Add a fuzzing framework
I've just pushed a wip-afl-fuzz branch with @Eijebong's fuzzer code from #467 (closed).
This is a bit hard to run by hand if one has never used afl-fuzz (or cargo-afl) before. Some tasks that would make this easier:
- Build this automatically with
make fuzz
? Auto-detect the dependencies (cargo-afl, what else?) right there, or should we have a--with-afl-fuzz
option in the configure script? - Improve
afl-fuzz/README.md
- it has some cut&paste commands, but it needs to make it more clear how to fuzz with multiple cores. - We need an AFL dictionary for SVG keywords. Can this be composed with AFL's own dictionary for XML?
- How can we fuzz CSS? Assume that the contents of
<style>
will be fuzzed (with an extra dictionary for CSS?), or do we need some XML trickery to include stylesheets from external files? - Is
afl-fuzz/input/*.svg
adequate? Or should it have more varied elements, attributes, etc? (Or is that the job of the dictionary?)
Edited by Federico Mena Quintero