Open mschwager opened 5 months ago
mschwager
commented
5 months ago It looks like json, psych, and date are already fuzzed here: https://github.com/google/oss-fuzz/tree/master/projects/ruby.
zlib could be interesting, although that extension appears to be a direct copy of the ubiquitous Zlib C library, so it's probably already been fuzzed extensively.
woodruffw
commented
5 months ago nokogiri (especially the SAX parser) is also worth fuzzing, they have a long track record of NPEs and other memory violations: https://www.cvedetails.com/vulnerability-list/vendor_id-20514/product_id-59208/Nokogiri-Nokogiri.html
Edit: Fuzzed here: https://github.com/google/oss-fuzz/tree/master/projects/nokogiri
mschwager
commented
5 months ago
nokogiri(especially the SAX parser) is also worth fuzzing, they have a long track record of NPEs and other memory violations: https://www.cvedetails.com/vulnerability-list/vendor_id-20514/product_id-59208/Nokogiri-Nokogiri.htmlEdit: Fuzzed here: https://github.com/google/oss-fuzz/tree/master/projects/nokogiri
Good call, looks like they're only doing UBSAN though? https://github.com/google/oss-fuzz/blob/master/projects/nokogiri/project.yaml#L9-L10
woodruffw
commented
5 months ago Yeah, interesting choice 🤔
woodruffw
commented
5 months ago The ffi gem might also be worth fuzzing: https://github.com/ffi/ffi
mschwager
commented
4 months ago Here's a useful GH query for finding repositories with a extconf.rb file (indicates a Ruby C extension): https://github.com/search?q=lang%3Aruby+path%3Aextconf.rb+NOT+is%3Aarchived&type=code.
EDIT: more: