serenity icon indicating copy to clipboard operation
serenity copied to clipboard

Published 20 hours ago verified publisher icon SerenityOS

Fuzzers: Set up a fake browser environment for FuzzCSSParser

Open AtkinsSJ opened this issue 2 years ago • 11 comments

WIP! Looking for feedback from whoever actually understands any of the parts involved, unlike myself. :sweat_smile:

This is likely not super correct, but it does at least function for me now. (As far as I can tell - I don't know what FuzzFoo output is supposed to look like, but it seems happy.) The remaining issues are that I've hard-coded the fonts directory and default font query.

It's possible we could avoid needing font information entirely by not creating a Document but doing things manually instead? Not sure. This feels like way too much is being set up that we don't actually use - we just need a JS realm with the CSSOM intrinsics available.

Fixes #21629. Well, kinda.

AtkinsSJ avatar Oct 28 '23 16:10 AtkinsSJ

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions!

stale[bot] avatar Nov 20 '23 02:11 stale[bot]

Not stale! Though I had forgotten about this. 😅

AtkinsSJ avatar Nov 20 '23 08:11 AtkinsSJ

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions!

stale[bot] avatar Dec 12 '23 04:12 stale[bot]

Same again. I can't believe this has been open 2 months. :thousandyakstare:

AtkinsSJ avatar Dec 12 '23 08:12 AtkinsSJ

It's a bit sad that we have to do all this extra work, because some (more advanced) fuzzers actually trace inputs to get better results (and this will almost certainly throw them off a bit). Although, arguably, an inefficient fuzzer would still be a lot better than the current one.

Is there a chance that we can move any of the things before parse_css_stylesheet into the static initialization part? (And even that only helps the fuzzers that understand the way of libFuzzer, not sure if that includes oss-fuzz.)

Other than that, it looks OK, I guess...

timschumi avatar Dec 12 '23 16:12 timschumi

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions!

stale[bot] avatar Jan 02 '24 17:01 stale[bot]

This pull request has been closed because it has not had recent activity. Feel free to re-open if you wish to still contribute these changes. Thank you for your contributions!

stale[bot] avatar Jan 10 '24 00:01 stale[bot]

Stalebot pls

ADKaster avatar Jan 10 '24 00:01 ADKaster

This pull request has been closed because it has not had recent activity. Feel free to re-open if you wish to still contribute these changes. Thank you for your contributions!

stale[bot] avatar Jan 18 '24 01:01 stale[bot]

I keep forgetting about this. 😅 (And possibly avoiding it...)

AtkinsSJ avatar Jan 18 '24 10:01 AtkinsSJ

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions!

stale[bot] avatar Feb 09 '24 06:02 stale[bot]

This pull request has been closed because it has not had recent activity. Feel free to re-open if you wish to still contribute these changes. Thank you for your contributions!

stale[bot] avatar Feb 16 '24 10:02 stale[bot]