Bugs found by Paul's "Canvas API Fuzzer"

NEW
Assigned to

Status

()

enhancement
13 years ago
3 years ago

People

(Reporter: pvnick, Assigned: chofmann)

Tracking

(Depends on 14 bugs, Blocks 1 bug, {meta, sec-other})

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:nse meta])

This script fuzzes the canvas context object as well as moving the canvas object around the DOM.

Steps to reproduce:
1. Open fuzz-canvas-api.xhtml
2. Input the settings
3. Wait a while

I'll add the bookmarklet later.
Severity: normal → enhancement
Keywords: meta
Posted file Canvas fuzzer
Whiteboard: [sg:nse meta]
Depends on: 379992
Depends on: 380100
Depends on: 745676
Depends on: 745699
Depends on: 745818
Depends on: 746491
Depends on: 746495
Depends on: 746497
Depends on: 746813
Depends on: 746844
Depends on: 746847
Depends on: 746849
Depends on: 746866
Depends on: 746896
Depends on: 747132
Depends on: 747302
I've belatedly folded this code into the big DOM fuzzer.

It's finding a decent number of bugs on its own, and in combination with the following other parts of the fuzzer:

* randomizing graphics settings
* resizing canvas elements
* printing
* API discovery

Thanks, Paul :)
Group: core-security
OS: Windows XP → All
Hardware: x86 → All
Depends on: 750575
Blocks: fuzz
Depends on: 751129
No longer depends on: 746896
Depends on: 746896
Depends on: 757749
Depends on: 763828
Depends on: 765111
Depends on: 766434
Depends on: 766452
Depends on: 771669
Depends on: 779424
Depends on: 779426
Depends on: 784730
Depends on: 786857
Depends on: 790865
Depends on: 799326
Depends on: 801821
Depends on: 801962
Depends on: 826980
Depends on: 844280
Depends on: 850081
Depends on: 851389
Depends on: 852397
Depends on: 856394
Depends on: 860543
Depends on: 866575
Depends on: 868787
Depends on: 868788
Depends on: 880019
Depends on: 880862
Depends on: 891123
Depends on: 895233
Depends on: 914445
Depends on: 943550
Depends on: 943587
Depends on: 943622
Depends on: 944204
Depends on: 947479
Depends on: 950000
Depends on: 975781
Depends on: 985773
Depends on: 986330
Depends on: 986902
Depends on: 987054
Depends on: 989593
Depends on: 989669
Depends on: 989705
Depends on: 989707
Depends on: 989760
Depends on: 989763
Depends on: 993175
Depends on: 993570
Depends on: 1008963
Depends on: 1010707
Depends on: 1011218
Depends on: 1017942
Depends on: 1018527
Depends on: 1028522
Depends on: 1033310
Depends on: 1034403
Depends on: 1036650
Depends on: 1060155
Depends on: 1071930
Depends on: 1156294
Depends on: 1161277
Blocks: 1172704
No longer blocks: fuzz
Depends on: 1183363
Depends on: 1186689
pvnick's canvas fuzzer is now a DOMFuzz module:
https://github.com/MozillaSecurity/funfuzz/blob/master/dom/fuzzer/modules/canvas.js

cdiehl also wrote one:
https://github.com/MozillaSecurity/funfuzz/blob/master/dom/fuzzer/modules/canvas2d.js

(I should probably merge them at some point.)
Depends on: 1190705
Depends on: 1221272
Depends on: 1221304
Depends on: 1221312
Depends on: 1221322
Depends on: 1223695
Depends on: 1223740
Depends on: 1224574
Depends on: 1225250
Depends on: 1225381
Depends on: 1228127
Depends on: 1228128
Depends on: 1229918
Depends on: 1229932
Depends on: 1229946
Depends on: 1229972
Depends on: 1229973
Depends on: 1229975
Depends on: 1229977
Depends on: 1229983
Depends on: 1230092
Depends on: 1230096
Depends on: 1230098
Depends on: 1230111
Depends on: 1230679
Depends on: 1230686
Depends on: 1235469
Depends on: 1242794
Depends on: 1242811
Depends on: 1242822
Depends on: 1244850
Depends on: 1248222
Depends on: 1248223
Depends on: 1248224
Depends on: 1257717
Depends on: 1267080
Depends on: 1267083
Component: Tracking → Platform Fuzzing Team
You need to log in before you can comment on or make changes to this bug.