Closed Bug 1143045 Opened 9 years ago Closed 6 years ago

Fuzz WOFF2


( :: Security Assurance: Review Request, task)

Not set


(Not tracked)



(Reporter: dveditz, Assigned: posidron)



+++ This bug was initially created as a clone of Bug #1084026 +++

We have added support for WOFF2 to Firefox. We need to adapt the WOFF fuzzer to hit the new features and beat on it for a bit.
Christoph, how much work will it be to do this? (A day, a few days, a week or more of pulling your hair out?)
FYI: To generate WOFF2 fonts as a starting-point for fuzzing, get and build the WOFF2 tools from [1] (see the README for simple instructions), and then use the woff2_compress tool to create a WOFF2 version of any TTF or OTF font.

Thanks Jonathan, that's good start. I need to check the documentation first, we have no data model for WOFF2 and I have right now no idea what changes have been made from WOFF1 and in what way we can use the previous fuzzers.
Christoph, I'd like to push the pref-change in bug 1084026 this week, to catch the FF39 train... are you comfortable with that happening alongside the beginning of your fuzzing work here? (We'd still have the opportunity to revert the pref during aurora or even beta if we run across major issues, though obviously we're not expecting that.)
Flags: needinfo?(cdiehl)
This is ongoing work and part of our fuzzing cycles at EC2.
Flags: needinfo?(cdiehl)
Is this bug still relevant? I see that woff2 is covered by oss-fuzz these days too.
Flags: needinfo?(cdiehl)
No, the main meta bug was/is and all bugs related to fuzzing fonts are  attached to that one.
Closed: 6 years ago
Flags: needinfo?(cdiehl)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.