Closed Bug 1782507 Opened 2 years ago Closed 2 years ago

Pin fuzzing to newly created actors in IPC fuzzing

Categories

(Core :: Fuzzing, enhancement)

Product:
Core
Component:
Fuzzing
Platform:
x86_64
Linux
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
105 Branch
Tracking Flags:
Tracking Status
firefox-esr91 --- wontfix
firefox-esr102 --- wontfix
firefox103 --- wontfix
firefox104 --- wontfix
firefox105 --- fixed

People

(Reporter: decoder, Assigned: decoder)

Details

(Keywords: sec-other, Whiteboard: [adv-main105-])

Attachments

(1 file)

Bug 1782507 - Pin IPC fuzzing to new actor / last port after constructor. r?truber
48 bytes, text/x-phabricator-request
Details | Review

Currently, the fuzzer sometimes creates new actors as expected (just by sending a constructor message with the right parameters). However, once the actor is successfully created, there is no special handling for that new actor. In particular, the chance that it is selected for further messages is not higher than it is for any other actor.

We should change the code to pin the fuzzing to the newly created actor at least for a certain amount of messages. After these messages have been sent, we should decide if we want to stay pinned on that particular port (since it's more likely that more messages on the same port where the new actor was created could trigger a bug).

Pin IPC fuzzing to new actor / last port after constructor. r=truber
https://hg.mozilla.org/integration/autoland/rev/111a081318aee284b38a18a3b7ed6d11882dd34c
https://hg.mozilla.org/mozilla-central/rev/111a081318ae

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox105: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 105 Branch
QA Whiteboard: [post-critsmash-triage]
Flags: qe-verify-
Whiteboard: [adv-main105-]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: