Hey,
On 06/26/2013 06:51 PM, Ryosuke Niwa wrote:
Hi Renáta,
Thanks for undertaking this effort.
Is it possible for your fuzzer to run under guard malloc or
ASAN(AddressSanitizer) and catch security problems?
ofc it's possible. You can run it with any browser and with any options.
We could also improve our annotation in the codebase to use
ASSERT_WITH_SECURITY_IMPLICATION if that helps.
Yeah, it'd be great. I've already found a failure on such assertion and
was much easier to identify the reason of the problem.
Reni
- R. Niwa
On Tue, Jun 25, 2013 at 1:56 AM, Renáta Hodován
<hodo...@inf.u-szeged.hu <mailto:hodo...@inf.u-szeged.hu>> wrote:
Hi folks,
as many of you know already I'm working on an universal web
fuzzer, which is able to generate random test cases for both svg,
html, css and js, and test them against any browser. With this
method we can catch crashes, assertions, memory corruptions and
all the funny things.
A few words about it: Fuzzinator learns from existing test cases
and based on this information it generates new tests that are
syntactically correct. Beside this randomized step I also put some
language specific knowledge into the tests too. Further details
about the theoretical background will be shared in a blogpost soon.
However the results are available in public already and they are
collected under a metabug in bugzilla:
https://bugs.webkit.org/show_bug.cgi?id=116980. So should any of
you feel like browsing or fixing them, don't hesitate to start
with it ;)
Cheers,
Reni
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org <mailto:webkit-dev@lists.webkit.org>
https://lists.webkit.org/mailman/listinfo/webkit-dev
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev