Argh! I keep finding Firefox using pointers from poisoned memory, only to see them stop reproducing while I try to reduce the repro :/
finer control of garbage collection would solve that (i.e. window.CollectGarbage in MSIE), but Firefox doesn't have that
-
-
can't you compile your own version of Firefox with a custom gc()? Not sure how easy it would be though
-
I'm looking for a zero maintenance solution; having to build new versions of browsers myself is far from that in my experience.
-
why not inject (dynamic instrumentation) a new method to call the gc?
-
that'd be cool. do you have some sample code that I could tweak to achieve it? or else pointers on how you'd do it?
-
How about modify Math.Atan to call CollectGarbage ??
-
I get what you are trying to do, but I've not done dynamic patching in about ten years, I'm not sure what framework to use
-
hence my question if you had some example code that I could modify to do something like what you're describing
-
not sure if the best fit, but maybe winappdbg? Or PIN from intel? Don't have example src, sorry.
End of conversation
New conversation -
-
-
build and install https://github.com/MozillaSecurity/funfuzz/tree/master/dom/extension …, all kinds of GC control. Won't help an exploit but valid for bounties.
-
I tried that earlier but couldn't get it to work. looking for something that takes 5 mins to integrate to existing fuzzing.
-
rather than setup Firefox build environment, build that, get it installed on my bots and use it in my fuzzers.
-
(my experience of that there prolly won't be docs but there will be weird errors and inexplicable failures, so it'll take a week)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.