Google Git
Sign in
chromium / chromium / src.git / 092d94af04477cfa9066fb3f0cd757e5bd13c3e6
commit092d94af04477cfa9066fb3f0cd757e5bd13c3e6[log] [tgz]
authorKen Rockot <rockot@chromium.org>Thu Nov 29 05:02:00 2018
committerCommit Bot <commit-bot@chromium.org>Thu Nov 29 05:02:00 2018
tree7ddb09eee873ad0013c18dae4f402a072589520c
parent60efce525699139770f5d516fe80e3584d1d2a94 [diff]
[mojo-core] Add fuzzers for port events and user messages

Adds two new fuzzers: one to fuzz deserialization of port events in
general, and one to fuzz user message events specifically, which have
an additional layer of parsing beyond the port event header.

A successfully parsed user message event is ultimately how we carry
application payloads end-to-end across message pipes via the public
message pipe API. With these fuzzers in addition to the Channel and
NodeChannel fuzzers, we have fuzz coverage of every part of the stack
between the OS and the generated bindings.

This CL fixes some low-hanging fruit where we (a) weren't properly
handling certain deserialization failure cases, leading to nullptr
deref; and (b) weren't properly rejecting messages with far too
many handles (ostensibly) attached.

Finally this also ensures that Mojo core is initialized in the
other existing fuzzers, since they may also end up deserializing
handles and thus require the global handle table to be set up.

Bug: 897743
Change-Id: Ie5d5f8025728f6e57b2ce46d3c41532bf134eb45
Reviewed-on: https://chromium-review.googlesource.com/c/1352976
Commit-Queue: Ken Rockot <rockot@google.com>
Reviewed-by: Oliver Chang <ochang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#612043}
8 files changed
tree: 7ddb09eee873ad0013c18dae4f402a072589520c
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. cc/
  8. chrome/
  9. chrome_elf/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. gin/
  22. google_apis/
  23. google_update/
  24. gpu/
  25. headless/
  26. infra/
  27. ios/
  28. ipc/
  29. jingle/
  30. mash/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. webrunner/
  52. .clang-format
  53. .eslintrc.js
  54. .git-blame-ignore-revs
  55. .gitattributes
  56. .gitignore
  57. .gn
  58. .vpython
  59. AUTHORS
  60. BUILD.gn
  61. CODE_OF_CONDUCT.md
  62. codereview.settings
  63. DEPS
  64. ENG_REVIEW_OWNERS
  65. LICENSE
  66. LICENSE.chromium_os
  67. OWNERS
  68. PRESUBMIT.py
  69. PRESUBMIT_test.py
  70. PRESUBMIT_test_mocks.py
  71. README.md
  72. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .