[webkit-dev] SVG Filters

Maciej Stachowiak mjs at apple.com
Mon Dec 7 03:33:26 PST 2009

On Dec 6, 2009, at 3:00 PM, Dirk Schulze wrote:

> Hi Maciej and Darin,
> you both suggested to add fuzz tests for SVG Filters. I looked at the
> fuzz test LayoutTest/svg/dom/fuzz-path-parser.html. As an analogy to
> this test, I would suggest an array with the effects to test, it's
> number of inputs and attributes, that can't be randomly set.
> But the basic question is, what should the fuzz test test?
> The combination of different effects? Should every filter effect have
> it's own fuzz test with a default input? Different sizes of effects?
> We need to keep in mind, that LayoutTests will slow down, as more
> comlpex the fuzz tests get.

The fuzz testing doesn't necessarily have to be part of the layout  
tests. It's good to do that for simple fuzz testers like the path  
parser, but not for long-running exhaustive tests like iExploder.

I think the following are interesting to test as fuzz parameters:

- The contents used as filter input - would want to test random,  
realistic images, and maybe edge cases like all black, all white, all  
opaque, etc.
- The filter parameters - different combinations of parameter values,  
including extremely large and extremely small, negative for ones that  
shouldn't allow it, invalid values, etc.

Combinations of filters may also be interesting to test, but I'm not  
sure that would be as likely to reveal bugs. The main thing I am  
worried about is code that does direct bitmap manipulation - a bounds  
overflow in such code seems like the most likely vector for a security  


More information about the webkit-dev mailing list