[webkit-dev] SVG Filters
Maciej Stachowiak
mjs at apple.com
Mon Dec 7 03:33:26 PST 2009
On Dec 6, 2009, at 3:00 PM, Dirk Schulze wrote:
> Hi Maciej and Darin,
>
> you both suggested to add fuzz tests for SVG Filters. I looked at the
> fuzz test LayoutTest/svg/dom/fuzz-path-parser.html. As an analogy to
> this test, I would suggest an array with the effects to test, it's
> number of inputs and attributes, that can't be randomly set.
> But the basic question is, what should the fuzz test test?
> The combination of different effects? Should every filter effect have
> it's own fuzz test with a default input? Different sizes of effects?
> We need to keep in mind, that LayoutTests will slow down, as more
> comlpex the fuzz tests get.
The fuzz testing doesn't necessarily have to be part of the layout
tests. It's good to do that for simple fuzz testers like the path
parser, but not for long-running exhaustive tests like iExploder.
I think the following are interesting to test as fuzz parameters:
- The contents used as filter input - would want to test random,
realistic images, and maybe edge cases like all black, all white, all
opaque, etc.
- The filter parameters - different combinations of parameter values,
including extremely large and extremely small, negative for ones that
shouldn't allow it, invalid values, etc.
Combinations of filters may also be interesting to test, but I'm not
sure that would be as likely to reveal bugs. The main thing I am
worried about is code that does direct bitmap manipulation - a bounds
overflow in such code seems like the most likely vector for a security
bug.
Regards,
Maciej
More information about the webkit-dev
mailing list