Граф коммитов

20 Коммитов

Автор SHA1 Сообщение Дата
Christoph Diehl 4d87f0665b Bug 777600 - Add MessageManager Fuzzer. r=billm
--HG--
extra : rebase_source : 2e37fe0109e45216820543512dfbe58f1fba15fe
2017-02-28 16:24:43 -08:00
Mike Hommey ce74ceac47 Bug 1330533 - Remove XRE_LibFuzzerGetFuncs. r=decoder
Now that XRE_LibFuzzerGetFuncs is not used from outside libxul, it can
be inlined in LibFuzzerRunner::Run, simplifying things a little more.

--HG--
extra : rebase_source : 7a09f37444bf02983b232c964d85e7a866221f48
2017-01-12 16:02:50 +09:00
Mike Hommey 7523430127 Bug 1330533 - Use FuzzerDriver directly instead of wrapping it in a libfuzzer_main function. r=decoder
Going further from the previous changes, all libfuzzer_main really does
is call the init function, and then proceed to call the fuzzer driver
with the testing function.

So instead of calling that function for it to do all that, the
LibFuzzerRunner can just call the init function itself, and then
call the fuzzer driver with the testing function.

--HG--
extra : rebase_source : 2eb1a2ae763ef21827471cd32addceacefc1ac5d
2017-01-12 14:44:18 +09:00
Mike Hommey cc6c5d8f71 Bug 1330533 - Pass LibFuzzerInitFunc and LibFuzzerTestingFunc to libfuzzer_main. r=decoder
The LibFuzzerRunner code lives in libxul. It's unnecessary complications
to have it call back a function in the firefox executable just so that
it calls another function that is in libxul. Passing the init and
testing functions to the libfuzzer_main function allows to just bypass
that roundtrip, simplifying the setup.

--HG--
extra : rebase_source : ba72c029a904e05fe3b0ed5984c1bad946b73c6a
2017-01-12 14:50:14 +09:00
Mike Hommey 92c5bff388 Bug 1330533 - Remove argc/argv arguments to XRE_LibFuzzerSetMain. r=decoder
The function given to XRE_LibFuzzerSetMain is called from somewhere that
does have access to argc/argv already, so we can avoid passing them
to XRE_LibFuzzerSetMain.

This actually might fix subtle issues with argc/argv not really matching
reality when calling the LibFuzzerMain function in the current code:
some arguments are handled before the call, and both argc and argv are
modified from within XRE_main, but the values stored for the
LibFuzzerMain call still are the original ones.

Argv being a pointer, and it not being reallocated, the value stored for
the LibFuzzerMain call points to the changed one, but argc, being an
integer, is not modified accordingly.

In fact, it's actually worse, because while the Gecko code doesn't
reallocate argv, gtk_main might. So if some GTK flag is passed on the
command line, there's also a possibility that the LibFuzzerMain function
will do a use-after-free.

So all in all, it's just better to use the set of modified argc/argv
from XRE_main instead of storing them from main().

--HG--
extra : rebase_source : 92b89909eab0fc2f67ce372b959bb0e3ed12cd2b
2017-01-12 11:59:37 +09:00
Benjamin Smedberg c7352a6657 Bug 1306329 - Stop exporting XPCOM and XUL symbols. r=glandium
--HG--
extra : rebase_source : 482177f9c1026e527cff9f23b36a5076fa6d07a5
2016-12-02 12:55:34 -05:00
Mike Hommey 02f74c5857 Bug 1330481 - Fix "error: a storage class can only be specified for objects and functions". r=decoder
--HG--
extra : rebase_source : df4938bbea56575742cb44648636a0d24c3bf581
2017-01-12 11:01:37 +09:00
Wes Kocher d4ced30f67 Backed out 4 changesets (bug 1306329) for 3000+ hazards a=backout
Backed out changeset 1c2f51ce3faf (bug 1306329)
Backed out changeset 6bb17b9a62d8 (bug 1306329)
Backed out changeset 377ca1419f1a (bug 1306329)
Backed out changeset ad4e531c7070 (bug 1306329)

MozReview-Commit-ID: KJAxdyJeJ6J
2017-01-17 17:55:24 -08:00
Benjamin Smedberg d616a7ec44 Bug 1306329 - Stop exporting XPCOM and XUL symbols. r=glandium
--HG--
extra : rebase_source : 8c700498470b42279197f316d553154b1f2ed235
2016-12-02 12:55:34 -05:00
Christian Holler (:decoder) 623744a3cb Bug 1320387 - Add missing include in libfuzzer harness. r=froydnj
MozReview-Commit-ID: 3L0DKH4IEMA
2016-11-28 22:12:56 +01:00
Christian Holler (:decoder) 1ff4780834 Bug 1302451 - Import LibFuzzer code. r=froydnj
MozReview-Commit-ID: 3NRSquBHyr2
2016-11-07 15:58:20 +01:00
Christian Holler (:decoder) ce948f0f15 Bug 1303757 - Add unified fuzzing interface. r=froydnj
MozReview-Commit-ID: Dk5ajWlVHQj

--HG--
extra : rebase_source : 35e45f7530d357e7d16dcfda81463bb2b18aed00
2016-10-19 01:18:12 +02:00
Tom Tromey 7bc8491bea Bug 1067547 - unify ScopedLogging implementations and use in nsEmbedFunctions; r=bsmedberg
MozReview-Commit-ID: 6hDZDaBsNFM

--HG--
extra : rebase_source : 9422c235ebdffd84e06137bb2c63ce106cb39f0b
2016-09-26 11:06:38 -06:00
Christian Holler ed2743696a Bug 1289194 - Move tools/fuzzing/libfuzzer reference to toolkit. r=ted
MozReview-Commit-ID: B5eiDyqmMXk

--HG--
extra : rebase_source : 268eb125f01d00b4d8ef1826566131cc179d7979
2016-09-10 02:27:23 +02:00
Christian Holler (:decoder) 69b3ee60b9 Bug 1289194 - Make LibFuzzerRunner use its own private ScopedXPCOM copy. r=ted
MozReview-Commit-ID: Kul2N4GA7O7

--HG--
extra : rebase_source : f2706dcf33c1d589b4f3711634c1d45c3a036f95
2016-08-24 22:35:03 +02:00
Christian Holler (:decoder) 3c7149e85d Bug 1289194 - Experimental LibFuzzer integration. r=glandium
MozReview-Commit-ID: 9njDcbltyow

--HG--
extra : rebase_source : 774d25f2ac4e4b1a876e48159333188bc722f940
2016-09-01 15:07:01 +02:00
Sebastian Hengst a66df0b0c2 Backed out changeset 95e68b473e91 (bug 1289194) for failure to process moz.build file. r=backout a=backout
MozReview-Commit-ID: GhfzNoiE808
2016-09-07 18:45:40 +02:00
Sebastian Hengst 24724bde80 Backed out changeset 13a770064f3e (bug 1289194)
MozReview-Commit-ID: ILJkzxfSLdU
2016-09-07 18:44:36 +02:00
Christian Holler (:decoder) c0f039672e Bug 1289194 - Make LibFuzzerRunner use its own private ScopedXPCOM copy. r=ted
--HG--
extra : histedit_source : b3e8b3ced49f6aeb35a156251f37f7b463624891
2016-08-24 22:35:03 +02:00
Christian Holler (:decoder) 055c4fb1dd Bug 1289194 - Experimental LibFuzzer integration. r=glandium
--HG--
extra : histedit_source : a632f3ff76e07562d1854bc68b50499e4b4667a0
2016-09-01 15:07:01 +02:00