[webkit-dev] Fuzzinator, a mutation based web fuzzer

Ryosuke Niwa rniwa at webkit.org
Wed Jun 26 09:51:52 PDT 2013


Hi Renáta,

Thanks for undertaking this effort.

Is it possible for your fuzzer to run under guard malloc or
ASAN(AddressSanitizer) and catch security problems?

We could also improve our annotation in the codebase to use
ASSERT_WITH_SECURITY_IMPLICATION if that helps.

- R. Niwa

On Tue, Jun 25, 2013 at 1:56 AM, Renáta Hodován <hodovan at inf.u-szeged.hu>wrote:

>  Hi folks,
>
> as many of you know already I'm working on an universal web fuzzer, which
> is able to generate random test cases for both svg, html, css and js, and
> test them against any browser. With this method we can catch crashes,
> assertions, memory corruptions and all the funny things.
>
> A few words about it: Fuzzinator learns from existing test cases and based
> on this information it generates new tests that are syntactically correct.
> Beside this randomized step I also put some language specific knowledge
> into the tests too. Further details about the theoretical background will
> be shared in a blogpost soon.
>
> However the results are available in public already and they are collected
> under a metabug in bugzilla:
> https://bugs.webkit.org/show_bug.cgi?id=116980. So should any of you feel
> like browsing or fixing them, don't hesitate to start with it ;)
>
> Cheers,
> Reni
>
>
>
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20130626/ffed9ad6/attachment.html>


More information about the webkit-dev mailing list