Giter Club home page Giter Club logo

Comments (4)

yevgenypats avatar yevgenypats commented on August 17, 2024

@humphd Thanks for trying out! Looks like you found a DoS/Infinite loop pretty quickly as well as a bug in the timeout detector which is fixed now. It should report&save the crash/testcase when you rerun this with v1.0.5.

from jsfuzz.

yevgenypats avatar yevgenypats commented on August 17, 2024

@humphd I'll appreciate if you can add a link to the bug/bugfix in the trophies:) https://github.com/fuzzitdev/jsfuzz#trophies

from jsfuzz.

humphd avatar humphd commented on August 17, 2024

Great, thanks @yevgenypats for pushing a fix.

I've updated to v1.0.5 and am seeing the following:

...
#850174 PULSE     cov: 2623 corp: 60 exec/s: 745 rss: 132 MB
#852349 PULSE     cov: 2623 corp: 60 exec/s: 725 rss: 133.95 MB
#854500 PULSE     cov: 2623 corp: 60 exec/s: 716 rss: 130.57 MB
#856413 NEW     cov: 2625 corp: 60 exec/s: 732 rss: 132.38 MB
#856413 PULSE     cov: 2625 corp: 61 exec/s: 0 rss: 132.38 MB
#856413 PULSE     cov: 2625 corp: 61 exec/s: 0 rss: 130.78 MB
#856413 PULSE     cov: 2625 corp: 61 exec/s: 0 rss: 130.78 MB
#856413 PULSE     cov: 2625 corp: 61 exec/s: 0 rss: 130.78 MB
#856413 PULSE     cov: 2625 corp: 61 exec/s: 0 rss: 130.78 MB
#856413 PULSE     cov: 2625 corp: 61 exec/s: 0 rss: 130.78 MB
#856413 PULSE     cov: 2625 corp: 61 exec/s: 0 rss: 130.78 MB
#856413 PULSE     cov: 2625 corp: 61 exec/s: 0 rss: 130.78 MB
#856413 PULSE     cov: 2625 corp: 61 exec/s: 0 rss: 130.78 MB
#856413 PULSE     cov: 2625 corp: 61 exec/s: 0 rss: 130.78 MB
#856413 PULSE     cov: 2625 corp: 61 exec/s: 0 rss: 130.78 MB
=================================================================
timeout reached. testcase took: 30429
Worker killed
crash was written to crash-62d71e41452b1f8d3bc1882a235a5dbd3e2a930f213f85dbcb6d1bcb1663de29
crash(hex)=549bafff70c3ffff0000800593e7f5077ffffffff1640445b630727400c5624186050d5873e77fe1054186c5800445b6377274002000000186050d581d92faff053ce7f5077fff5873e77fe10541ff203e03643e000000001e10b8ec7fe7f50772f0e32021fa3401d32c00c57f4186050d581dff2c

I've been able to hit this a number of times, and when I try the test cases saved to the crash files, I get an expected exception error. That is, it seems like it's failing as it should:

(node:12276) UnhandledPromiseRejectionWarning: Error: Non-whitespace before first tag.
Line: 0
Column: 1
Char: �
    at error (/private/tmp/rss-parser-fuzz/node_modules/sax/lib/sax.js:651:10)
    at strictFail (/private/tmp/rss-parser-fuzz/node_modules/sax/lib/sax.js:677:7)
    at beginWhiteSpace (/private/tmp/rss-parser-fuzz/node_modules/sax/lib/sax.js:951:7)
    at SAXParser.write (/private/tmp/rss-parser-fuzz/node_modules/sax/lib/sax.js:1006:11)
    at Parser.exports.Parser.Parser.parseString (/private/tmp/rss-parser-fuzz/node_modules/xml2js/lib/parser.js:325:31)
    at Parser.parseString (/private/tmp/rss-parser-fuzz/node_modules/xml2js/lib/parser.js:5:59)
    at Promise (/private/tmp/rss-parser-fuzz/node_modules/rss-parser/lib/parser.js:32:22)
    at new Promise (<anonymous>)
    at Parser.parseString (/private/tmp/rss-parser-fuzz/node_modules/rss-parser/lib/parser.js:31:16)
    at fs.readFile (/private/tmp/rss-parser-fuzz/crash.js:12:16)
(node:12276) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 2)
(node:12276) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

I'm not sure how to interpret this, and whether or not to pursue it further. I'm starting to wonder if the problem is in how I wrote the test case for jsfuzz: specifically how I reuse the parser instance over and over. Maybe there is some accumulated state that (eventually) causes problems.

I've currently trying two other cases that eliminate that problem (i.e., create a parser per run of the fuzz test), and both have been working fine for quite a while. I'll keep them going, but wanted to get your take on this.

from jsfuzz.

yevgenypats avatar yevgenypats commented on August 17, 2024

@humphd I think you are correct ( I didn't notice that you reuse the fuzzer), looks like the accumulated is causing the problem. It is best to start from a clean state for each run otherwise it will be hard to triage and understand which test-case cause the problem.

from jsfuzz.

Related Issues (12)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.