this has happened ~3 times this year alone - each time with what appears to be a different root cause... driving me nuts!
-
-
-
Maybe reducing the repro is causing it to collect garbage at a different (later) time, reducing the likelihood of a crash.
-
finer control of garbage collection would solve that (i.e. window.CollectGarbage in MSIE), but Firefox doesn't have that
-
build and install https://github.com/MozillaSecurity/funfuzz/tree/master/dom/extension …, all kinds of GC control. Won't help an exploit but valid for bounties.
-
I tried that earlier but couldn't get it to work. looking for something that takes 5 mins to integrate to existing fuzzing.
-
rather than setup Firefox build environment, build that, get it installed on my bots and use it in my fuzzers.
-
(my experience of that there prolly won't be docs but there will be weird errors and inexplicable failures, so it'll take a week)
End of conversation
New conversation -
-
-
Which lib are you fuzzing?
-
lib? I'm fuzzing the DOM, this last bug appears to be in style sheet handling guessing from the function it crashed in.
-
which fuzzer do you use?
-
self written from scratch.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.