com/golang/go/issues/11287) **fixed**\n- [image/gif: Disposal is corrupted after round trip](https://github.com/golang/go/issues/11288)\n- [image/gif: EOF instead of UnexpectedEOF](https://github.com/golang/go/issues/11390)\n- [compress/flate: hang](https://github.com/golang/go/issues/10426) **fixed**\n- [compress/lzw: compress/decompress corrupts data](https://github.com/golang/go/issues/11142) **fixed**\n- [text/template: leaks goroutines on errors](https://github.com/golang/go/issues/10574#ref-issue-71873016)\n- [text/template: Call using string as type int](https://github.com/golang/go/issues/10800) **fixed**\n- [text/template: Call using complex128 as type string](https://github.com/golang/go/issues/10946) **fixed**\n- [text/template: stack overflow](https://github.com/golang/go/issues/15618)\n- [html/template: unidentified node type in allIdents](https://github.com/golang/go/issues/10610) **fixed**\n- [html/template: unidentified node type in allIdents (2)](https://github.com/golang/go/issues/10801) **fixed**\n- [html/template: unidentified node type in allIdents (3)](https://github.com/golang/go/issues/11118) **fixed**\n- [html/template: unidentified node type in allIdents (4)](https://github.com/golang/go/issues/11356) **fixed**\n- [html/template: escaping {{else}} is unimplemented](https://github.com/golang/go/issues/10611) **fixed**\n- [html/template: runtime error: slice bounds out of range](https://github.com/golang/go/issues/10612) **fixed**\n- [html/template: runtime error: slice bounds out of range (2)](https://github.com/golang/go/issues/10613) **fixed**\n- [html/template: invalid memory address or nil pointer dereference](https://github.com/golang/go/issues/10615) **fixed**\n- [html/template: panic: Call using zero Value argument](https://github.com/golang/go/issues/10634) **fixed**\n- [html/template: nil pointer dereference](https://github.com/golang/go/issues/10673) **fixed**\n- [html/template: slice bounds out of range](https://github.com/golang/go/issues/10799) **fixed**\n- [mime: ParseMediaType parses invalid media types](https://github.com/golang/go/issues/11289) **fixed**\n- [mime: Parse/Format corrupt parameters](https://github.com/golang/go/issues/11290) **fixed**\n- [mime: Parse/Format corrupt parameters (2)](https://github.com/golang/go/issues/11291) **fixed**\n- [go/constant: hang evaluating \"-6e-1886451601\"](https://github.com/golang/go/issues/20228) **fixed**\n- [go/constant, math/big: panic while constructing constant \"1i/1E-612198397\"](https://github.com/golang/go/issues/20227)\n- [go/scanner: accepts floating point literals with no decimals after E](https://github.com/golang/go/issues/17621)  **fixed**\n- [go/parser: eats \\r in comments](https://github.com/golang/go/issues/11151)\n- [go/format: turns correct program into incorrect one](https://github.com/golang/go/issues/11274)\n- [go/format: non-idempotent format](https://github.com/golang/go/issues/11275) **fixed**\n- [go/format: adds }](https://github.com/golang/go/issues/11276) **fixed**\n- [go/types: panics on invalid constant](https://github.com/golang/go/issues/11325) **fixed**\n- [go/types: compiling hangs](https://github.com/golang/go/issues/11327) **fixed**\n- [go/types: stupid shift](https://github.com/golang/go/issues/11328) **fixed**\n- [go/types: line number out of range](https://github.com/golang/go/issues/11329)\n- [go/types: assertion failed](https://github.com/golang/go/issues/11347) **fixed**\n- [go/types: converts fp constant to string](https://github.com/golang/go/issues/11353) **fixed**\n- [go/types: converts complex constant to string](https://github.com/golang/go/issues/11357) **fixed**\n- [go/types: misses '-' in error message](https://github.com/golang/go/issues/11367) **fixed**\n- [go/types: compiles invalid program with overflow](https://github.com/golang/go/issues/11368)\n- [go/types: allows duplicate switch cases](https://github.com/golang/go/issues/11578) **fixed**\n- [go/types: can shift complex numbers](https://github.com/golang/go/issues/11594) **fixed**\n- [go/types: parses comma terminated fields](https://github.com/golang/go/issues/11611) **fixed**\n- [go/types: int overflow in switch expression](https://github.com/golang/go/issues/11667) **fixed**\n- [go/types: allows multiple-value in switch and case](https://github.com/golang/go/issues/11687) **fixed**\n- [go/types: invalid error message for valid conversion to complex64](https://github.com/golang/go/issues/11590) **fixed**\n- [debug/elf: index out of range](https://github.com/golang/go/issues/10996)\n- [debug/elf: makeslice: len out of range](https://github.com/golang/go/issues/10997) **fixed**\n- [debug/elf: slice bounds out of range](https://github.com/golang/go/issues/10999)\n- [debug/pe: panic on interface conversion](https://github.com/golang/go/issues/30250)\n- [debug/pe: slice bounds out of range](https://github.com/golang/go/issues/30253)\n- [x/image/webp: index out of range](https://github.com/golang/go/issues/10383) **fixed**\n- [x/image/webp: invalid memory address or nil pointer dereference](https://github.com/golang/go/issues/10384) **fixed**\n- [x/image/webp: excessive memory consumption](https://github.com/golang/go/issues/10790)\n- [x/image/webp: excessive memory consumption (2)](https://github.com/golang/go/issues/11395)\n- [x/image/tiff: integer divide by zero](https://github.com/golang/go/issues/10393) **fixed**\n- [x/image/tiff: index out of range](https://github.com/golang/go/issues/10394) **fixed**\n- [x/image/tiff: slice bounds out of range](https://github.com/golang/go/issues/10395) **fixed**\n- [x/image/tiff: index out of range](https://github.com/golang/go/issues/10597) **fixed**\n- [x/image/tiff: slice bounds out of range](https://github.com/golang/go/issues/10596) **fixed**\n- [x/image/tiff: integer divide by zero](https://github.com/golang/go/issues/10711) **fixed**\n- [x/image/tiff: index out of range](https://github.com/golang/go/issues/10712) **fixed**\n- [x/image/tiff: index out of range](https://github.com/golang/go/issues/11386)\n- [x/image/tiff: excessive memory consumption](https://github.com/golang/go/issues/11389)\n- [x/image/{tiff,bmp}: EOF instead of UnexpectedEOF](https://github.com/golang/go/issues/11391)\n- [x/image/bmp: hang on degenerate image](https://github.com/golang/go/issues/10746) **fixed**\n- [x/image/bmp: makeslice: len out of range](https://github.com/golang/go/issues/10396) **fixed**\n- [x/image/bmp: out of memory](https://github.com/golang/go/issues/10399) **fixed**\n- [x/net/icmp: runtime error: slice bounds out of range](https://github.com/golang/go/issues/10951)\n- [x/net/html: void element \u003clink\u003e has child nodes](https://github.com/golang/go/issues/10535)\n- [x/net/spdy: unexpected EOF](https://github.com/golang/go/issues/10539) **fixed**\n- [x/net/spdy: EOF](https://github.com/golang/go/issues/10540) **fixed**\n- [x/net/spdy: fatal error: runtime: out of memory](https://github.com/golang/go/issues/10542) **fixed**\n- [x/net/spdy: stream id zero is disallowed](https://github.com/golang/go/issues/10543) **fixed**\n- [x/net/spdy: processing of 35 bytes takes 7 seconds](https://github.com/golang/go/issues/10544) **fixed**\n- [x/net/spdy: makemap: size out of range](https://github.com/golang/go/issues/10545) **fixed**\n- [x/net/spdy: makeslice: len out of range](https://github.com/golang/go/issues/10547) **fixed**\n- [x/crypto/ssh: Server panic on invalid input](https://github.com/golang/go/issues/11348) **fixed**\n- [x/crypto/openpgp: ReadMessage(): Panic on invalid input in packet.nextSubpacket](https://github.com/golang/go/issues/11503) **fixed**\n- [x/crypto/openpgp: ReadMessage(): Panic on invalid input in packet.PublicKeyV3.setFingerPrintAndKeyId](https://github.com/golang/go/issues/11504) **fixed**\n- [x/crypto/openpgp: ReadMessage(): Panic on invalid input in math/big.nat.div](https://github.com/golang/go/issues/11505) **fixed**\n- [gccgo: bogus index out of bounds](https://github.com/golang/go/issues/11522) **fixed**\n- [gccgo: does not see stupidness of shift count](https://github.com/golang/go/issues/11524) **fixed**\n- [gccgo: bogus integer constant overflow](https://github.com/golang/go/issues/11525) **fixed**\n- [gccgo: segmentation fault](https://github.com/golang/go/issues/11526) **fixed**\n- [gccgo: segmentation fault (2)](https://github.com/golang/go/issues/11536) **fixed**\n- [gccgo: segmentation fault (3)](https://github.com/golang/go/issues/11558) **fixed**\n- [gccgo: segmentation fault (4)](https://github.com/golang/go/issues/11559) **fixed**\n- [gccgo: internal compiler error in set_type](https://github.com/golang/go/issues/11537) **fixed**\n- [gccgo: internal compiler error in global_variable_set_init](https://github.com/golang/go/issues/11541) **fixed**\n- [gccgo: internal compiler error: in wide_int_to_tree](https://github.com/golang/go/issues/11542) **fixed**\n- [gccgo: internal compiler error in wide_int_to_tree (2)](https://github.com/golang/go/issues/12618) **fixed**\n- [gccgo: internal compiler error in record_var_depends_on](https://github.com/golang/go/issues/11543) **fixed**\n- [gccgo: internal compiler error in Builtin_call_expression](https://github.com/golang/go/issues/11544) **fixed**\n- [gccgo: internal compiler error in check_bounds](https://github.com/golang/go/issues/11545) **fixed**\n- [gccgo: internal compiler error in do_determine_type](https://github.com/golang/go/issues/11546) **fixed**\n- [gccgo: internal compiler error in do_determine_type (2)](https://github.com/golang/go/issues/12937) **fixed**\n- [gccgo: internal compiler error in backend_numeric_constant_expression](https://github.com/golang/go/issues/11548) **fixed**\n- [gccgo: internal compiler error in type_size](https://github.com/golang/go/issues/11554) **fixed**\n- [gccgo: internal compiler error in type_size (2)](https://github.com/golang/go/issues/11555) **fixed**\n- [gccgo: internal compiler error in type_size (3)](https://github.com/golang/go/issues/11556) **fixed**\n- [gccgo: internal compiler error in do_get_backend](https://github.com/golang/go/issues/11560) **fixed**\n- [gccgo: internal compiler error in do_get_backend (2)](https://github.com/golang/go/issues/12325) **fixed**\n- [gccgo: internal compiler error in do_get_backend (3)](https://github.com/golang/go/issues/12617) **fixed**\n- [gccgo: internal compiler error in do_get_backend (4)](https://github.com/golang/go/issues/12939) **fixed**\n- [gccgo: internal compiler error in create_tmp_var](https://github.com/golang/go/issues/11568) **fixed**\n- [gccgo: internal compiler error in methods](https://github.com/golang/go/issues/11579) **fixed**\n- [gccgo: internal compiler error in do_flatten](https://github.com/golang/go/issues/11592) **fixed**\n- [gccgo: internal compiler error in do_flatten (2)](https://github.com/golang/go/issues/12319) **fixed**\n- [gccgo: internal compiler error in do_flatten (3)](https://github.com/golang/go/issues/12320) **fixed**\n- [gccgo: internal compiler error in declare_function](https://github.com/golang/go/issues/11557) **fixed**\n- [gccgo: internal compiler error: in define](https://github.com/golang/go/issues/12316) **fixed**\n- [gccgo: internal compiler error: in do_export](https://github.com/golang/go/issues/12321)\n- [gccgo: internal compiler error in do_lower](https://github.com/golang/go/issues/12615) **fixed**\n- [gccgo: internal compiler error in insert](https://github.com/golang/go/issues/12616) **fixed**\n- [gccgo: internal compiler error in uniform_vector_p](https://github.com/golang/go/issues/12935) **fixed**\n- [gccgo: accepts invalid UTF-8](https://github.com/golang/go/issues/11527) **fixed**\n- [gccgo: spurious expected newline error](https://github.com/golang/go/issues/11528) **fixed**\n- [gccgo: can apply ^ to true](https://github.com/golang/go/issues/11529) **fixed**\n- [gccgo: hangs](https://github.com/golang/go/issues/11530) **fixed**\n- [gccgo: hangs (2)](https://github.com/golang/go/issues/11531) **fixed**\n- [gccgo: hangs (3)](https://github.com/golang/go/issues/11539) **fixed**\n- [gccgo: rejects valid imaginary literal](https://github.com/golang/go/issues/11532) **fixed**\n- [gccgo: rejects valid fp literal](https://github.com/golang/go/issues/11533) **fixed**\n- [gccgo: accepts program with invalid identifier](https://github.com/golang/go/issues/11535) **fixed**\n- [gccgo: accepts program with invalid identifier (2)](https://github.com/golang/go/issues/11547) **fixed**\n- [gccgo: compiles weird construct](https://github.com/golang/go/issues/11561) **fixed**\n- [gccgo: can do bitwise or on fp constants](https://github.com/golang/go/issues/11566) **fixed**\n- [gccgo: treats nil as type](https://github.com/golang/go/issues/11567) **fixed**\n- [gccgo: does not understand greek capiltal letter yot](https://github.com/golang/go/issues/11569) **fixed**\n- [gccgo: does not understand CUNEIFORM SIGN DUG TIMES MI](https://github.com/golang/go/issues/12322) **fixed**\n- [gccgo: allows to refer to builtin function not in call expression](https://github.com/golang/go/issues/11570) **fixed**\n- [gccgo: bogus incompatible types in binary expression error](https://github.com/golang/go/issues/11572) **fixed**\n- [gccgo: allows multiple definitions of a function](https://github.com/golang/go/issues/11573) **fixed**\n- [gccgo: can shift by complex number](https://github.com/golang/go/issues/11574) **fixed**\n- [gccgo: knowns unknown escape sequence](https://github.com/golang/go/issues/11575) **fixed**\n- [gccgo: internal compiler error in start_function](https://github.com/golang/go/issues/11576) **fixed**\n- [gccgo: internal compiler error: in start_function (2)](https://github.com/golang/go/issues/12324) **fixed**\n- [gccgo: heap-buffer-overflow in Lex::skip_cpp_comment](https://github.com/golang/go/issues/11577) **fixed**\n- [gccgo: does not convert untyped complex 0i to int in binary operation involving an int](https://github.com/golang/go/issues/11563)\n- [gccgo: does not detect missing return](https://github.com/golang/go/issues/11591) **fixed**\n- [gccgo: invalid error message for valid conversion to complex64](https://github.com/golang/go/issues/11615)\n- [gccgo: can shift complex numbers](https://github.com/golang/go/issues/11616) **fixed**\n- [gccgo: does not error on unused var](https://github.com/golang/go/issues/12317) **fixed**\n- [gccgo: treats 0 as channel](https://github.com/golang/go/issues/12323) **fixed**\n- [gccgo: does not recognize unused import](https://github.com/golang/go/issues/12326) **fixed**\n- [gccgo: can shift by string](https://github.com/golang/go/issues/12936) **fixed**\n- [github.com/golang/protobuf: call of reflect.Value.SetMapIndex on zero Value](https://github.com/golang/protobuf/issues/27) **fixed**\n- [github.com/golang/protobuf: call of reflect.Value.Interface on zero Value in MarshalText](https://github.com/golang/protobuf/issues/33) **fixed**\n- [github.com/golang/protobuf: Invalid map is successfully decoded](https://github.com/golang/protobuf/issues/34)\n- [github.com/golang/protobuf: MarshalText incorrectly handles unknown bytes](https://github.com/golang/protobuf/issues/35)\n- [github.com/golang/protobuf: MarshalText fails and prints to stderr](https://github.com/golang/protobuf/issues/36)\n- [github.com/golang/protobuf: Unmarshaling errors for packed fields](https://github.com/golang/protobuf/issues/76) **fixed**\n- [Equal prints to stderr and fails on what's handled by Marshal/Unmarshal](https://github.com/golang/protobuf/issues/114)\n- [code.google.com/p/freetype-go: 42 crashers](https://code.google.com/p/freetype-go/issues/detail?id=17) [42 bugs]\n- [github.com/cryptix/wav: 2 panics in header decoding](https://github.com/cryptix/wav/commit/2f49a0df0d213ee323f694e7bdee8b8a097dc698#diff-f86b763600291cbceee077a33133434a) **fixed**\n- [github.com/spf13/hugo: 7 crashers](https://github.com/spf13/hugo/search?q=go-fuzz\u0026type=Issues) **7 fixed**\n- [github.com/Sereal/Sereal: 8 crashers](https://github.com/Sereal/Sereal/commit/c254cc3f2c48caffee6cd04ea8100a0150357a44) **fixed**\n- [github.com/bradfitz/http2: Server.handleConn hangs](https://github.com/bradfitz/http2/issues/53) **fixed**\n- [github.com/bradfitz/http2: nil pointer dereference in hpack.HuffmanDecode](https://github.com/bradfitz/http2/issues/56) **fixed**\n- [github.com/bradfitz/http2: serverConn.readFrames goroutine leak](https://github.com/bradfitz/http2/issues/58)\n- [github.com/golang/snappy: index out of range panic](https://github.com/golang/snappy/issues/11) **fixed**\n- [github.com/bkaradzic/go-lz4: slice bounds out of range](https://github.com/bkaradzic/go-lz4/commit/b8d4dc7b31511bf5f39dfdb02d2ea7662eb8407c) **fixed**\n- [github.com/kurin/blazer: string escape/unescape edge-cases, need to escape filename in DownloadFileByName()](https://github.com/kurin/blazer/issues/32) **fixed**\n- [github.com/gocql/gocql: slice bounds out of range](https://github.com/gocql/gocql/commit/332853ab7b3c719dd67c657394139491c1f6deb7) **fixed**\n- [github.com/gocql/gocql: slice bounds out of range](https://github.com/gocql/gocql/commit/58d90fab97daa2d9edd6e7a1b2a22bee8ce12c72) **fixed**\n- [github.com/mdlayher/aoe: binary marshal/unmarshal inconsistency](https://github.com/mdlayher/aoe/commit/286c87727b95c9491e08cd909c93ac4a42218ee6) **fixed**\n- [github.com/mdlayher/arp: slice bounds out of range](https://github.com/mdlayher/arp/commit/f237799bcd57ff8bb4773eb819a4b852875f01d0) **fixed**\n- [github.com/mdlayher/ethernet: slice bounds out of range](https://github.com/mdlayher/ethernet/commit/da795f9b6b07b56d87722e5871e66519ac94f489) **fixed**\n- [github.com/mdlayher/ndp: multiple crashers](https://github.com/mdlayher/ndp/commit/4356b107e450bdeae53069b7016d6342f8a4230d) **fixed**\n- [github.com/mdlayher/netlink: slice bounds out of range](https://github.com/mdlayher/netlink/commit/1149baf1f02296bf9eac4a351d66861ecd7ed2a6) **fixed**\n- [github.com/mdlayher/netlink: slice bounds out of range](https://github.com/mdlayher/netlink/commit/2861fca5d483a101d696320cf2bbf54424a886db) **fixed**\n- [github.com/russross/blackfriday: index out of range panic in scanLinkRef](https://github.com/russross/blackfriday/issues/172) **fixed**\n- [github.com/russross/blackfriday: index out of range panic in isReference](https://github.com/russross/blackfriday/issues/173) **fixed**\n- [github.com/rwcarlsen/goexif: index out of range](https://github.com/rwcarlsen/goexif/issues/39)\n- [github.com/tdewolff/minify: 8 crashers](https://github.com/tdewolff/minify/wiki) **fixed**\n- [github.com/youtube/vitess/go/vt/sqlparser: index out of range](https://github.com/youtube/vitess/issues/767) **fixed**\n- [github.com/youtube/vitess/go/vt/sqlparser: statement serialized incorrectly](https://github.com/youtube/vitess/issues/797) **fixed**\n- [github.com/youtube/vitess/go/vt/sqlparser: statement serialized incorrectly (2)](https://github.com/youtube/vitess/issues/798)\n- [gopkg.in/mgo.v2/bson: slice bounds out of range](https://github.com/go-mgo/mgo/issues/116) **fixed**\n- [gopkg.in/mgo.v2/bson: Document is corrupted](https://github.com/go-mgo/mgo/issues/117) **fixed**\n- [gopkg.in/mgo.v2/bson: Attempted to marshal empty Raw document](https://github.com/go-mgo/mgo/issues/120) **fixed**\n- [cockroachdb/cockroach: crash on x % 0](https://github.com/cockroachdb/cockroach/pull/1799) **fixed**\n- [cockroachdb/cockroach: panic when dealing with empty sql ident](https://github.com/cockroachdb/cockroach/pull/1808) **fixed**\n- [cockroachdb/cockroach: parse literals more like Postgres](https://github.com/cockroachdb/cockroach/pull/1807) **fixed**\n- [cockroachdb/cockroach: SELECT (\"*\") parse oddities](https://github.com/cockroachdb/cockroach/issues/1810) **fixed**\n- [cockroachdb/cockroach: weird QualifiedName.Base panics on reproduce](https://github.com/cockroachdb/cockroach/issues/1938)\n- [github.com/google/open-location-code: Extremely long codes can cause underflow errors](https://github.com/google/open-location-code/issues/12)\n- [github.com/akrennmair/gopcap: incorrectly formed IP, UDP, TCP, ICMP packets can cause out of range errors](https://github.com/akrennmair/gopcap/commit/00e11033259acb75598ba416495bb708d864a010) **fixed**\n- [github.com/gogo/protobuf: gogofast generates Unmarshal code that can panic](https://github.com/gogo/protobuf/issues/86) **fixed**\n- [github.com/DHowett/go-plist: Various panics found through go-fuzz](https://github.com/DHowett/go-plist/issues/15)\n- [github.com/streadway/amqp: go-fuzz fixes](https://github.com/streadway/amqp/pull/151)\n- [github.com/andybalholm/cascadia: panic when parsing selectors like `:contains(`](https://github.com/andybalholm/cascadia/commit/3ad29d1ad1c4f2023e355603324348cf1f4b2d48) **fixed**\n- [github.com/Azure/go-pkcs12: panic on malformed certificates](https://github.com/Azure/go-pkcs12/issues/25)\n- [github.com/nats-io/gnatsd: panic on malformed input](https://github.com/nats-io/gnatsd/issues/95)\n- [github.com/miekg/dns: 8 crashers](https://github.com/miekg/dns/pull/237) **fixed**\n- [github.com/influxdb/influxdb: index out of range](https://github.com/influxdb/influxdb/pull/3570) **fixed**\n- [collectd.org/network: 2 crashers](https://github.com/collectd/go-collectd/pull/6) **fixed**\n- [collectd.org/network: index out of range](https://github.com/collectd/go-collectd/issues/10) **fixed**\n- [github.com/arolek/ase: 2 crashers](https://github.com/arolek/ase/pull/18) **fixed**\n- [github.com/lytics/confl: infinite loop on malformed input](https://github.com/lytics/confl/issues/6) **fixed**\n- [github.com/zeebo/bencode: reject strings with negative length](https://github.com/zeebo/bencode/pull/15) **fixed**\n- [github.com/hydrogen18/stalecucumber: 4 crashers](https://github.com/hydrogen18/stalecucumber/pull/5)\n- [github.com/gonum/blas: cgo indexing error](https://github.com/gonum/blas/issues/133) **fixed**\n- [OpenBLAS: incorrect idamax with NaN value](https://github.com/xianyi/OpenBLAS/issues/624)\n- [github.com/eaburns/flac: 3 crashers](https://github.com/eaburns/flac/pull/6)\n- [github.com/yvasiyarov/php_session_decoder: 4 crashers](https://github.com/yvasiyarov/php_session_decoder/pull/15)\n- [xi2.org/x/xz: index out of bounds](https://github.com/xi2/xz/issues/3) **fixed**\n- [github.com/pierrec/lz4: 2 crashers](https://github.com/pierrec/lz4/commit/0b67ae4bb1ab03691079e38dddbc3909d68de64f) **fixed**\n- [github.com/dustin/go-coap: slice bounds out of range (1)](https://github.com/dustin/go-coap/commit/979f9a1787fc3091ba5c337a6d1d903432ce2007) **fixed**\n- [github.com/dustin/go-coap: slice bounds out of range (2)](https://github.com/dustin/go-coap/commit/a2260b92ac405c9c63c4a89c15bb705a3f2928bf) **fixed**\n- [github.com/dgryski/go-quicklz: many array-out-of-bounds issues](https://github.com/dgryski/go-quicklz/commit/6897f36a2bb707fe5b294fb9c06b7e086ab9503b) **fixed**\n- [github.com/rasky/go-lzo: possible infinite loop with single byte input](https://github.com/rasky/go-lzo/commit/22d79fde8006d605b307e3d58b775d9c1f756d52) **fixed**\n- [github.com/ulikunitz/xz: panic in lzma.writeRep](https://github.com/ulikunitz/xz/issues/3)\n- [github.com/Preetam/sflow: excessive memory consumption](https://github.com/Preetam/sflow/issues/29) **fixed**\n- [github.com/hashicorp/go-version: unhandled value out of range](https://github.com/hashicorp/go-version/pull/11) **fixed**\n- [github.com/atlassian/gostatsd: Return an error instead of nil when parseline gets nil/empty input](https://github.com/atlassian/gostatsd/pull/5)\n- [github.com/flynn/flynn/pkg/syslog/rfc5424: off-by-one](https://github.com/flynn/flynn/commit/a6bc68a86a36652b1d06d66052da67c1425faa2f) **fixed**\n- [github.com/flynn/flynn/json5: decoder out of sync with scanner](https://github.com/flynn/json5/commit/29a96735397827a2923c9b669ee3188d601d9153) **fixed**\n- [github.com/flynn/flynn/json5: broken carriage return parsing](https://github.com/flynn/json5/commit/7620272ed63390e979cf5882d2fa0506fe2a8db5) **fixed**\n- [github.com/ipfs/go-ipfs: nil pointer deference in DHT RPC handler](https://github.com/ipfs/go-ipfs/pull/3200) **fixed**\n- [github.com/buger/goreplay: fix panic in http headers parser function](https://github.com/buger/goreplay/pull/411) **fixed**\n- [github.com/digitalocean/captainslog: incomplete timestamp caused panic](https://github.com/digitalocean/captainslog/pull/27/commits/d01c85621defb6fbbde22071de18f69bb3a74836) **fixed**\n- [github.com/jlaffaye/ftp: panic: runtime error: index out of range](https://github.com/jlaffaye/ftp/issues/97) **fixed**\n- [github.com/unidoc/unidoc: panic: interface conversion: pdf.PdfObject is nil, not *pdf.PdfObjectInteger](https://github.com/unidoc/unidoc/issues/77) **fixed**\n- [github.com/unidoc/unidoc: panic: runtime error: invalid memory address or nil pointer dereference](https://github.com/unidoc/unidoc/issues/79) **fixed**\n- [github.com/unidoc/unidoc: runtime: goroutine stack exceeds 1000000000-byte limit](https://github.com/unidoc/unidoc/issues/80) **fixed**\n- [github.com/spenczar/tdigest: check slice bounds when unmarshaling](https://github.com/spenczar/tdigest/commit/91fdfcefc42381c63363418ad38d7d33233f79cd) **fixed**\n- [github.com/spenczar/tdigest: check expected invariants while unmarshaling](https://github.com/spenczar/tdigest/commit/1ee0185dad51692b26b4ee6f9e111349f0cdb581) **fixed**\n- [github.com/vcabbage/amqp: index out of range](https://github.com/vcabbage/amqp/commit/69a58fc911413722779226664a5a858b84758f94) **fixed**\n- [github.com/gomarkdown/markdown: inifinite loop](https://github.com/gomarkdown/markdown/commit/5d96569c5a0d3cd46d961eddbb61e936e627774c) **fixed**\n- [github.com/gomarkdown/markdown: inifinite loop](https://github.com/gomarkdown/markdown/commit/e0fc813169b926a2182bc6554888eb37d12261f7) **fixed**\n- [github.com/gomarkdown/markdown: index out of range](https://github.com/gomarkdown/markdown/commit/5dd4b50fe81eda60f173e242ece05f24c5cc5cec) **fixed**\n- [github.com/hajimehoshi/go-mp3: index out of range (1)](https://github.com/hajimehoshi/go-mp3/commit/22bc0be280079723dbb8e10295db01e925dc5640) **fixed**\n- [github.com/hajimehoshi/go-mp3: index out of range (2)](https://github.com/hajimehoshi/go-mp3/commit/81bb838ef7ce492a3ea9d097a781ae1ed7f318b9) **fixed**\n- [github.com/hajimehoshi/go-mp3: index out of range (3)](https://github.com/hajimehoshi/go-mp3/commit/3c185f92b8dbceefa913b64cae634ba47f452769) **fixed**\n- [github.com/dhowden/tag: slice bounds out of range (1)](https://github.com/dhowden/tag/commit/737d3560ddb3e8e7319a5e9c494ccd749150d675) **fixed**\n- [github.com/dhowden/tag: slice bounds out of range (2)](https://github.com/dhowden/tag/commit/1582ebc2a4525aeaccf7138ffd37e56f5117e49e) **fixed**\n- [github.com/dhowden/tag: len out of range (3)](https://github.com/dhowden/tag/commit/d449289c5e6fec9ad6a68a9e850f22fe14fa7c97) **fixed**\n- [github.com/dhowden/tag: slice bounds out of range (4)](https://github.com/dhowden/tag/commit/d2206af145611b630d612027486ffd9129bd3e09) **fixed**\n- [github.com/tealeg/xlsx: slice bounds out of range (1)](https://github.com/tealeg/xlsx/commit/d40e2bb185733dd4bc3c4a1929c35ee844ed3379) **fixed**\n- [github.com/hashicorp/hcl: crasher (logic error)](https://github.com/hashicorp/hcl/pull/239) **fixed**\n- [github.com/hashicorp/hcl: crasher (off-by-one)](https://github.com/hashicorp/hcl/pull/240) **fixed**\n- [github.com/hashicorp/hcl: format produces unparsable output (1)](https://github.com/hashicorp/hcl/pull/241) **fixed**\n- [github.com/hashicorp/hcl: format produces unparsable output (2)](https://github.com/hashicorp/hcl/pull/243) **fixed**\n- [github.com/hashicorp/hcl: format produces unparsable output (3)](https://github.com/hashicorp/hcl/pull/244) **fixed**\n- [github.com/hashicorp/hcl: format produces unparsable output (4)](https://github.com/hashicorp/hcl/pull/245) **fixed**\n- [github.com/francoispqt/gojay: panic on malformed JSON integers](https://github.com/francoispqt/gojay/issues/27) **fixed**\n- [github.com/francoispqt/gojay: panic on malformed JSON floats](https://github.com/francoispqt/gojay/issues/32) **fixed**\n- [github.com/eapache/go-xerial-snappy multiple panics with malformed inputs](https://github.com/eapache/go-xerial-snappy/commit/58803384a8be76cd0f84789b302c7b52d791d95f) **fixed**\n- [github.com/trustelem/zxcvbn: multiple panics in password strength estimator](https://github.com/trustelem/zxcvbn/issues/1) **fixed**\n- https://github.com/google/syzkaller: 6 crashers (\n[1](https://github.com/google/syzkaller/commit/7c7ded697e6322b0975f061b7e268fe44f585dab),\n[2](https://github.com/google/syzkaller/commit/3b37734422dc0cb40100287bbb3628d8d946c271),\n[3](https://github.com/google/syzkaller/commit/f400a0da0fcd3e4d27d915b57c54f504813ef1d3),\n[4](https://github.com/google/syzkaller/commit/967dc02d70f8e3d027738295977762cd4fbed5c7),\n[5](https://github.com/google/syzkaller/commit/78b7ec0fbe23a5c674401123053d6372ea3ca9c6),\n[6](https://github.com/google/syzkaller/commit/413e41473838fb74ccc081784afd6ddbbd44b797))\n- [github.com/chai2010/guetzli-go: index out of range](https://github.com/chai2010/guetzli-go/issues/11)\n- [github.com/pixiv/go-libjpeg: segmentation violation (1)](https://github.com/pixiv/go-libjpeg/issues/51) **fixed**\n- [github.com/pixiv/go-libjpeg: segmentation violation (2)](https://github.com/pixiv/go-libjpeg/issues/58)\n- [github.com/pixiv/go-libjpeg: panic on encoding after decoding](https://github.com/pixiv/go-libjpeg/issues/55) **fixed**\n- [github.com/z7zmey/php-parser: index out of range and nil pointer dereference](https://github.com/z7zmey/php-parser/issues/98)\n- [github.com/uber/makisu: index out of range (1)](https://github.com/uber/makisu/issues/266) **fixed**\n- [github.com/uber/makisu: index out of range (2)](https://github.com/uber/makisu/issues/271)\n- [github.com/google/go-attestation: out of memory](https://github.com/google/go-attestation/issues/126) **fixed**\n- [github.com/buger/jsonparser index out of range](https://github.com/buger/jsonparser/issues/178)\n- [github.com/buger/jsonparser infinite loop](https://github.com/buger/jsonparser/issues/179)\n- [github.com/hjson/hjson-go: panic on nil](https://github.com/hjson/hjson-go/issues/16) **fixed**\n- [github.com/hjson/hjson-go: panic on invalid syntax](https://github.com/hjson/hjson-go/issues/17) **fixed**\n- [github.com/google/gofuzz: off-by-one error](https://github.com/google/gofuzz/issues/46) **fixed**\n- [github.com/bookingcom/nanotube: index out of range](https://github.com/bookingcom/nanotube/pull/97) **fixed**\n- [github.com/ProtonMail/crypto: panic on fingerpring subpacket](https://github.com/ProtonMail/crypto/pull/66) **fixed**\n- [github.com/robfig/cron: panic on malformed schedule string](https://github.com/robfig/cron/pull/365)\n- [github.com/cronokirby/saferith: infinite loop in ModSqrt](https://github.com/cronokirby/saferith/commit/d39f5a274f7c3b8c8d60456b1525cce26ffacfe7) **fixed**\n- [github.com/go-git/go-git: infinite loop in revision parser](https://github.com/go-git/go-git/pull/475)\n\n**If you find some bugs with go-fuzz and are comfortable with sharing them, I would like to add them to this list.** Please either send a pull request for README.md (preferable) or file an issue. If the source code is closed, you can say just \"found N bugs in project X\". Thank you.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdvyukov%2FGo-fuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdvyukov%2FGo-fuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdvyukov%2FGo-fuzz/lists"}