Closed Bug 947526 Opened 11 years ago Closed 11 years ago

[Security Review][Fuzzing][LangFuzz] Need targeted fuzzing of mutations to jit-test/test/truthiness tests

Categories

(mozilla.org :: Security Assurance: Review Request, task)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Platform:
All
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: Waldo, Assigned: decoder)

References

Details

(Whiteboard: [Fx])

Bug 936372 and bug 943366 apparently indicate that, somehow, there's something wrong with data that can flow into value truthiness tests. It doesn't look like the truthiness implementation code is wrong, but something being passed into it *is* wrong. I wonder if this isn't something we might be able to find by doing fuzzing of truthiness tests. Of course, given the flaw appears that it might be in code upstream of the truthiness testing, we might not find anything. But this seems a reasonable first step at investigation, until we have more data in those bugs.
Does this need differential testing, or is checking for assertions/crashes enough?
Probably just the latter. There's not a good way to do the former, anyway, because of objectEmulatingUndefined() coming into play in most of those tests.
I would prefer fixing bug 947902 first because that keeps breaking the jit-tests during fuzzing.
Depends on: 947902
In progress now :)
Assignee: nobody → choller
Status: NEW → ASSIGNED
This has been running for quite a while without any specific failures. Closing as FIXED.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.