Closed
Bug 1431443
Opened 6 years ago
Closed 6 years ago
Land JS fuzzing target for BinASTReader
Categories
(Core :: JavaScript Engine, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla60
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox58 | --- | unaffected |
firefox59 | --- | unaffected |
firefox60 | --- | fixed |
People
(Reporter: decoder, Assigned: decoder)
References
Details
(Keywords: sec-want)
Attachments
(1 file)
4.47 KB,
patch
|
Yoric
:
review+
jandem
:
review+
|
Details | Diff | Splinter Review |
This bug is about landing a fuzzing target for BinASTReader once bug 1431090 landed. The current implementation is not enabled in our codebase, but marking this s-s nonetheless because I don't know for sure if this won't be enabled in Nightly for testing purposes at any point in time.
Updated•6 years ago
|
Priority: -- → P2
Assignee | ||
Comment 1•6 years ago
|
||
Fuzzing target for BinAST, derived from the jsapi-test we already had. This will probably work best with the next revision of BinAST that is coming up now because the current format doesn't work well for fuzzing. I made additional local patches to the implementation itself to make it easier to fuzz but found only minor bugs.
Attachment #8951232 -
Flags: review?(jdemooij)
Attachment #8951232 -
Flags: review?(dteller)
Comment on attachment 8951232 [details] [diff] [review] fuzzing-target-binast.patch Review of attachment 8951232 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/fuzz-tests/testBinASTReader.cpp @@ +40,5 @@ > + > + if (!size) return 0; > + > + CompileOptions options(gCx); > + options.setIntroductionType("unit test parse") Nit: It's not a unit test :) ::: js/src/moz.build @@ +682,5 @@ > 'frontend/BinToken.cpp' > ] > > + # Instrument BinAST files for fuzzing as we have a fuzzing target for BinAST. > + if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']: Don't we also need CONFIG['JS_BUILD_BINAST']?
Attachment #8951232 -
Flags: review?(dteller) → review+
Comment 3•6 years ago
|
||
Comment on attachment 8951232 [details] [diff] [review] fuzzing-target-binast.patch Review of attachment 8951232 [details] [diff] [review]: ----------------------------------------------------------------- LGTM, modulo Yoric's comment.
Attachment #8951232 -
Flags: review?(jdemooij) → review+
Comment 4•6 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/99e3fc75f9c7cef1921b527cbbd65dcd4c59485f https://hg.mozilla.org/mozilla-central/rev/99e3fc75f9c7
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox60:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Updated•6 years ago
|
status-firefox58:
--- → unaffected
status-firefox-esr52:
--- → unaffected
Updated•6 years ago
|
Group: javascript-core-security → core-security-release
Updated•6 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•