{"data":{"id":"483b1cd1-ba1d-4ec2-8356-b3e6e0e4f9e5","title":"Go fuzzing was missing half the toolkit. We forked the toolchain to fix it.","summary":"Go's built-in fuzzing tool (a technique that tests software by feeding it random or semi-random inputs to find bugs) was missing key features available in other languages like Rust and C++, so researchers built gosentry, a modified version of the Go toolchain that adds stronger bug detection, grammar-based fuzzing (testing structured inputs like parsers), and coverage reports while keeping the same familiar interface. Gosentry detects bugs that vanilla Go fuzzing misses, including integer overflows (when numbers get too large for their storage), data races (when multiple threads access the same data unsafely), and goroutine leaks (abandoned lightweight threads), without requiring developers to rewrite existing fuzzing tests.","solution":"Use gosentry instead of Go's standard fuzzer: point existing Go fuzz harnesses at gosentry's binary and run them with new CLI flags like --catch-races=true and --catch-leaks=true to enable additional bug detection. For example: ./bin/go test -fuzz=FuzzHarness --focus-on-new-code=false --catch-races=true --catch-leaks=true. Gosentry also supports generating coverage reports from existing fuzzing campaigns with the --generate-coverage flag, and the --panic-on flag can make the fuzzer stop when specific functions like log.Fatal are called.","labels":["research","security"],"sourceUrl":"https://blog.trailofbits.com/2026/05/12/go-fuzzing-was-missing-half-the-toolkit.-we-forked-the-toolchain-to-fix-it./","publishedAt":"2026-05-12T11:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-12T11:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}