Opera Desktop Team blog header

Fun with the fuzzer

By Claudio Santambrogiocsant. Friday, August 3, 2007 10:42:36 AM

, , ,

Yesterday Mozilla released their jsfunfuzz tool at the Blackhat convention in Las Vegas. The tool is very useful for stress-testing the javascript engine and its stability. While running the tool, we found four crashers - one of which might have some security implications.

Here is a build that should address all of the issues: test it, give it a spin with the tool - and please report any crashers you might find with the fuzzer, and most importantly: send us a crashlog along with it!

Have fuzz fun! And many thanks to Mozilla for sharing their tool.

Download:
Windows MSI
Windows Classic
Macintosh
Unix

Screen reader supportYet another 9.23 build

Comments

Renansuperenan Saturday, August 4, 2007 5:51:21 AM

@GT500

Thank you so much for the help, I did this thing you suggested and I'll be browsing for a while to see if those weird problems will continue anyway... hope not, but thank you anyway!

EDIT: LOL, it actually DID take longer than I expected, but once again it crashed -___-

Dear God, what's gonna be of me lol cry

Jesse Rudermanjruderman Saturday, August 4, 2007 6:21:33 AM

Svoboda asked:

"How long do you think the test should be run? One hour? Or longer? I noticed that some person on mozilla page runs the test overnight."

I've run it for over 200 hours, mostly when I'm asleep, and I still find new bugs with every once in a while. It helps that I can test in a command-line shell version of Firefox's JavaScript engine (rather than a browser) and I have a dual-core CPU smile

Jesse Rudermanjruderman Saturday, August 4, 2007 6:24:45 AM

mrd teased:

"What? Opera didn't respond to Mozilla? Tsk tsk!"

Actually, I got an enthusiastic response the first time I sent the tools to a developer at Opera. I'm not sure why the author of that article said that Opera didn't respond. Maybe someone else from Mozilla sent it to Opera through a different channel and didn't get a response because someone at Opera figured they had already responded adequately to me?

Jesse Rudermanjruderman Saturday, August 4, 2007 6:28:23 AM

WildEnte asked:

"So why did you find so significantly fewer crashers and security things in Opera with that tool?"

At first glance, "Mozilla found 27 exploitable bugs with its tool and Opera found 1" makes it sound like Mozilla has a buggier JavaScript engine. Maybe that's true, but it's hard to tell from the numbers at this point, for at least three reasons:

* Mozilla has been using this tool for almost a year, but Opera has only been using it seriously for a few days.

* The tool is tuned to test Mozilla's JavaScript engine. For example, it tries very hard to test the partial decompilation that happens when Mozilla's JavaScript engine generates error messages like "a.b(x + y) is not a function". Most JavaScript engines don't even try to make beautiful error messages like that. Perhaps a version tuned to Opera's features and quirks and weaknesses will find bugs in Opera more easily.

* The tool uses some hooks in Mozilla's JavaScript shell to test garbage collection. gc() triggers a garbage collection right away and gczeal(2) changes garbage collection scheduling so it happens every time it's allowed (e.g. every time something is allocated). This heavy testing of garbage collection accounts for a good percentage of the exploitable crashes found by the tool, including all three of the bugs I showed in the presentation. I don't know whether Opera has similar hooks.

* 11 of them were in code added for Firefox 2 and fixed before Firefox 2 were released (whiteboard "js1.7" + keyword "verified1.8.1"). Another 4 were in code added for Firefox 3 and fixed before Firefox 3 was released (whiteboard "post-1.8-branch" and similar). So 15 of the bugs never made it into released versions of Firefox.

Stifu Saturday, August 4, 2007 10:10:14 AM

"Isn't Opera's JS supposed to already be faster than the others?"

Although I didn't try Opera build 8005 yet, Safari 3 beta is faster than Opera 9.22 when it comes to Javascript, taking the following test as a reference (and on all the computers I tried it on): http://celtickane.com/projects/jsspeed.php

illiad Saturday, August 4, 2007 10:26:27 AM

rseiler: you obviously understand about bugreports, but that post was for those that dont.. smile

GuilhermeSpyMan Saturday, August 4, 2007 11:05:06 AM

@superenan, make a clean install of Opera in a separate folder (example: Opera 2), and without changing anything in this new instalation, try to navigate in Mercado Livre.

@GT500, the language in Mercado Livre is portuguese. wink

[]s

BleedingHeart Saturday, August 4, 2007 12:48:23 PM

Inspectr has written 3 crash logs without Opera actually crashing (on linux) should I report these or is it a bug in Inspectr?

Khaled KhalilKhaled-Khalil Saturday, August 4, 2007 1:15:38 PM

again because my previous comment was deleted (was mostly off-topic) for whom still don't know, linux & freebsd inspectr : http://www.opera.com/support/search/view/825/

@BleedingHeart, i confirm that happens to me too a lot, but me too don't know what to do.

@devs, so 9.23 is going to be released, is there any changes yet ? or what changes are supposed to be done for us to concentrate catching bugs arround ?, ofcourse if we are invited to do.

bildos Saturday, August 4, 2007 1:48:59 PM

Vista 32Bit Buisness - Pass fuzz test in my case.

bildos Saturday, August 4, 2007 2:06:22 PM

Opera Windows build 8805 lost my "bookmarks" after update... Bookmarks was at another HDD

WildEnte Saturday, August 4, 2007 2:38:00 PM

Thanks for the answer, jruderman.

Arthur WilkinsonGT500 Saturday, August 4, 2007 5:21:59 PM

Originally posted by Captain Stifu:

Although I didn't try Opera build 8005 yet, Safari 3 beta is faster than Opera 9.22 when it comes to Javascript, taking the following test as a reference (and on all the computers I tried it on): http://celtickane.com/projects/jsspeed.php



When I did some browser speed tests, and found the Safari 3 beta for Windows was faster, non-troppo enlightened me to this. That article discusses some bugs in Safari that make it appear to process JavaScript significantly faster than other browsers.

I don't know if those bugs apply to the Mac version of Safari, so I can't say anything about speed tests in Mac. wink

Stifu Saturday, August 4, 2007 5:46:00 PM

GT500: interesting... Well, at least "onload" stuff shouldn't make any difference in the test page I posted, since the test isn't fired "onload".

Arthur WilkinsonGT500 Saturday, August 4, 2007 6:39:56 PM

Originally posted by Captain Stifu:

... Well, at least "onload" stuff shouldn't make any difference in the test page I posted, since the test isn't fired "onload".



True. Unfortunately the issues with the JavaScript counter make any JavaScript test results unreliable...

Maybe they'll give us another beta here soon to test with, that way we know for certain just how fast it is. wink

Øyvind ØstlundNoteMe Saturday, August 4, 2007 10:33:59 PM

While fiddling with some URLs I found out about MemGuard. But I can't see any references to it in the KB article "Logging program crashes and freezes using Inspector IIXII". But is it still recommended that we use MemGuard for our crash reports? I want to at least try to run the tests over night. Then I can turn off all other apps, and hopefully get quality logs if I am unlucky and manages to get it to crash.

[Edit]Tried to run it with MemGuard, for 15-16 hours, and after that the processor use was next to zero, and MemGuard had saved information to a file, but Inspector had nothing. No idea what it wanted to save, but it didn't seem like a crash, but it did neither look like Opera wanted to run the script anymore though MemGuard still grew bigger.

- ØØ -

Kamaleshkamalesh Saturday, August 4, 2007 10:42:18 PM

I'm finding that flash videos seem to stall in this Mac build 3691...

Andresandresruiz Sunday, August 5, 2007 12:14:03 AM

@superenan

Mercado Livre works fine on my Build 8805 on Windows XP SP2.
___

My Opera Freezes at: http://www.mathmos.co.uk/
Can anyone confirm? Opera become unusable, no button works I have to use CTRL+ALT+DEL to end Opera by the force.

stephp Sunday, August 5, 2007 5:18:32 AM

hi guys, I don't know if you have the same problem with this new build. When I activate Opera's fit-to-width option (ctrl-F11) and go to some sites, Opera freezes, for instance here: www.chrisisaak.com

Do you have the same problem when fit-to-width is activated?

Is it related to the javascript config errors we're talking about here?

Thanks

stephp Sunday, August 5, 2007 5:22:25 AM

http://www.mathmos.co.uk/ does not display anything in my Opera browser!?

Jumak Sunday, August 5, 2007 8:32:47 AM

@stephp
Confirmed! Mine freezes too at www.chrisisaak.com when fit-to-width setting is changed.

Stifu Sunday, August 5, 2007 8:34:39 AM

stephp: www.mathmos.co.uk works for me, tested with build 8001 and 8005.

stephp Sunday, August 5, 2007 8:52:24 AM

ok for me at www.mathmos.co.uk at last. It's a [cookies + javascript + flash] site, and my flash and cookies were deactivated. Sorry guys.

stephp Sunday, August 5, 2007 11:54:11 AM

Strange... I just tested on W2k, and fit-to-width default-enabled Opera does freeze completely on the mentioned site !? So, same result as on WXPSP2.

Fit-to-width is enabled before I try and join the website, it's not that I first connect to the site and then hit Ctrl-F11 on and off after getting there.

graste Sunday, August 5, 2007 7:33:52 PM

Quick question: How can I have a separate install of Opera on my Ubuntu (Feisty) system? Just d/l the static (Debian) tar.gz package and install it with command line parameter "--prefix=/home/username/operaweekly"? Anything I have to consider to have a clean 2nd version of Opera? I want it completely separated from the Opera instance that I run in my day-to-day routine...different profile etc.

wupperbayer Sunday, August 5, 2007 8:29:21 PM

graste, you also have to create a new profile folder like .operaweekly in your home directory and write a little script to start Opera with .operaweekly as its profile directory.

As you're German I just guide you to this thread: http://opera-info.de/forum/thread.php?threadid=1664 instead of translating it into English. wink

rwf Sunday, August 5, 2007 8:38:17 PM

It's pretty straight forward. Since you installed it w/ a --prefix of /home/you/operaweekly, to run the weekly do:
mkdir ~/.operaweekly
cp -R ~/.opera ~/.operaweekly
/home/you/operaweekly/bin/opera -pd ~/.operaweekly

To remove the weekly, just do:
rm -rf ~/operaweekly
rm -rf ~/.operaweekly

Edit: Opps, missed the fact the graste is a .de person.

g4qb Monday, August 6, 2007 12:48:59 AM

ctrl-shift-0 still dead with vista
vista possibly reserves this keyboard shortcut for itself?

have tried modifying shortcut to ctrl-alt-0, & it works.

for those, like me, who like to keep the default keyboard shortcuts,
ctrl-shift-alt-0 works.

newscpq Monday, August 6, 2007 10:10:27 AM

Excuse me, what are we asked to do with the JAVAscript stress test?

I've run it 100 times with around 20 errors (not opera crashes, just error messages).

Should we have to post the errors to the bug tracking system ?

newscpq

Øyvind ØstlundNoteMe Monday, August 6, 2007 10:14:35 AM

No, the error messages are not what is interesting. Inspector will tell you when it was something juicy and write it to a file. BTW for how long are you letting it run if you have already managed to let it run 100 times? I have only done the test two times, both time I let it run for about 15 hours non stop.


- ØØ -

newscpq Monday, August 6, 2007 10:30:17 AM

...uhmm... I'm just pressing F5... probably didn't read the way to automate this and let opera crash... do you have tips ?

I'm pretty sure I didn't understand what we have to do...


[edit]

ok, I've seen there is a python script...

I believe there may be a windows script that doesn't need any additional scripting environment to windows...

too time consuming for me.

SUGGESTION: modify the orignal post by CSANT with a procedure, so that it doesn't have to be found out from 50 messages...

Øyvind ØstlundNoteMe Monday, August 6, 2007 10:43:04 AM

1). Download the Inspector.
2). Start Inspector.
3). Start Opera.
4). Openup the fuzzy test web page.
-- Don't touach anything, just let it run and run and run --
5). If inspector pops up, you have a crash, and prorbably Opera will disapear from the screen. It will save a log.


Extra tip. Leave opera alone while running the test, and probably all other apps too, hence why I let it run over night, so you are sure it is the fuzzers fault when something happend.

You should probably read all of this too before trying: http://www.opera.com/support/search/view/432/


- ØØ -

WildEnte Monday, August 6, 2007 5:00:34 PM

so have there additional crashers been found by now?

graste Monday, August 6, 2007 5:57:44 PM

Many thanks, wupperbayer and rwf. I was in fact wondering why there was no profile dir created by the operaweekly installer. smile

Axel SiebertIIXII Monday, August 6, 2007 9:34:51 PM

@ØØ, as the MemGuard documentation at http://people.opera.com/axel/memguard.htm says, the file you got is generated when you press the PrintScreen key, not when there's a crash.

rwf Monday, August 6, 2007 10:06:00 PM

@graste
Well there is a way, IF you don't install Opera.
tar -xjpf opera-9.23-20070801.1-static-qt.i386-en-657.tar.bz2
cd opera-9.23-20070801.1-static-qt.i386-en-657/
./opera &

Opera creates a 'profile' directory called usersettings in the un-tarred directory. A nice way to check things out before 'installing' opera.

Øyvind ØstlundNoteMe Tuesday, August 7, 2007 7:53:12 AM

@Mr Siebert:
Thanks, sometimes I need help to read p Looks like a really nice tool, good job with it. I'll try to use it from now on, though Opera never seems to crash on my machine. Even when I try to make it crash, I'm having a hard time.

- ØØ -

Kamaleshkamalesh Wednesday, August 8, 2007 5:49:03 AM

The new .Mac Web Galleries don't seem to be fully-functional in build 3691.

besti Wednesday, August 8, 2007 5:53:12 AM

This page not property open

http://www.vecer.si/

bug bug bug bug

Version 9.23
Build 657
Platform Linux

EricJH Wednesday, August 8, 2007 12:06:28 PM

http://www.vecer.si/ not working under Vista with 9.23 either.

PawełYgrek.pl Wednesday, August 8, 2007 2:15:02 PM

I know that developer don't read this but i must try!
Pleeeease add to Opera possibilty to check spelling when type, and minimalize to tray options.

My FireFox use 130Mb ram! And i'm using it only because those two features :/

Pleeeeeeeease.

rseiler Wednesday, August 8, 2007 2:21:34 PM

Here we go again. Apparently 8807 (I haven't tried it yet):
ftp://ftp.opera.com/pub/opera/win/923/en

berend ytsmaytsmabeer Wednesday, August 8, 2007 2:24:18 PM

O no, wat do you guys do, check every min. the ftp scared

FataL Wednesday, August 8, 2007 2:53:01 PM

Originally posted by Ygrek.pl:

Pleeeease add to Opera ... minimalize to tray option.

It is here for a while already - [Ctrl]+[H] by default. wink

PawełYgrek.pl Wednesday, August 8, 2007 3:05:32 PM

But it is not usefull better will be to add option "minimize to tray\minimize to taskbar"

Uwe aka JaDaJada0007 Wednesday, August 8, 2007 3:39:30 PM

Opera Final Release 9.23
Opera Linux Build 659 & Opera for Windows Build 8807

João EirasxErath Wednesday, August 8, 2007 6:20:37 PM

Now that 9.23 is out

Since when ?
This version is only weekly.

The currently advertised version is 9.22
http://www.opera.com/download/

Remco Lantingremcolanting Wednesday, August 8, 2007 6:24:51 PM

@xErath: The final version is on the ftp server so it can be picked up by the mirrors. If everything goes according to plan, the official announcement will be tomorrow, the 9th.

berend ytsmaytsmabeer Wednesday, August 8, 2007 6:27:04 PM

As long Opera doesn't offer it officialy, version 9.23 isn't final and isn't out there to pick it up.

I must agree with xErath the current Final version is 9.22

rseiler Wednesday, August 8, 2007 6:43:19 PM

Let's call it the de facto final then. In my memory, it's been at least a year since what's been put on the FTP server has been pulled for retooling.

What's curious, however, is how Opera rarely likes testing their final RC build externally HERE. You would think this would be the place to alert people about it, rather than dribbling it out silently on FTP. Why have this blog at all then?

« Previous 1 2 3 Next »

Showing comments 51 - 100 of 137.

Write a comment

New comments have been disabled for this post.

Latest 12.15 (Marlin) Snapshot

Got feedback?

  • Desktop Team FAQ

    We recommend that you read the FAQ before participating.

  • Report a bug

    If you've found a bug in Opera, find out how to report it.

  • Feature requests

    This is the place to post your feature requests. Opera employees monitor this forum

Latest Release Candidate