Skip to content

Fuzzers for cairo and potential OSS-Fuzz integration

Ceyhun Alp requested to merge ceyhunalp/cairo:fuzzing into master

Hello cairo developers and contributors,

I am a Software Engineering Intern at Google, working with the Third Party Security (TPS) team. As part of my internship I am working on fuzzing GNOME libraries and cairo is one of the libraries that we have picked for this work.

In a nutshell, fuzzing (or fuzz testing) is an automated software testing technique that involves passing invalid, unexpected or random inputs to a program and monitoring the behavior of the program for exceptions, failing assertions or potential memory leaks/overflows. Fuzzers are a reasonable complement to classical software testing techniques as they: (1) are easy to write, (2) can test small parts of code, and (3) can look for new bugs and vulnerabilities.

This MR includes fuzzers (fuzzing) that cover most of the API functions that can be called externally. In one of our fuzzers (font_face_fuzzer.c), we reused code from test/user-font.c to test the cairo_font_face_set_user_data function. Therefore, the FIXME in our fuzzer comes from test/user-font.c. Finally, when running our fuzzers, we used the PNG files in test/reference as a seed corpus, which is a set of inputs that serve as starting points for the fuzzer.

We would like to integrate these fuzzers with OSS-Fuzz as well. OSS-Fuzz is a free fuzzing infrastructure you can use to identify security vulnerabilities and stability bugs in your project. You can find more information about OSS-Fuzz here. The only thing we need from you is an email address to report the crashes to.

We are hoping to hear from you and looking forward to collaborating with you on this effort.

Thanks! Ceyhun

Merge request reports