← All libraries
Database · C++
How to fuzz RocksDB
MySQL, MongoDB, and TiKV embed RocksDB — SST corruption in any of them triggers this code.
RocksDB is the storage engine behind MySQL MyRocks, Cassandra, TiKV, and many distributed databases. Its SST file format, Write-Ahead Log reader, and block-based table parser all process on-disk or network-replicated data that can be adversarially crafted, making coverage-guided fuzzing of its file readers directly applicable to production attack scenarios.
Common bug classes
- •Heap buffer overflow in SST block footer magic validation
- •Integer overflow in WAL record fragment length accumulation
- •Out-of-bounds read in bloom filter bit array index
- •Use-after-free in column family drop during compaction
- •Null dereference on empty block-based table index iterator
Recommended setup
Fuzzers
- → AFL++
- → libFuzzer
- → Honggfuzz
Sanitizers
- → ASan
- → UBSan
Harness scaffold
#include <stdint.h>
#include <stddef.h>
#include <rocksdb/db.h>
#include <rocksdb/slice.h>
#include <rocksdb/table.h>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
/* Use WriteBatch decode as a lightweight, no-I/O entry point */
rocksdb::WriteBatch batch(std::string(
reinterpret_cast<const char *>(data), size));
rocksdb::WriteBatch::Handler handler;
batch.Iterate(&handler);
return 0;
}Save this as fuzz_target.cc, build with your compiler + sanitizer flags, and you have a working starting point.
Push the harness above + a Dockerfile. First month 50% off.