Граф коммитов

75 Коммитов

Автор SHA1 Сообщение Дата
Alex Gaynor 0e903787da Bug 1415508 - use Span in constructing a byte input stream; r=mayhemer
Differential Revision: https://phabricator.services.mozilla.com/D20687

--HG--
extra : moz-landing-system : lando
2019-02-25 19:11:20 +00:00
Alex Gaynor 58e271b183 Bug 1525199 - Part 4 - removed size_t support from IPDL messages; r=froydnj
Differential Revision: https://phabricator.services.mozilla.com/D19196

--HG--
extra : moz-landing-system : lando
2019-02-08 21:57:32 +00:00
Alex Gaynor b45a566b9d Bug 1485463 - Part 1 - added a fuzzer for PCompositorManagerParent IPC; r=jrmuizel
Differential Revision: https://phabricator.services.mozilla.com/D14587

--HG--
extra : moz-landing-system : lando
2019-01-23 14:32:38 +00:00
Ehsan Akhgari e5e885ae31 Bug 1521000 - Part 2: Adjust our clang-format rules to include spaces after the hash for nested preprocessor directives r=sylvestre
# ignore-this-changeset

--HG--
extra : amend_source : 7221c8d15a765df71171099468e7c7faa648f37c
extra : histedit_source : a0cce6015636202bff09e35a13f72e03257a7695
2019-01-18 10:16:18 +01:00
Nathan Froyd dad59d15e8 Bug 1519232 - simplify faulty's valid process logic; r=decoder,f=posidron
There's no need to explicit list out all the child process types that we
care about, when a simple is-this-the-parent-process check can do the
job just as well.
2019-01-11 17:44:47 -05:00
Jesse Schwartzentruber 91a8f20d77 Bug 1513721 - Fix Faulty for compilation on Windows. r=posidron
Differential Revision: https://phabricator.services.mozilla.com/D14436

--HG--
extra : moz-landing-system : lando
2018-12-13 16:12:16 +00:00
Tooru Fujisawa 7983faeb5d Bug 1511393 - Use c-basic-offset: 2 in Emacs mode line for C/C++ code. r=nbp 2018-12-01 04:52:05 +09:00
Sylvestre Ledru 265e672179 Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format
# ignore-this-changeset

--HG--
extra : amend_source : 4d301d3b0b8711c4692392aa76088ba7fd7d1022
2018-11-30 11:46:48 +01:00
Sylvestre Ledru ef05004811 Bug 1503537 - Get rid of the pdfium & mortar code r=peterv
Differential Revision: https://phabricator.services.mozilla.com/D10352

--HG--
extra : moz-landing-system : lando
2018-11-28 19:31:21 +00:00
Nathan Froyd e2d2f91d22 Bug 1495871 - use C++11 statics for Faulty instance; r=decoder
C++11 provides guaranteed thread-safe static initialization, so we can
use that instead of ipc's baroque Singleton class.
2018-10-05 13:43:47 -04:00
Christoph Diehl 34620c6b05 [mq]: Bug 1493078 2018-09-21 20:16:50 +02:00
Andreea Pavel 1e26da737a Bug 1483780 - additional patch to sanitizer-less-4 r=test-fix 2018-09-21 07:13:52 +03:00
Thomas P. fde56b2dde Bug 1483780: enable sanitizer-less libfuzzer builds r=froydnj 2018-09-20 21:21:38 +00:00
Andreea Pavel a6ba34f2ad Backed out 2 changesets (bug 1483780) for build bustages on a CLOSED TREE
Backed out changeset 2b0a42c589c5 (bug 1483780)
Backed out changeset 48d133cbafd3 (bug 1483780)
2018-09-21 05:43:03 +03:00
Thomas P. c047fdb3fb Bug 1483780: enable sanitizer-less libfuzzer builds r=froydnj
--HG--
extra : histedit_source : b7caa42560c3d8e7ba1dbf61fcacfe0698790801
2018-09-20 21:21:38 +00:00
Alex Gaynor e142879416 Bug 1490777 -- don't log a warning in IPC fuzzing if a shmem segment was removed; r=posidron
Differential Revision: https://phabricator.services.mozilla.com/D5898

--HG--
extra : moz-landing-system : lando
2018-09-15 13:06:02 +00:00
Mike Hommey feacd37eba Bug 1490845 - Avoid fuzzer symbols being hidden r=froydnj
Differential Revision: https://phabricator.services.mozilla.com/D5729

--HG--
extra : moz-landing-system : lando
2018-09-13 22:36:11 +00:00
André Bargull ed962c63e5 Bug 1485066 - Part 8: Rename JS_EncodeString to JS_EncodeStringToLatin1. r=Waldo 2018-09-05 06:05:03 -07:00
André Bargull e4d1d98f88 Bug 1485066 - Part 1: Remove JSAutoByteString. r=Waldo 2018-09-05 02:25:42 -07:00
Cosmin Sabou 1f0a42def4 Backed out 14 changesets (bug 1485066) for build bustages on MessageManagerFuzzer. CLOSED TREE
Backed out changeset e40f67f15bf1 (bug 1485066)
Backed out changeset f09bc4d5fdcc (bug 1485066)
Backed out changeset 939e27aa2d59 (bug 1485066)
Backed out changeset d50fcf82556c (bug 1485066)
Backed out changeset 5cbc0ae0117a (bug 1485066)
Backed out changeset 09b5382e0baf (bug 1485066)
Backed out changeset 6676e8fedcb3 (bug 1485066)
Backed out changeset 28e7e61c11ec (bug 1485066)
Backed out changeset b08b0cfc1dbe (bug 1485066)
Backed out changeset 8defc9eabfac (bug 1485066)
Backed out changeset bf167b0a3af3 (bug 1485066)
Backed out changeset 4f89260d5e30 (bug 1485066)
Backed out changeset c22fc17c9d87 (bug 1485066)
Backed out changeset d35bb63dbc1d (bug 1485066)
2018-09-05 15:54:03 +03:00
André Bargull 89416b7fd4 Bug 1485066 - Part 8: Rename JS_EncodeString to JS_EncodeStringToLatin1. r=Waldo 2018-09-05 02:26:49 -07:00
André Bargull 775b7277cc Bug 1485066 - Part 1: Remove JSAutoByteString. r=Waldo 2018-09-05 02:25:42 -07:00
Jesse Schwartzentruber f832b4022e Bug 1475573 - Create --enable-fuzzing debug build job for Android x86 firefox. r=nalexander,froydnj
Differential Revision: https://phabricator.services.mozilla.com/D2428

--HG--
extra : moz-landing-system : lando
2018-08-31 03:35:20 +00:00
Dorel Luca 07c6e76122 Merge mozilla-inbound to mozilla-central. a=merge 2018-08-21 12:54:24 +03:00
Alex Gaynor 019b59f8b5 Bug 1483309 - the IPC libFuzzer integration can now generated shared memory segments; r=jld,posidron
Uses the input bytes as metadata + data for shared memory segments.

Differential Revision: https://phabricator.services.mozilla.com/D3352

--HG--
extra : moz-landing-system : lando
2018-08-20 18:46:05 +00:00
Daosheng Mu 8ac5934ce1 Bug 1430038 - Part 1: Add VR process to the process list; r=kip, jimm
Summary: MozReview-Commit-ID: AWyFur2gLCQ

Tags: #secure-revision

Differential Revision: https://phabricator.services.mozilla.com/D2876

MozReview-Commit-ID: HHGDiXyaqnB

--HG--
extra : rebase_source : cbb94eb1aaca4ca385559c0e997b508a80121105
2018-06-22 16:30:14 -07:00
Dorel Luca 6e90fcf6e3 Backed out changeset d602a2f69ff8 (bug 1475573) on request from truber. a=backout 2018-08-16 17:49:01 +03:00
Thomas P. 061be62bb5 Bug 1481237 - Automate updating internal libFuzzer code. r=decoder 2018-08-15 22:01:25 +00:00
Jesse Schwartzentruber abc4b27cb4 Bug 1475573 - Create --enable-fuzzing debug build job for Android x86 firefox. r=nalexander,froydnj
Differential Revision: https://phabricator.services.mozilla.com/D2428

--HG--
extra : moz-landing-system : lando
2018-08-07 17:53:57 +00:00
Christoph Diehl 74f9fbc8b1 Bug 1467468 - Faulty: Run ReadFile() for IsMessageNameBlacklisted() on the main thread. r=valentin, sr=froydnj 2018-06-14 19:20:49 +02:00
Alex Gaynor de04abe10c Bug 1451859 - Part 1: Implement a fuzzer for IPC handlers using libFuzzer. r=jld, r=posidron 2018-03-23 16:18:42 -04:00
Cosmin Sabou 18d0742c9b Backed out 3 changesets (bug 1451859) for causing Spidermonkey bustages on Linux x64 opt.
Backed out changeset 8f5a9e18e953 (bug 1451859)
Backed out changeset 950fa584ec8e (bug 1451859)
Backed out changeset f1f42726f1ec (bug 1451859)
2018-06-07 09:10:35 +03:00
Alex Gaynor c26d72178f Bug 1451859 - Part 1: Implement a fuzzer for IPC handlers using libFuzzer. r=jld, r=posidron 2018-03-23 16:18:42 -04:00
Christian Holler 570031d38c Bug 1464202 - Improve and centralize libFuzzer flag management. r=froydnj
MozReview-Commit-ID: HFrQDAZWtpo

--HG--
extra : rebase_source : ab1da001d7e9280fbfb37858505f1d0d0caf7d54
2018-05-24 21:11:46 +02:00
Christoph Diehl d5091638e8 Bug 777067 - Fuzzing: IPC Protocol Definition Language (IPDL) Protocols. r=jld
--HG--
rename : ipc/glue/Faulty.cpp => tools/fuzzing/faulty/Faulty.cpp
rename : ipc/glue/Faulty.h => tools/fuzzing/faulty/Faulty.h
2018-04-24 20:10:15 +02:00
Alex Gaynor 63eed5d952 Bug 1452625 - bumped in-tree libFuzzer to latest version; r=decoder
MozReview-Commit-ID: 4Y5MMrK45ts

--HG--
extra : rebase_source : 52d857583590dd3d10e280e665a4051e366210f3
2018-04-09 10:00:54 -04:00
Alex Gaynor 4259227b9c Bug 1450047 - part 2 - updated in-tree copy of libFuzzer; r=decoder
MozReview-Commit-ID: I1LZ8N82kr7

--HG--
extra : rebase_source : fefb34f48a7eed9428bc055224bb5868dcc37430
2018-03-29 14:18:36 -04:00
Alex Gaynor 94ed3ca79d Bug 1450047 - Part 1 - switch libFuzzer update script to new git repo; r=decoder
MozReview-Commit-ID: Fg6b2UyvoyS

--HG--
extra : rebase_source : 05845c5c50bb2ae8dd444f021aeb3fef2717cc58
2018-03-29 14:17:44 -04:00
Tom Ritter f572733682 Bug 1444169 Fix capitalization for a few Windows files r=aklotz
MozReview-Commit-ID: BlWgIVobOBK

--HG--
extra : rebase_source : 71a8052c562aa7be510e3a4c13a0ca698a04a5ac
2018-03-08 14:49:59 -06:00
Christian Holler 8e72e4cc2f Bug 1431090 - Prepare tools/fuzzing/ to be used with JS_STANDALONE. r=froydnj
This patch adjusts tools/fuzzing/ in such a way that the relevant parts can be
reused in the JS engine. Changes in detail include:

* Various JS_STANDALONE checks to exclude parts that cannot be included in
  those builds.

* Turn LibFuzzerRegistry and LibFuzzerRunner into generic FuzzerRegistry and
  FuzzerRunner classes and use them for AFL as well. Previously, AFL was
  piggy-backing on gtests which was kind of an ugly solution anyway (besides
  that it can't work in JS). Now more code like registry and harness is
  shared between the two and they follow almost the same call paths and entry
  points. AFL macros in FuzzingInterface have been rewritten accordingly.
  This also required name changes in various places. Furthermore, this unifies
  the way, the fuzzing target is selected, using the FUZZER environment
  variable rather than LIBFUZZER (using LIBFUZZER in browser builds will give
  you a deprecation warning because I know some people are using this already
  and need time to switch). Previously, AFL target had to be selected using
  GTEST_FILTER, so this is also much better now.

* I had to split up FuzzingInterface* such that the STREAM parts are in a
  separate set of files FuzzingInterfaceStream* because they use nsStringStream
  which is not allowed to be included into the JS engine even in a full browser
  build (error: "Using XPCOM strings is limited to code linked into libxul.").
  I also had to pull FuzzingInterface.cpp (the RAW part only) into the header
  and make it static because otherwise, would have to make not only separate
  files but also separate libraries to statically link to the JS engine, which
  seemed overkill for a single small function. The streaming equivalent of the
  function is still in a cpp file.

* LibFuzzerRegister functions are now unique by appending the module name to
  avoid redefinition errors.

MozReview-Commit-ID: 44zWCdglnHr

--HG--
extra : rebase_source : fe07c557032fd33257eb701190becfaf85ab79d0
2018-01-17 15:20:35 +01:00
Coroiu Cristina faa2f8c7da Backed out 2 changesets (bug 1431090) for Bf bustage at src/tools/fuzzing/interface/harness/FuzzerTestHarness.h
Backed out changeset 2e98bda3f397 (bug 1431090)
Backed out changeset eb6acc9e44ad (bug 1431090)

--HG--
rename : tools/fuzzing/registry/FuzzerRegistry.cpp => tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.cpp
rename : tools/fuzzing/registry/FuzzerRegistry.h => tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.h
rename : tools/fuzzing/interface/harness/FuzzerRunner.cpp => tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp
rename : tools/fuzzing/interface/harness/FuzzerRunner.h => tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h
rename : tools/fuzzing/interface/harness/FuzzerTestHarness.h => tools/fuzzing/libfuzzer/harness/LibFuzzerTestHarness.h
rename : tools/fuzzing/interface/harness/moz.build => tools/fuzzing/libfuzzer/harness/moz.build
2018-01-23 13:49:26 +02:00
Christian Holler 4ce6f81fee Bug 1431090 - Prepare tools/fuzzing/ to be used with JS_STANDALONE. r=froydnj
This patch adjusts tools/fuzzing/ in such a way that the relevant parts can be
reused in the JS engine. Changes in detail include:

* Various JS_STANDALONE checks to exclude parts that cannot be included in
  those builds.

* Turn LibFuzzerRegistry and LibFuzzerRunner into generic FuzzerRegistry and
  FuzzerRunner classes and use them for AFL as well. Previously, AFL was
  piggy-backing on gtests which was kind of an ugly solution anyway (besides
  that it can't work in JS). Now more code like registry and harness is
  shared between the two and they follow almost the same call paths and entry
  points. AFL macros in FuzzingInterface have been rewritten accordingly.
  This also required name changes in various places. Furthermore, this unifies
  the way, the fuzzing target is selected, using the FUZZER environment
  variable rather than LIBFUZZER (using LIBFUZZER in browser builds will give
  you a deprecation warning because I know some people are using this already
  and need time to switch). Previously, AFL target had to be selected using
  GTEST_FILTER, so this is also much better now.

* I had to split up FuzzingInterface* such that the STREAM parts are in a
  separate set of files FuzzingInterfaceStream* because they use nsStringStream
  which is not allowed to be included into the JS engine even in a full browser
  build (error: "Using XPCOM strings is limited to code linked into libxul.").
  I also had to pull FuzzingInterface.cpp (the RAW part only) into the header
  and make it static because otherwise, would have to make not only separate
  files but also separate libraries to statically link to the JS engine, which
  seemed overkill for a single small function. The streaming equivalent of the
  function is still in a cpp file.

* LibFuzzerRegister functions are now unique by appending the module name to
  avoid redefinition errors.

MozReview-Commit-ID: 44zWCdglnHr

--HG--
rename : tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp => tools/fuzzing/interface/harness/FuzzerRunner.cpp
rename : tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h => tools/fuzzing/interface/harness/FuzzerRunner.h
rename : tools/fuzzing/libfuzzer/harness/LibFuzzerTestHarness.h => tools/fuzzing/interface/harness/FuzzerTestHarness.h
rename : tools/fuzzing/libfuzzer/harness/moz.build => tools/fuzzing/interface/harness/moz.build
rename : tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.cpp => tools/fuzzing/registry/FuzzerRegistry.cpp
rename : tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.h => tools/fuzzing/registry/FuzzerRegistry.h
extra : rebase_source : 7d0511ca0591dbf4d099376011402e063a79ee3b
2018-01-17 15:20:35 +01:00
Sylvestre Ledru 4591d82b23 Bug 1394734 - Replace CONFIG['CLANG*'] by CONFIG['CC_TYPE'] r=glandium
MozReview-Commit-ID: HbF5oT5HW6f

--HG--
extra : rebase_source : eca479b6ae4bff7f600d1cdb39e11ac2057e4e79
2017-12-07 22:09:38 +01:00
Eric Rahm 07c97a5afe Bug 1423773 - Part 1: Remove usage of nsStringGlue.h. r=glandium
This removes an unnecessary level of indirection by replacing all
nsStringGlue.h instances with just nsString.h.

--HG--
extra : rebase_source : 340989240af4018f3ebfd92826ae11b0cb46d019
2017-12-06 16:52:51 -08:00
Tom Ritter 7be06512ea Bug 1414394 Mark write()'s in libfuzzer as Unused to silence a warning r=njn
MozReview-Commit-ID: GbWTgrndfoa

--HG--
extra : rebase_source : fdee12c1d8d969a7efddd0937388d7ce61aba22c
2017-11-03 23:17:27 -05:00
Chris Manchester e84068a5db Bug 1411712 - Move libfuzzer ldflags filtering to moz.build. r=mshal
MozReview-Commit-ID: 50aeTifZ1gT

--HG--
extra : rebase_source : b89709f4bb5027061ab8da0fee0e864d4f25bb97
2017-11-02 11:47:49 -07:00
Chris Manchester 8dc000aa60 Bug 1403346 - Move cxxflags filtering for libfuzzer from Makefile.in to moz.build r=glandium
MozReview-Commit-ID: LDHiMMRjqut
2017-10-25 15:12:10 -07:00
Andrea Marchesini 6626e900f9 Bug 1409327 - NS_NewBufferedInputStream should take the ownership of the inputStream, r=smaug 2017-10-19 11:39:30 +02:00
Chris Peterson a0c8081df4 Bug 870698 - Part 4: Replace Equals("") with EqualsLiteral(""). r=erahm
MozReview-Commit-ID: G1GhyvD29WK

--HG--
extra : rebase_source : 115842c37a40041bdca7b4e1ff0a5680b02ced15
extra : source : 90bfff9c01d80086cdc17637f310e898fea295ea
2017-09-06 01:13:45 -07:00
Chris Peterson 39d2406e74 Bug 1389851 - libfuzzer: Suppress -Wunreachable-code-return warnings in FuzzerDriver.cpp. r=decoder
Suppress these warnings intead of fixing them because libfuzzer is a third-party llvm library:

tools/fuzzing/libfuzzer/FuzzerDriver.cpp:450:10: warning: 'return' will never be executed [-Wunreachable-code-return]
tools/fuzzing/libfuzzer/FuzzerDriver.cpp:663:12: warning: 'return' will never be executed [-Wunreachable-code-return]

MozReview-Commit-ID: 9mWEuc5wCn9

--HG--
extra : rebase_source : e880a5da2dac2f8c79139646713b02feb4ddc9b7
2017-08-15 21:04:55 -07:00