[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ft-devel] Modification in FT_Gzip_Uncompress
|
From: |
armin |
|
Subject: |
Re: [ft-devel] Modification in FT_Gzip_Uncompress |
|
Date: |
Sun, 9 Jun 2019 08:54:22 +0100 |
Good morning Moazin,
> I hear a lot about the `fuzzers' here in the community. I tried grepping it in
> the library source as well as `freetype2-demos' and found no significant
> match. Can anyone here tell me where can I see these fuzzers?
>
> A google search revealed a folder `ftfuzzer' in src/tools but it doesn't exist
> there anymore. :D
Hehe your search was close; `ftfuzzer' was used until last summer before it
was retired in favour of the new fuzzing framework that was my GSoC'18 project:
https://github.com/freetype/freetype2-testing/tree/master/fuzzing :)
In short, the fuzzers are a set of test harnesses that try to call the whole
API in respect to all different scenarios (font drivers, settings/properties,
...). OSS-Fuzz (https://github.com/google/oss-fuzz) then takes these harnesses
and shoots randomized input at it, with the hope of crashing it
(https://en.wikipedia.org/wiki/Fuzzing) -- so far, LLVM's AddressSanitizer and
UnedfinedBehaviorSanitizer are used to instrument FreeType to find issues and
crash the harnesses (apart from timeouts). Due to Google's enormous
infrastructure, these harnesses are being worked on 24/7 and with several 100
inputs per second. Due to that, many newly introduced issues (in terms of
address violation or undefined behaviour (overflow of signed ints etc)) to code
that is already covered by the harnesses can be detected pretty much instantly,
giving some peace of mind in terms of CI :) You can find some fixes that are
based on OSS-Fuzz' findings in the ChangeLog and the git log by looking for
messages tagged with `bugs.chromium.org'.
Best,
Armin