profile

Author: mschwarzl

.gitignore

@@ -13,3 +13,6 @@ Cloud/GCE/config.sh
 # node.js dependencies, used by the JavaScript parser for the FuzzIL compiler
 node_modules
 package-lock.json
+
+# results dir and workerd corpus
+workerd*

README.md

@@ -248,6 +248,12 @@ Special thanks to all users of Fuzzilli who have reported bugs found by it!
 - [CVE-2020-1912](https://www.facebook.com/security/advisories/cve-2020-1912): Memory corruption when executing lazily compiled inner generator functions
 - [CVE-2020-1914](https://www.facebook.com/security/advisories/cve-2020-1914): Bytecode corruption when handling the SaveGeneratorLong instruction
 
+#### [Workerd](https://github.com/cloudflare/workerd)
+- [PR 4793](https://github.com/cloudflare/workerd/pull/4793): OOB write in writeSync due to missing bounds check
+- [PR 4845](https://github.com/cloudflare/workerd/pull/4845): UAF in VFS file clone handling
+- [PR 4828](https://github.com/cloudflare/workerd/pull/4828): Segmentation fault on undefined keys in DH crypto API.
+- [PR 4853](https://github.com/cloudflare/workerd/pull/4853): Workerd hits illegal instruction due to missing branch in FileSystemModule::setLastModified.
+
 ## Disclaimer
 
 This is not an officially supported Google product.

Sources/Fuzzilli/Compiler/JavaScriptParser.swift

@@ -43,7 +43,6 @@ public class JavaScriptParser {
         do {
             try runParserScript(withArguments: [])
         } catch {
-
             return nil
         }
     }

Sources/Fuzzilli/Fuzzer.swift

@@ -426,6 +426,7 @@ public class Fuzzer {
         }
 
         let execution = execute(program, purpose: .programImport)
+
         var wasImported = false
         switch execution.outcome {
         case .crashed(let termsig):
@@ -668,15 +669,6 @@ public class Fuzzer {
         let execution = runner.run(script, withTimeout: timeout ?? config.timeout)
         dispatchEvent(events.PostExecute, data: execution)
 
-        //Stdout
-        // if !execution.stdout.isEmpty {
-        //     print(execution.stdout)
-        // }
-
-        // if !execution.stderr.isEmpty {
-        //     print(execution.stderr)
-        // }
-
         return execution
     }
 

Sources/FuzzilliCli/Profiles/WorkerdProfile.swift

@@ -16,7 +16,7 @@ import Fuzzilli
 
 let workerdProfile = Profile(
     processArgs: { randomize in
-        ["--reprl-fuzzilli"]
+        ["fuzzilli","/home/mschwarzl/projects/workerd/samples/reprl/config-full.capnp","--experimental"]
     },
 
     processEnv: [:],

Sources/REPRLRun/main.swift

@@ -2,7 +2,6 @@ import Foundation
 import libreprl
 
 func convertToCArray(_ array: [String]) -> UnsafeMutablePointer<UnsafePointer<Int8>?> {
-    print("Converting array to C array: \(array)")
     let buffer = UnsafeMutablePointer<UnsafePointer<Int8>?>.allocate(capacity: array.count + 1)
     for (i, str) in array.enumerated() {
         buffer[i] = UnsafePointer(str.withCString(strdup))
@@ -29,7 +28,6 @@ if CommandLine.arguments.count < 2 {
     exit(0)
 }
 
-print("Creating REPRL context...")
 let ctx = libreprl.reprl_create_context()
 if ctx == nil {
     print("Failed to create REPRL context??")
@@ -39,7 +37,6 @@ if ctx == nil {
 let argv = convertToCArray(Array(CommandLine.arguments[1...]))
 let envp = convertToCArray([])
 
-print("Initializing REPRL context with argv: \(CommandLine.arguments[1...])")
 if reprl_initialize_context(ctx, argv, envp, /* capture_stdout: */ 1, /* capture stderr: */ 1) != 0 {
     print("Failed to initialize REPRL context: \(String(cString: reprl_get_last_error(ctx)))")
     printREPRLOutput(ctx)
@@ -86,11 +83,14 @@ func runREPRLTests() {
 
     expect_success("42")
     expect_failure("throw 42")
-
+    
+    // Verify that existing state is property reset between executions
     expect_success("globalProp = 42; Object.prototype.foo = \"bar\";")
     expect_success("if (typeof(globalProp) !== 'undefined') throw 'failure'")
     expect_success("if (typeof(({}).foo) !== 'undefined') throw 'failure'")
 
+    // Verify that rejected promises are properly reset between executions
+    // Only if async functions are available
     if execute("async function foo() {}").status == 0 {
         expect_failure("async function fail() { throw 42; }; fail()")
         expect_success("42")
@@ -105,15 +105,14 @@ func runREPRLTests() {
     }
 }
 
-print("Checking if REPRL works...")
+// Check whether REPRL works at all
 if execute("").status != 0 {
     print("Initial script execution failed, REPRL support does not appear to be working")
     printREPRLOutput(ctx)
     exit(1)
-} else {
-    print("Initial REPRL check passed.")
 }
 
+// Run a couple of tests now
 runREPRLTests()
 
 print("Enter code to run, then hit enter to execute it")
@@ -124,7 +123,6 @@ while true {
         break
     }
 
-    print("Executing user input code...")
     let (status, exec_time) = execute(code)
 
     if status < 0 {