Submitting SQLCipher to Google's security fuzzer


Google is soliciting security sensitive, open source projects to submit “fuzzing” recipes to their new “continuous fuzzing” service the developed as part of Chrome:

Based on feedback and inspiration gained at Core Infrastructure Workshops, and from many of you in other venues, we are launching a pilot program aimed at making continuous fuzzing an integral part of every Open Source library that consumes untrusted or complex inputs. This is a big challenge, and we would love your participation and help!

As a part of this program, we are starting to beta-test OSS-FUZZ (, a piece of infrastructure that will
allow OSS projects to benefit from our end-to-end automated fuzzing
system. OSS-FUZZ is a thin layer on top of ClusterFuzz, the
large-scale fuzzing infrastructure that found thousands of bugs in

Since sqlcipher already runs on GNU/Linux x86_64 and there is already a sqlite3 recipe, this should be quite easy to do:

I was thinking of doing it myself, but I’m poorly positioned these days to respond to the issues that they find. So I’m bringing it up here! :slight_smile:


Hi @eighthave

Thanks for sharing this, it certainly looks pretty interesting. We will look into it further to see if it is something we can utilize. Thanks again!