New issue
Advanced search Search tips

Issue 654810 link

Starred by 3 users
Status: Assigned
Owner:
cmumford@chromium.org
Cc:
dmu...@chromium.org
pwnall@chromium.org
mmoroz@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Feature


Participants' hotlists:
IDB-Stability


Sign in to add a comment

Add fuzzers for internal IndexedDB parsers

Project Member Reported by jsb...@chromium.org, Oct 11 2016 
libfuzzer-based fuzzers are ridiculously simple to author. We should have them for our various internal string parsers since we're merely human.

* blink's IDBKeyPathParser - although the parser is now just a string split it used to be more complex and the isIdentifier() logic is not completely trivial

* chromium's leveldb key coding scheme functions: DecodeXXX(), CompareXXX(), ExtractEncodedIDBKey() - anything that takes a StringPiece

(The structured clone mechanism is getting its own fuzzer. I couldn't think of any others but we might have them...)

Comment 1 by jsb...@chromium.org, Oct 11 2016

Description: Show this description

Comment 2 by cmumford@google.com, Oct 11 2016 

I worked on a local fuzzer to test:

  1. leveldb::port::Snappy_Compress
  2. leveldb::port::Snappy_GetUncompressedLength
  3. leveldb::DescriptorFileName

A little cleanup and I can land these too.

Comment 3 by jsb...@chromium.org, Oct 11 2016 

CL showing a fuzzer (plus the implementation, so it's a bit big):

https://codereview.chromium.org/1362963003/

Another CL that just adds a fuzzer (the one that inspired me):

https://codereview.chromium.org/2402503002/
Project Member

Comment 4 by sheriffbot@chromium.org, Oct 12 2017

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by jsb...@chromium.org, Oct 20 2017

Status: aval (was: Untriaged)
*snooze*

Comment 6 by jsb...@chromium.org, Oct 20 2017

Labels: -Hotlist-Recharge-Cold Hotlist-GoodFirstBug
Status: Available (was: Aval)
Project Member

Comment 7 by sheriffbot@chromium.org, Oct 22

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 8 by dmu...@chromium.org, Oct 30

Status: Available (was: Untriaged)

Comment 9 by dmu...@chromium.org, Oct 30

Labels: -Hotlist-Recharge-Cold

Comment 10 by jdragon....@gmail.com, Nov 9 

jsbell@: Is this issue available now?

Comment 11 by jsb...@chromium.org, Nov 9 

Yes, available!

I would focus on the key parsers in content/browser/indexed_db/indexed_db_leveldb_coding.h

Comment 12 by mmoroz@chromium.org, Nov 28

Components: Tools>Stability>FuzzTarget

Comment 13 by infe...@chromium.org, Nov 28 

 Issue 900468  has been merged into this issue.

Comment 14 by pwnall@chromium.org, Nov 28

Cc: -cmumford@chromium.org
Owner: cmumford@chromium.org
Status: Assigned (was: Available)
Assigning to cmumford@ for now, because he mentioned that he'd clean up some previously written fuzzers and upload them.

Sign in to add a comment