New issue
Advanced search Search tips

Issue 638379 link

Starred by 2 users
Status: Fixed
Owner: ----
Closed: Aug 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Feature

Blocked on:
issue 638653
issue 639839


Sign in to add a comment

Add fuzzers in core/html/parser

Project Member Reported by csharrison@chromium.org, Aug 16 2016 
We should write libfuzzers for some of the parser components. Possibly this might mean refactoring some of the code to be testable :)

The main idea is that testing lower level components we can find bugs a lot faster with fuzzers, so it is useful to include them at multiple levels.

Some ideas:
 - HTMLPreloadScanner (effectively testing the tokenizer).
 - TextResourceDecoder
 - Various full parsers (might have to detangle to be unit testable)

Here's docs for writing fuzzers:
https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/README.md

Here's a recent fuzzer that landed in Blink:
https://codereview.chromium.org/2199493002/

Let's make sub issues for each separate fuzzer.

Comment 1 by dominicc@chromium.org, Aug 17 2016 

This is a great idea.

Comment 2 by csharrison@chromium.org, Aug 17 2016

Blockedon: 638653

Comment 3 by csharrison@chromium.org, Aug 19 2016

Description: Show this description

Comment 4 by csharrison@chromium.org, Aug 22 2016

Blockedon: 639839
Project Member

Comment 5 by sheriffbot@chromium.org, Aug 22 2017

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by csharrison@chromium.org, Aug 22 2017

Status: Fixed (was: Untriaged)
Project Member

Comment 7 by bugdroid1@chromium.org, Oct 6 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fef8ff15eefa2df303306340c7c1bb33ab16d040

commit fef8ff15eefa2df303306340c7c1bb33ab16d040
Author: Patrick Meenan <pmeenan@chromium.org>
Date: Fri Oct 06 15:20:07 2017

Added a fuzzer for the HTML tokenizer

Bug:  638379 
Change-Id: Icff466e27652801a77dbc33dfe9ff4373b1cf96d
Reviewed-on: https://chromium-review.googlesource.com/701704
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Charlie Harrison <csharrison@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Commit-Queue: Patrick Meenan <pmeenan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#507075}
[modify] https://crrev.com/fef8ff15eefa2df303306340c7c1bb33ab16d040/third_party/WebKit/Source/core/html/BUILD.gn
[add] https://crrev.com/fef8ff15eefa2df303306340c7c1bb33ab16d040/third_party/WebKit/Source/core/html/parser/HTMLTokenizerFuzzer.cpp
[modify] https://crrev.com/fef8ff15eefa2df303306340c7c1bb33ab16d040/third_party/WebKit/Source/platform/testing/FuzzedDataProvider.h

Sign in to add a comment