Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
More questions regarding MathML fuzzing on ClusterFuzz
7 views
Skip to first unread message
Frédéric Wang
Jul 7, 2022, 6:36:27 AM7/7/22
to cluster...@chromium.org, Dominik Röttsches, ifra...@google.com
Hello,
In a previous email I mentioned Igalia's intent-to-ship for MathML [1]
and the feedback about making fuzzers aware of MathML. I haven't been
cc'ed to any bug report from ClusterFuzzer since March, so either the
implementation is good or fuzzing should be improved ! Yesterday, API
owners mentioned their approval may be delayed for a few months, so that
gives more time for us to improve fuzzing and find crashes...
Since then, I've been working on adding new fuzz targets to cover
low-level APIs used by MathML (namely HarfBuzz's fuzzer,
stretchy_operator_shaper_fuzzer, mathml_operator_dictionary_fuzzer,
open_type_math_support_fuzzer and math_transform_fuzzer) and I plan to
continue the effort on that.
Regarding DOM fuzzers, I understand domato is used by
ifratic_browserfuzz_v3 and will need to be updated to integrate the
recently added support [2]. I also believe other fuzzing tools rely on
existing documents (e.g. MathML layout tests) or MathML grammars, but
the details are not very public... Do you think there is anything else
to improve or are you happy with the current status? Is there any way
Igalia could help?
Thanks,
[1] https://groups.google.com/a/chromium.org/g/blink-dev/c/n4zf_3FWmAA
[2] https://github.com/googleprojectzero/domato/pull/35
--
Frédéric Wang
In a previous email I mentioned Igalia's intent-to-ship for MathML [1]
and the feedback about making fuzzers aware of MathML. I haven't been
cc'ed to any bug report from ClusterFuzzer since March, so either the
implementation is good or fuzzing should be improved ! Yesterday, API
owners mentioned their approval may be delayed for a few months, so that
gives more time for us to improve fuzzing and find crashes...
Since then, I've been working on adding new fuzz targets to cover
low-level APIs used by MathML (namely HarfBuzz's fuzzer,
stretchy_operator_shaper_fuzzer, mathml_operator_dictionary_fuzzer,
open_type_math_support_fuzzer and math_transform_fuzzer) and I plan to
continue the effort on that.
Regarding DOM fuzzers, I understand domato is used by
ifratic_browserfuzz_v3 and will need to be updated to integrate the
recently added support [2]. I also believe other fuzzing tools rely on
existing documents (e.g. MathML layout tests) or MathML grammars, but
the details are not very public... Do you think there is anything else
to improve or are you happy with the current status? Is there any way
Igalia could help?
Thanks,
[1] https://groups.google.com/a/chromium.org/g/blink-dev/c/n4zf_3FWmAA
[2] https://github.com/googleprojectzero/domato/pull/35
--
Frédéric Wang
Reply all
Reply to author
Forward
0 new messages