Closed Bug 1738278 Opened 3 years ago Closed 2 years ago

Land initial fuzzing snapshot API

Categories

(Core :: Fuzzing, enhancement, P1)

Product:
Core
Component:
Fuzzing
Platform:
x86_64
Linux
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
96 Branch
Tracking Flags:
Tracking Status
firefox95 --- wontfix
firefox96 --- fixed

People

(Reporter: decoder, Assigned: decoder)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1738278 - Add fuzzing snapshot API. r?truber
48 bytes, text/x-phabricator-request
Details | Review

We can inject Nyx via LD_PRELOAD and then wrap/expose the API in mozilla-central to allow implementing arbitrary fuzzing targets in our code easily.

I have a patch that adds the preliminary API, but due to how dynamic symbol resolving works, we have to drag all API function pointers through the main binary (similar to what we do with the libFuzzer callback).

Pushed by choller@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/785d636b5956
Add fuzzing snapshot API. r=truber,firefox-build-system-reviewers,glandium

https://hg.mozilla.org/mozilla-central/rev/785d636b5956

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox96: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 96 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: