Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added Showcase entries for JerryScript. #80

Closed
wants to merge 25 commits into from
Closed

Added Showcase entries for JerryScript. #80

wants to merge 25 commits into from

Conversation

nszetei
Copy link
Contributor

@nszetei nszetei commented Jun 23, 2020

All of the entries were reported as DoS and caused a crash in the normal builds too.

nszetei and others added 5 commits June 23, 2020 15:25
@nszetei
Added Showcase entries for JerryScript. All of the entries were repor…
bad218b 
…ted as DoS and caused a crash in the normal builds too.
Network Connections now run on their own DispatchQueue
2836a2b 
This should speed up network synchronization in many cases.
Small improvements to GCE scripts
d0933b9
@amarekano @saelo
Added comparator strictNotEqual
29bc824
Minimization now runs on a separate DispatchQueue
b8e1778 
This makes the fuzzer much more responsive as minimization can take
multiple seconds up to (probably) a few minutes and, if that happens
on the main fuzzer queue, the fuzzer is unresponsive during that time.
saelo
saelo reviewed Jun 25, 2020
View reviewed changes
README.md Outdated
@@ -182,6 +182,13 @@ The following is a list of some of the bugs found with the help of Fuzzilli. Onl
* [Issue 2323](https://github.com/svaarala/duktape/pull/2323): Unstable valstack pointer in putprop
* [Issue 2320](https://github.com/svaarala/duktape/pull/2320): Memcmp pointer overflow in string builtin

#### [JerryScript](https://github.com/jerryscript-project/jerryscript)

- [CVE-2020-13622](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13622): DoS via property key query for Proxy objects
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here and the one below, are you certain these are just DoS and cannot be exploited for e.g RCE? E.g. the stack overflow might be exploitable if it can be collided with another memory region. Also the assertion message here sounds like it could cause memory corruption in release builds (Afaict the JERRY_ASSERT is only active in debug builds and ignored in release builds)? If you are unsure, maybe you can just change the description to something that doesn't include the (worst-case) bug impact, like for example "Unexpected non-string value in ecma_get_string_from_value" and "Stack overflow via property key for Proxy objects"?

@saelo
Copy link
Collaborator

saelo commented Jun 25, 2020

Cool stuff! I'm curious, what about some of the other issues you reported that also appear to trigger memory corruption (e.g. jerryscript-project/jerryscript#3837 or maybe jerryscript-project/jerryscript#3784)?

amarekano and others added 14 commits June 25, 2020 11:59
@amarekano
Added check to detect holes in variable map (#69)
d497d51
Decreased memory footprint of Operations
67023fd
FuzzIL now uses Protobufs as serialization format
8b119db 
This seems to roughly speed up encoding + decoding of Programs by a factor
of 8, while reducing the size of the encoded data roughly by a factor of 4.
Implemented Program equality testing for Tests/
706a2c3
@amarekano @saelo
Added Exponentiation and Unsigned RightShift operator
84babf0
@carl-smith
implemented support for arrow functions
e8b0ed2
Added new function types to FuzzIL
fde8373 
Generators and async functions are now supported.
@carl-smith
implemented bigint support
f8f43cb
@carl-smith
implemented RegExp literals
baa425f
Libreprl is a proper library now
5ad8c2b 
It has a decent API and a new client in Sources/REPRLRun, useful for testing
REPRL support in a target. Also, libreprl can now capture the target's stdout
and stderr with low overhead if requested.
Fuzzilli now appends the content of stderr to crashing programs as co…
a24e205 
…mment
@carl-smith
implemented Promise type
07cc4ce
Small changes to Cloud scripts and documentation
598bb3a
@WilliamParks @saelo
Fixed for directory update
5e12771
@saelo
Copy link
Collaborator

saelo commented Jul 13, 2020

Ping @nszetei :)

@nszetei
Copy link
Contributor Author

nszetei commented Jul 16, 2020

Ping @nszetei :)

Thank you for reminding and keeping this pull request open, I wanted to dedicate more time on this to be sure and I'll finalize the list by the end of this week.

@saelo
Copy link
Collaborator

saelo commented Jul 16, 2020

Awesome, thanks! :)

@googlebot
Copy link

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

@nszetei nszetei closed this Jul 19, 2020
@nszetei nszetei deleted the jerryscript_showcase branch July 19, 2020 16:59
@nszetei nszetei mentioned this pull request Jul 19, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saelo saelo saelo left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@nszetei @saelo @googlebot @amarekano @carl-smith @WilliamParks @samo98