From the pre-release (Perplexity) audit, §8: the four fuzz targets cover only the *::load deserialization paths. The hot paths — add() / search() / search_asymmetric() — are not fuzzed.
Add a target that drives (dim, bits, n_vectors, k) combinatorially through add + search/search_asymmetric, stressing the SIMD dispatch (select_simd_tier), the overflow guards (checked_new_len, result_buffer_len), and TopK simultaneously. Use Arbitrary to derive the shape params + a bounded vector buffer.
Note: the CI fuzz gate only builds targets, so realising the value needs a deliberate fuzzing run; existing unit/integration tests + the loader fuzzing already cover much of this, hence deferred rather than blocking.
Also tracked here (audit §5, low/future): TopK has no reset() and is currently safe only because it is reconstructed per query; a future allocation-reuse optimization for high-nq workloads would need one.
From the pre-release (Perplexity) audit, §8: the four fuzz targets cover only the
*::loaddeserialization paths. The hot paths —add()/search()/search_asymmetric()— are not fuzzed.Add a target that drives
(dim, bits, n_vectors, k)combinatorially throughadd+search/search_asymmetric, stressing the SIMD dispatch (select_simd_tier), the overflow guards (checked_new_len,result_buffer_len), andTopKsimultaneously. UseArbitraryto derive the shape params + a bounded vector buffer.Note: the CI fuzz gate only builds targets, so realising the value needs a deliberate fuzzing run; existing unit/integration tests + the loader fuzzing already cover much of this, hence deferred rather than blocking.
Also tracked here (audit §5, low/future):
TopKhas noreset()and is currently safe only because it is reconstructed per query; a future allocation-reuse optimization for high-nqworkloads would need one.