Add fuzzer #149
Open
Add fuzzer #149
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello,
I have been working on doing vulnerability research along with a team of other students over the last semester as part of a graduate course at Arizona State University.
As part of this we selected MuJS as one of our primary targets to investigate. This work ultimately led to commits 94000c6 f93d245 6d14043 and 7ef066a.
These bugs were all discovered through the use of fuzzing with fuzzilli, all using the dockerized setup in this PR.
As we reach the end of the semester, we thought it would be nice to contribute this to MuJS for further use. While fuzzing often requires a decent amount of compute (we ran this setup against MuJS on 40 cores for about 2 months), the bugs in f93d245 and 6d14043 could be detected in less than a minute of running this fuzzer on 1 core.
If you are not interested in merging this into MuJS or would prefer this exists as a separate repository, there's no hard feelings on our end. Alternatively, if you are interested in this, this could likely be furthered with a GitHub action that automatically runs this fuzzer for a short period of time on all new commits / PRs that we would be happy to help setup.
Let me know if you have any questions or thoughts.
Thanks,
Connor Nelson