Mschwarzl/workerd

README.md

@@ -248,6 +248,12 @@ Special thanks to all users of Fuzzilli who have reported bugs found by it!
 - [CVE-2020-1912](https://www.facebook.com/security/advisories/cve-2020-1912): Memory corruption when executing lazily compiled inner generator functions
 - [CVE-2020-1914](https://www.facebook.com/security/advisories/cve-2020-1914): Bytecode corruption when handling the SaveGeneratorLong instruction
 
+#### [Workerd](https://github.com/cloudflare/workerd)
+- [PR 4793](https://github.com/cloudflare/workerd/pull/4793): OOB write in writeSync due to missing bounds check
+- [PR 4845](https://github.com/cloudflare/workerd/pull/4845): UAF in VFS file clone handling
+- [PR 4828](https://github.com/cloudflare/workerd/pull/4828): Segmentation fault on undefined keys in DH crypto API.
+- [PR 4853](https://github.com/cloudflare/workerd/pull/4853): Workerd hits illegal instruction due to missing branch in FileSystemModule::setLastModified.
+
 ## Disclaimer
 
 This is not an officially supported Google product.

Sources/FuzzilliCli/Profiles/Profile.swift

@@ -53,4 +53,5 @@ let profiles = [
     "v8holefuzzing": v8HoleFuzzingProfile,
     "serenity": serenityProfile,
     "njs": njsProfile,
+    "workerd": workerdProfile,
 ]

Sources/FuzzilliCli/Profiles/WorkerdProfile.swift

@@ -0,0 +1,58 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import Fuzzilli
+
+let workerdProfile = Profile(
+    processArgs: { randomize in ["fuzzilli"] },
+
+
+    processEnv: [:],
+
+    maxExecsBeforeRespawn: 1000,
+
+    timeout: 250,
+
+    codePrefix: """
+                """,
+
+    codeSuffix: """
+                """,
+
+    ecmaVersion: ECMAScriptVersion.es5,
+
+    startupTests: [
+        // Check that the fuzzilli integration is available.
+        ("fuzzilli('FUZZILLI_PRINT', 'test')", .shouldSucceed),
+
+        // Check that common crash types are detected.
+        ("fuzzilli('FUZZILLI_CRASH', 0)", .shouldCrash),
+        ("fuzzilli('FUZZILLI_CRASH', 2)", .shouldCrash),
+        ("fuzzilli('FUZZILLI_CRASH', 3)", .shouldCrash),
+    ],
+
+    additionalCodeGenerators: [],
+
+    additionalProgramTemplates: WeightedList<ProgramTemplate>([]),
+
+    disabledCodeGenerators: [],
+
+    disabledMutators: [],
+
+    additionalBuiltins: [:],
+
+    additionalObjectGroups: [],
+
+    optionalPostProcessor: nil
+)

Targets/workerd/README.md

@@ -0,0 +1,11 @@
+# Target: workerd
+
+To build workerd for fuzzing:
+
+0. Clone [workerd](https://github.com/cloudflare/workerd/)
+1. Follow the instructions [here](https://github.com/cloudflare/workerd/blob/main/README.md#getting-started) 
+2. Run the fuzzbuild.sh script in the workerd root directory to build workerd with the fuzzili configuration
+3. Test if REPRL works:
+ `swift run REPRLRun <path-to-workerd> fuzzilli <path-to-capnp-config> --experimental`
+4. Run Fuzzilli:
+ `swift run -c release FuzzilliCli --inspect=all --profile=workerd <path-to-workerd> --additionalArguments=<path-to-workerd-config>,--experimental`

Targets/workerd/fuzzbuild.sh

@@ -0,0 +1 @@
+bazel --nohome_rc --nosystem_rc build --config=fuzzilli //src/workerd/server:workerd --action_env=CC=clang-19