On Dec 6, 2009, at 3:00 PM, Dirk Schulze wrote:
Hi Maciej and Darin,
you both suggested to add fuzz tests for SVG Filters. I looked at the
fuzz test LayoutTest/svg/dom/fuzz-path-parser.html. As an analogy to
this test, I would suggest an array with the effects to test, it's
number of inputs and attributes, that can't be randomly set.
But the basic question is, what should the fuzz test test?
The combination of different effects? Should every filter effect have
it's own fuzz test with a default input? Different sizes of effects?
We need to keep in mind, that LayoutTests will slow down, as more
comlpex the fuzz tests get.
The fuzz testing doesn't necessarily have to be part of the layout
tests. It's good to do that for simple fuzz testers like the path
parser, but not for long-running exhaustive tests like iExploder.
I think the following are interesting to test as fuzz parameters:
- The contents used as filter input - would want to test random,
realistic images, and maybe edge cases like all black, all white, all
opaque, etc.
- The filter parameters - different combinations of parameter values,
including extremely large and extremely small, negative for ones that
shouldn't allow it, invalid values, etc.
Combinations of filters may also be interesting to test, but I'm not
sure that would be as likely to reveal bugs. The main thing I am
worried about is code that does direct bitmap manipulation - a bounds
overflow in such code seems like the most likely vector for a security
bug.
Regards,
Maciej
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
