Closed Bug 379903 Opened 17 years ago Closed 2 years ago

[meta] Bugs found by Paul's "Canvas API Fuzzer"

Categories

(Core :: Fuzzing, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: pvnick, Unassigned)

References

(Depends on 7 open bugs)

Details

(Keywords: meta, sec-other, Whiteboard: [sg:nse meta])

This script fuzzes the canvas context object as well as moving the canvas object around the DOM.

Steps to reproduce:
1. Open fuzz-canvas-api.xhtml
2. Input the settings
3. Wait a while

I'll add the bookmarklet later.
Severity: normal → enhancement
Keywords: meta
Attached file Canvas fuzzer
Whiteboard: [sg:nse meta]
Depends on: 379992
Depends on: 380100
Depends on: 745676
Depends on: 745699
Depends on: 745818
Depends on: 746491
Depends on: 746495
Depends on: 746497
Depends on: 746813
Depends on: 746844
Depends on: 746847
Depends on: 746849
Depends on: 746866
Depends on: 746896
Depends on: 747132
Depends on: 747302
I've belatedly folded this code into the big DOM fuzzer.

It's finding a decent number of bugs on its own, and in combination with the following other parts of the fuzzer:

* randomizing graphics settings
* resizing canvas elements
* printing
* API discovery

Thanks, Paul :)
Group: core-security
OS: Windows XP → All
Hardware: x86 → All
Depends on: 750575
Blocks: fuzz
Depends on: 751129
No longer depends on: 746896
Depends on: 746896
Depends on: 757749
Depends on: 763828
Depends on: 765111
Depends on: 766434
Depends on: 766452
Depends on: 771669
Depends on: 779424
Depends on: 779426
Depends on: 784730
Depends on: 786857
Depends on: 790865
Depends on: 799326
Depends on: 801821
Depends on: 801962
Depends on: 826980
Depends on: 844280
Depends on: 850081
Depends on: 851389
Depends on: 852397
Depends on: 856394
Depends on: 860543
Depends on: 866575
Depends on: 868787
Depends on: 868788
Depends on: 880019
Depends on: 880862
Depends on: 891123
Depends on: 895233
Depends on: 914445
Depends on: 943550
Depends on: 943587
Depends on: 943622
Depends on: 944204
Depends on: 947479
Depends on: 950000
Depends on: 975781
Depends on: 985773
Depends on: 986330
Depends on: 986902
Depends on: 987054
Depends on: 989593
Depends on: 989669
Depends on: 989705
Depends on: 989707
Depends on: 989760
Depends on: 989763
Depends on: 993175
Depends on: 993570
Depends on: 1008963
Depends on: 1010707
Depends on: 1011218
Depends on: 1017942
Depends on: 1018527
Depends on: 1028522
Depends on: 1033310
Depends on: 1034403
Depends on: 1036650
Depends on: 1060155
Depends on: 1071930
Depends on: 1156294
Depends on: 1161277
No longer blocks: fuzz
Depends on: 1183363
Depends on: 1186689
pvnick's canvas fuzzer is now a DOMFuzz module:
https://github.com/MozillaSecurity/funfuzz/blob/master/dom/fuzzer/modules/canvas.js

cdiehl also wrote one:
https://github.com/MozillaSecurity/funfuzz/blob/master/dom/fuzzer/modules/canvas2d.js

(I should probably merge them at some point.)
Depends on: 1190705
Depends on: 1221272
Depends on: 1221304
Depends on: 1221312
Depends on: 1221322
Depends on: 1223695
Depends on: 1223740
Depends on: 1224574
Depends on: 1225250
Depends on: 1225381
Depends on: 1228127
Depends on: 1228128
Depends on: 1229918
Depends on: 1229932
Depends on: 1229946
Depends on: 1229972
Depends on: 1229973
Depends on: 1229975
Depends on: 1229977
Depends on: 1229983
Depends on: 1230092
Depends on: 1230096
Depends on: 1230098
Depends on: 1230111
Depends on: 1230679
Depends on: 1230686
Depends on: 1235469
Depends on: 1242794
Depends on: 1242811
Depends on: 1242822
Depends on: 1244850
Depends on: 1248222
Depends on: 1248223
Depends on: 1248224
Depends on: 1257717
Depends on: 1267080
Depends on: 1267083
Component: Tracking → Platform Fuzzing Team

The bug assignee didn't login in Bugzilla in the last 7 months.
:decoder, could you have a look please?
For more information, please visit auto_nag documentation.

Assignee: chofmann → nobody
Flags: needinfo?(choller)
Summary: Bugs found by Paul's "Canvas API Fuzzer" → [meta] Bugs found by Paul's "Canvas API Fuzzer"
Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(choller)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.