Fuzzers for cairo and potential OSS-Fuzz integration
Hello cairo developers and contributors,
I am a Software Engineering Intern at Google, working with the Third Party Security (TPS) team. As part of my internship I am working on fuzzing GNOME libraries and cairo is one of the libraries that we have picked for this work.
In a nutshell, fuzzing (or fuzz testing) is an automated software testing technique that involves passing invalid, unexpected or random inputs to a program and monitoring the behavior of the program for exceptions, failing assertions or potential memory leaks/overflows. Fuzzers are a reasonable complement to classical software testing techniques as they: (1) are easy to write, (2) can test small parts of code, and (3) can look for new bugs and vulnerabilities.
This MR includes fuzzers (
fuzzing) that cover most of the API functions that can be called externally. In one of our fuzzers (
font_face_fuzzer.c), we reused code from
test/user-font.c to test the
cairo_font_face_set_user_data function. Therefore, the
FIXME in our fuzzer comes from
test/user-font.c. Finally, when running our fuzzers, we used the PNG files in
test/reference as a seed corpus, which is a set of inputs that serve as starting points for the fuzzer.
We would like to integrate these fuzzers with OSS-Fuzz as well. OSS-Fuzz is a free fuzzing infrastructure you can use to identify security vulnerabilities and stability bugs in your project. You can find more information about OSS-Fuzz here. The only thing we need from you is an email address to report the crashes to.
We are hoping to hear from you and looking forward to collaborating with you on this effort.