Just to clarify for me, what you're saying is that:
1) instead of asserts for invalid input validation, they should have just returned the appropriate error code
2) so that the fuzzing harness could continue with the run rather than just keep dying?
> It was for embedded firmware, and I always ran tests (including security tests)
You had me going there for a minute. lol. :)
TIA.
Basically, I'd see code that looked like this:
assert(isNumeric(userInput)); if (!isNumeric(userInput)) { return ERR_INVALID_INPUT; }
Just to clarify for me, what you're saying is that:
1) instead of asserts for invalid input validation, they should have just returned the appropriate error code
2) so that the fuzzing harness could continue with the run rather than just keep dying?
> It was for embedded firmware, and I always ran tests (including security tests)
You had me going there for a minute. lol. :)
TIA.