Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Fuzzing of mosquitto library and broker

Hi Sergey,

We don't do any fuzzing ourselves at the moment. The Software Integrity Group at Synopsys have been kind enough to do some fuzzing in the past using their Defensics tool, and other parties have done fuzzing as well, I can't comment on what fuzzer was used there.

As we aren't doing fuzzing we haven't adapted the code to deal with fuzzing, and I can't comment on coverage.

I have been developing a manual test suite that exercises as many edge cases of the MQTT protocol as I can manage - this is not fuzzing proper of course, but does achieve many of the same results. I can't tell you coverage off the top of my head, but as this is protocol parsing only I wouldn't expect it to be terribly high. The Defensics fuzzing was also around the MQTT protocol. I know that others have done fuzzing of the config file.



On Thu, 12 Aug 2021, 18:21 Sergey Grekhov, <grekhss@xxxxxxxxx> wrote:
Dear maintainers of mosquitto project!
Do you perform fuzzing of your code? If the answer is yes, then is it possible to view the results of this activity? Particularly:
  • which fuzzer do you use?
  • how do you adapt original code to fuzzing?
  • how do you calculate code coverage?
Thank you in advance for your answers!
Best regards,
Sergey Grekhov
mosquitto-dev mailing list
To unsubscribe from this list, visit

Back to the top