Xiangwei Zhang1, Junjie Wang1,3, Xiaoning Du2, Shuang Liu1. 1: College of Intelligence and Computing, Tianjin University, China; 2: Monash University, Australia; 3: Nanyang technological university, Singapore.

Abstract:

WebAssembly (Wasm) has emerged as a pivotal technology for web applications, offering near-native execution speeds and bolstered security through sandboxed execution. Despite its widespread adoption in major browsers, the rapid evolution of Wasm introduces novel attack surfaces, particularly in Wasm compilers. The challenge of Wasm compiler testing lies in producing semi-valid Wasm samples that are structurally sound enough to bypass initial checks yet sufficiently unique to probe for vulnerabilities. In response, we introduce WasmCFuzz, an innovative fuzzing approach that utilizes AFL-generated random bytes to create semi-valid Wasm formats. This method effectively balances structural validity with the potential to uncover compiler corner cases. Our comprehensive evaluation demonstrates that WasmCFuzz not only outperforms existing methods likeWasm-smith andWAfuzzer but also uncovers 13 previously unidentified bugs in mainstream browsers within just a week. These findings highlight WasmCFuzz’s capability in enhancing the security of Wasm compilers, marking a significant step forward in Wasm compiler testing.