[webkit-dev] Fuzzinator, a mutation based web fuzzer

Renáta Hodován hodovan at inf.u-szeged.hu
Wed Jun 26 10:30:18 PDT 2013 

Hey,


On 06/26/2013 06:51 PM, Ryosuke Niwa wrote:
> Hi Renáta,
>
> Thanks for undertaking this effort.
>
> Is it possible for your fuzzer to run under guard malloc or 
> ASAN(AddressSanitizer) and catch security problems?
ofc it's possible. You can run it with any browser and with any options.

> We could also improve our annotation in the codebase to use 
> ASSERT_WITH_SECURITY_IMPLICATION if that helps.
Yeah, it'd be great. I've already found a failure on such assertion and 
was much easier to identify the reason of the problem.

Reni

>
> - R. Niwa
>
> On Tue, Jun 25, 2013 at 1:56 AM, Renáta Hodován 
> <hodovan at inf.u-szeged.hu <mailto:hodovan at inf.u-szeged.hu>> wrote:
>
>     Hi folks,
>
>     as many of you know already I'm working on an universal web
>     fuzzer, which is able to generate random test cases for both svg,
>     html, css and js, and test them against any browser. With this
>     method we can catch crashes, assertions, memory corruptions and
>     all the funny things.
>
>     A few words about it: Fuzzinator learns from existing test cases
>     and based on this information it generates new tests that are
>     syntactically correct. Beside this randomized step I also put some
>     language specific knowledge into the tests too. Further details
>     about the theoretical background will be shared in a blogpost soon.
>
>     However the results are available in public already and they are
>     collected under a metabug in bugzilla:
>     https://bugs.webkit.org/show_bug.cgi?id=116980. So should any of
>     you feel like browsing or fixing them, don't hesitate to start
>     with it ;)
>
>     Cheers,
>     Reni
>
>
>
>
>     _______________________________________________
>     webkit-dev mailing list
>     webkit-dev at lists.webkit.org <mailto:webkit-dev at lists.webkit.org>
>     https://lists.webkit.org/mailman/listinfo/webkit-dev
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20130626/955acb2c/attachment.html>

More information about the webkit-dev mailing list