Hey skylined, are you feeling better? Are you still happy to share a null-ptr case? Chrome/Edge would be great if you don't mind!
Working on how to catch those crashes with python twisted/subprocess ain't that easy!
-
-
Replying to @symeonp
Yeah, *finally* better... Why not use BugId to detect crashes in Python? This crashes Edge for me: <m><iframe width=99999280>
1 reply 0 retweets 2 likes -
Replying to @berendjanwever @symeonp
Let me know if you need an MSIE crasher... what I have atm doesn't fit a tweet and I don't want to spent time reducing it unless I need to. Btw. I meant use cBugId in Python; BugId is just a wrapper, cBugId is the engine.
1 reply 0 retweets 0 likes -
Replying to @berendjanwever
Hm interesting I'll give it a try! For chrome, I am using ASAN and it looks like I got it (almost) working, nothing fancy though! Yes if you could still send me a case (via email) would be also great - was about to use winappdbg for Edge/IE. Thanks so much!
1 reply 0 retweets 0 likes -
Replying to @symeonp
BugId has support for parsing ASan output, so you'll get similar error reports for Chrome, Chrome Asan, Edge, IE, Firefox, whatever...
1 reply 0 retweets 0 likes -
Replying to @berendjanwever
Sure, but it requires me to have the test case, it wouldn’t work while I’m fuzzing it, would it?
1 reply 0 retweets 0 likes -
Replying to @symeonp
Sure it would: I use it during fuzzing on my VMs myself! It debugs your application while you do whatever you want with it. When it detects a bug, it generates a report and calls a callback. BugId uses it to and dumps the report details to console and file.
1 reply 0 retweets 1 like -
Replying to @berendjanwever @symeonp
If you want to use it during fuzzing, you copy code from BugId.py: 1) create a cBugId instance, 2) set the "Bug report" callback, 3) call fStart() to start the application 4) fuzz until application crashes => your callback gets called with details 5) call fStop() when finished.
2 replies 0 retweets 4 likes -
Replying to @berendjanwever @symeonp
Fuzzzing happens during step 4 for me: browser makes request, server generates JS on the fly and sends it in response, browser eval()s it and returns results, repeat until crash. If no crash after N rounds, call fStop() and start cleanly
1 reply 0 retweets 1 like -
Replying to @berendjanwever
I am doing more or less the same, with the exception that I'm storing the cases in an array (a bit slow but it works) as I don't want to mess with JS stuff. Out of curiosity after how many rounds do you start cleanly?
1 reply 0 retweets 0 likes
That depends on various factors. If each round is large, the combined repro file becomes large quickly, less rounds are advised. If I require a lot of state to build-up, more rounds are needed. In general I pick a random number from a range based on educated guessing.
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
