New issue
Advanced search Search tips

Issue 834707 link

Starred by 0 users
Status: Available
Owner: ----
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Task


Show other hotlists

Hotlists containing this issue:
Autofill-Fixit


Sign in to add a comment

Add more fuzzers to autofill & co.

Project Member Reported by vabr@chromium.org, Apr 19 2018 
Some area which might benefit from fuzzing:
* AffiliationFetcher::ParseResponse
* FormStructure::ParseQueryResponse
* AutocompleteSyncBridge::ApplySyncChanges

More details in https://docs.google.com/document/d/1OYp_em9NVwtoOfpa63_mYf2m_6OB8-eRVgnG19ijgTc/edit?usp=sharing. If you have not access to that document, just write vabr@ a quick e-mail about why you need it and I can open it for you.

Comment 1 by vabr@chromium.org, Apr 19 2018

Labels: Hotlist-GoodFirstBug

Comment 2 by miniailau@google.com, Jul 4 

I will work on adding fuzzers at AffiliationFetcher::ParseResponse and FormStructure::ParseQueryResponse.
Project Member

Comment 3 by bugdroid1@chromium.org, Jul 4 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ad191cb7ac43bf8dc4eb6ed2eab7e4b6c0d0e971

commit ad191cb7ac43bf8dc4eb6ed2eab7e4b6c0d0e971
Author: Uladzimir Miniailau <miniailau@google.com>
Date: Wed Jul 04 17:20:44 2018

Add fuzzer for FormStructure::ProcessQueryResponse

Also adds:
-fuzzing support for protos at components/autofill/core/browser/proto
-ProcessQueryResponse method to FormStructure class.

Bug: 834707
Change-Id: I831e012c0a5569f663d6bd435c7c24d7a6f6a524
Reviewed-on: https://chromium-review.googlesource.com/1125847
Commit-Queue: Uladzimir Miniailau <miniailau@google.com>
Reviewed-by: Vaclav Brozek <vabr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#572609}
[modify] https://crrev.com/ad191cb7ac43bf8dc4eb6ed2eab7e4b6c0d0e971/components/autofill/core/browser/BUILD.gn
[modify] https://crrev.com/ad191cb7ac43bf8dc4eb6ed2eab7e4b6c0d0e971/components/autofill/core/browser/form_structure.cc
[modify] https://crrev.com/ad191cb7ac43bf8dc4eb6ed2eab7e4b6c0d0e971/components/autofill/core/browser/form_structure.h
[add] https://crrev.com/ad191cb7ac43bf8dc4eb6ed2eab7e4b6c0d0e971/components/autofill/core/browser/form_structure_process_query_response_fuzzer.cc
[modify] https://crrev.com/ad191cb7ac43bf8dc4eb6ed2eab7e4b6c0d0e971/components/autofill/core/browser/proto/BUILD.gn
Project Member

Comment 4 by bugdroid1@chromium.org, Jul 6 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/12fe3c1d817c709858ee2256f4addcb2fb18a50d

commit 12fe3c1d817c709858ee2256f4addcb2fb18a50d
Author: Jonathan Metzman <metzman@chromium.org>
Date: Fri Jul 06 18:26:20 2018

Revert "Add fuzzer for FormStructure::ProcessQueryResponse"

This reverts commit ad191cb7ac43bf8dc4eb6ed2eab7e4b6c0d0e971.

Reason for revert: Breaks libFuzzer builds

Original change's description:
> Add fuzzer for FormStructure::ProcessQueryResponse
> 
> Also adds:
> -fuzzing support for protos at components/autofill/core/browser/proto
> -ProcessQueryResponse method to FormStructure class.
> 
> Bug: 834707
> Change-Id: I831e012c0a5569f663d6bd435c7c24d7a6f6a524
> Reviewed-on: https://chromium-review.googlesource.com/1125847
> Commit-Queue: Uladzimir Miniailau <miniailau@google.com>
> Reviewed-by: Vaclav Brozek <vabr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#572609}

TBR=vabr@chromium.org,miniailau@google.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: 834707
Change-Id: I01cdfb98bd0a51548938beee114d6dc0d892031a
Reviewed-on: https://chromium-review.googlesource.com/1128139
Reviewed-by: Jonathan Metzman <metzman@chromium.org>
Commit-Queue: Jonathan Metzman <metzman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#573019}
[modify] https://crrev.com/12fe3c1d817c709858ee2256f4addcb2fb18a50d/components/autofill/core/browser/BUILD.gn
[modify] https://crrev.com/12fe3c1d817c709858ee2256f4addcb2fb18a50d/components/autofill/core/browser/form_structure.cc
[modify] https://crrev.com/12fe3c1d817c709858ee2256f4addcb2fb18a50d/components/autofill/core/browser/form_structure.h
[delete] https://crrev.com/d4b210aab084622bd4bf0f6e6814b3577b5e2aea/components/autofill/core/browser/form_structure_process_query_response_fuzzer.cc
[modify] https://crrev.com/12fe3c1d817c709858ee2256f4addcb2fb18a50d/components/autofill/core/browser/proto/BUILD.gn
Project Member

Comment 5 by bugdroid1@chromium.org, Jul 26 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5f2502b0944e416c39e05bea12c04e4258d99d34

commit 5f2502b0944e416c39e05bea12c04e4258d99d34
Author: Vaclav Brozek <vabr@chromium.org>
Date: Thu Jul 26 20:40:23 2018

Reland "Add fuzzer for FormStructure::ProcessQueryResponse"

This is a reland of ad191cb7ac43bf8dc4eb6ed2eab7e4b6c0d0e971

The fix is changing the build deps of the proto target from
"override_lite_runtime_plugin" to the new "override_lite_runtime".

This only makes sense after https://crrev.com/c/1128249 lands.

Original change's description:
> Add fuzzer for FormStructure::ProcessQueryResponse
>
> Also adds:
> -fuzzing support for protos at components/autofill/core/browser/proto
> -ProcessQueryResponse method to FormStructure class.
>
> Bug: 834707
> Change-Id: I831e012c0a5569f663d6bd435c7c24d7a6f6a524
> Reviewed-on: https://chromium-review.googlesource.com/1125847
> Commit-Queue: Uladzimir Miniailau <miniailau@google.com>
> Reviewed-by: Vaclav Brozek <vabr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#572609}

Bug: 834707, 860750
Change-Id: Iab758495777a3d41ce58d0454c36877a3888440e
Reviewed-on: https://chromium-review.googlesource.com/1129019
Reviewed-by: Jonathan Metzman <metzman@chromium.org>
Commit-Queue: Vaclav Brozek <vabr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#578427}
[modify] https://crrev.com/5f2502b0944e416c39e05bea12c04e4258d99d34/components/autofill/core/browser/BUILD.gn
[modify] https://crrev.com/5f2502b0944e416c39e05bea12c04e4258d99d34/components/autofill/core/browser/form_structure.cc
[modify] https://crrev.com/5f2502b0944e416c39e05bea12c04e4258d99d34/components/autofill/core/browser/form_structure.h
[add] https://crrev.com/5f2502b0944e416c39e05bea12c04e4258d99d34/components/autofill/core/browser/form_structure_process_query_response_fuzzer.cc
[modify] https://crrev.com/5f2502b0944e416c39e05bea12c04e4258d99d34/components/autofill/core/browser/proto/BUILD.gn
Project Member

Comment 6 by bugdroid1@chromium.org, Aug 14 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a9495a91185ea35f5acfb4cfd82b47e248531675

commit a9495a91185ea35f5acfb4cfd82b47e248531675
Author: Uladzimir Miniailau <miniailau@google.com>
Date: Tue Aug 14 09:58:30 2018

Fuzz parsing LookupAffiliationResponse

This CL isolates code for parsing LookupAffiliationResponse into lookup_affiliation_response_parser.*, and adds a fuzzer for it.

Bug: 834707
Change-Id: If269a3603a0b84891491955ec0a99ad8506e0fc7
Reviewed-on: https://chromium-review.googlesource.com/1131185
Commit-Queue: Uladzimir Miniailau <miniailau@google.com>
Reviewed-by: Jonathan Metzman <metzman@chromium.org>
Reviewed-by: Vaclav Brozek <vabr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#582878}
[modify] https://crrev.com/a9495a91185ea35f5acfb4cfd82b47e248531675/components/password_manager/core/browser/BUILD.gn
[modify] https://crrev.com/a9495a91185ea35f5acfb4cfd82b47e248531675/components/password_manager/core/browser/android_affiliation/affiliation_fetcher.cc
[add] https://crrev.com/a9495a91185ea35f5acfb4cfd82b47e248531675/components/password_manager/core/browser/android_affiliation/lookup_affiliation_response_parser.cc
[add] https://crrev.com/a9495a91185ea35f5acfb4cfd82b47e248531675/components/password_manager/core/browser/android_affiliation/lookup_affiliation_response_parser.h
[add] https://crrev.com/a9495a91185ea35f5acfb4cfd82b47e248531675/components/password_manager/core/browser/android_affiliation/lookup_affiliation_response_parser_fuzzer.cc

Comment 7 by jdragon....@gmail.com, Nov 9 

vabr@: Is this available on AutocompleteSyncBridge::ApplySyncChanges? If so, I'd take this issue :)

Comment 8 by vabr@chromium.org, Nov 9 

Ad #8 -- as far as I know, nobody started on AutocompleteSyncBridge::ApplySyncChanges yet. Feel free to work on that one.

Sign in to add a comment