Overview
What this challenge is about.
Identify 3 critical parser entry points (DICOM dataset parser, JPEG 2000 decoder, TIFF directory parser) and write a libFuzzer harness + an AFL++ harness for each. Build with ASan + UBSan instrumentation. Seed with a corpus of around 200 real images per format (anonymized; synthetic dataset provided). Run ~5,000 CPU-hours on Google Cloud Compute (budget provided). Triage findings using ASan reports + ASan-aware deduplication. Ship fix PRs for the top 5 high-severity bugs (heap overflow, use-after-free, integer overflow) with regression tests. Author a 5-page fuzzing-in-CI playbook covering harness maintenance, corpus management, and budget guidance. Deliver harnesses, findings report, fix PR series, and CI playbook.
The Brief
What you'll do, and what you'll demonstrate.
Set up coverage-guided fuzzing on 3 image-parsing entry points, find and fix the top 5 memory-safety bugs, and leave fuzzing running in CI.
Earning criteria — what you'll demonstrate
- Build coverage-guided fuzzing harnesses for real C++ entry points
- Use ASan + UBSan to triage memory-safety findings
- Ship fixes with regression tests that prevent re-introduction
- Operationalize fuzzing in CI with corpus + budget guidance
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.