Good morning Moazin, > I hear a lot about the `fuzzers' here in the community. I tried grepping it in > the library source as well as `freetype2-demos' and found no significant > match. Can anyone here tell me where can I see these fuzzers? > > A google search revealed a folder `ftfuzzer' in src/tools but it doesn't exist > there anymore. :D
Hehe your search was close; `ftfuzzer' was used until last summer before it was retired in favour of the new fuzzing framework that was my GSoC'18 project: https://github.com/freetype/freetype2-testing/tree/master/fuzzing :) In short, the fuzzers are a set of test harnesses that try to call the whole API in respect to all different scenarios (font drivers, settings/properties, ...). OSS-Fuzz (https://github.com/google/oss-fuzz) then takes these harnesses and shoots randomized input at it, with the hope of crashing it (https://en.wikipedia.org/wiki/Fuzzing) -- so far, LLVM's AddressSanitizer and UnedfinedBehaviorSanitizer are used to instrument FreeType to find issues and crash the harnesses (apart from timeouts). Due to Google's enormous infrastructure, these harnesses are being worked on 24/7 and with several 100 inputs per second. Due to that, many newly introduced issues (in terms of address violation or undefined behaviour (overflow of signed ints etc)) to code that is already covered by the harnesses can be detected pretty much instantly, giving some peace of mind in terms of CI :) You can find some fixes that are based on OSS-Fuzz' findings in the ChangeLog and the git log by looking for messages tagged with `bugs.chromium.org'. Best, Armin _______________________________________________ Freetype-devel mailing list Freetype-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/freetype-devel
