funfuzz icon indicating copy to clipboard operation
funfuzz copied to clipboard

Published 20 hours ago verified publisher icon MozillaSecurity

[funfuzz] Always submit to FuzzManager unless "frequent" flag is set

Open nth10sd opened this issue 8 years ago • 3 comments

Right now, the FuzzManager integration is created such that as long as the entry is present in FuzzManager (aka signature is present in sigcache), the entry is not submitted to FuzzManager, regardless of whether the "frequent" flag is set.

However, we should always submit to FuzzManager unless the "frequent" flag is set.

nth10sd avatar Jan 28 '17 00:01 nth10sd

Not only that, the harness does not submit as long as something subsequent was found. Ideally, if a subsequent iteration finds a bug that has a lower Q-score, it should still be submitted to FuzzManager.

nth10sd avatar Apr 24 '18 21:04 nth10sd

Ref:

https://github.com/MozillaSecurity/funfuzz/blob/6378ca3c46f9760082a6070f654b54a45422e1fc/src/funfuzz/js/js_interesting.py#L132

        if match[0] is not None:
            create_collector.printMatchingSignature(match)
            lev = JS_FINE

nth10sd avatar Apr 24 '18 21:04 nth10sd

This should be something like:

line 132

-        if match[0] is not None:
+        if match[1] is not None and match[1]["frequent"]:

jschwartzentruber avatar Apr 24 '18 21:04 jschwartzentruber