[webkit-dev] Fuzzinator, a mutation based web fuzzer
hodovan at inf.u-szeged.hu
Wed Jun 26 10:30:18 PDT 2013
On 06/26/2013 06:51 PM, Ryosuke Niwa wrote:
> Hi Renáta,
> Thanks for undertaking this effort.
> Is it possible for your fuzzer to run under guard malloc or
> ASAN(AddressSanitizer) and catch security problems?
ofc it's possible. You can run it with any browser and with any options.
> We could also improve our annotation in the codebase to use
> ASSERT_WITH_SECURITY_IMPLICATION if that helps.
Yeah, it'd be great. I've already found a failure on such assertion and
was much easier to identify the reason of the problem.
> - R. Niwa
> On Tue, Jun 25, 2013 at 1:56 AM, Renáta Hodován
> <hodovan at inf.u-szeged.hu <mailto:hodovan at inf.u-szeged.hu>> wrote:
> Hi folks,
> as many of you know already I'm working on an universal web
> fuzzer, which is able to generate random test cases for both svg,
> html, css and js, and test them against any browser. With this
> method we can catch crashes, assertions, memory corruptions and
> all the funny things.
> A few words about it: Fuzzinator learns from existing test cases
> and based on this information it generates new tests that are
> syntactically correct. Beside this randomized step I also put some
> language specific knowledge into the tests too. Further details
> about the theoretical background will be shared in a blogpost soon.
> However the results are available in public already and they are
> collected under a metabug in bugzilla:
> https://bugs.webkit.org/show_bug.cgi?id=116980. So should any of
> you feel like browsing or fixing them, don't hesitate to start
> with it ;)
> webkit-dev mailing list
> webkit-dev at lists.webkit.org <mailto:webkit-dev at lists.webkit.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webkit-dev