Fuzz testing is an automated method of finding bugs (and potential security vulnerabilities) by passing random input to a program or function. It is often performed in conjunction with a tool that can detect incorrect or undefined behavior, such as out-of-bounds access (buffer overflow/underflow), use of uninitialized data, use of memory after it has been freed, and freeing the same memory more than once. For testing sudo, we use both Address Sanitizer (ASAN) and Undefined Behavior Sanitizer ...
