Fuzzing PostgreSQL

Fuzzing is a simple but powerful technique for discovering edge-case bugs in large, stateful systems like PostgreSQL.

This talk shows how to apply it to Postgres’ client library libpq which handles every network connection before the server sees a query.

We’ll walk through building minimal harnesses, generating and mutating protocol inputs, and reasoning about what makes fuzzing effective on complex C codebases.

The session is meant as a practical guide: how to start fuzzing a Postgres-related project, what challenges to expect, and what kind of issues you can realistically uncover along the way.

In this session you will learn:

• what fuzzing is and why it finds bugs other techniques miss
• which PostgreSQL surfaces make good fuzzing targets and why
• how to apply fuzzing to Postgres networking components (libpq)

If you’re a PostgreSQL developer, this talk will add another tool for improving the stability and security of the projects you build.