Bug 38841 - Fuzz XML file filters
Summary: Fuzz XML file filters
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Libreoffice (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Not Assigned
QA Contact:
URL:
Whiteboard: EasyHack DifficultyBeginner SkillScri...
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-30 09:33 UTC by Björn Michaelsen
Modified: 2014-04-22 13:59 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Björn Michaelsen 2011-06-30 09:33:49 UTC 
Fuzz XML file filters

Background: The XML file filters are protected from casual binary fuzzing by the zip de-compression, and the XML parser - thus they get little real, hard-core testing. Morten Welinder (of gnumeric fame) has written a nice, simple perl XML fuzzer - which you can find here: http://git.gnome.org/browse/gnumeric/tree/test/fuzzxml - the idea is to get a complex, existing XML document - and to swap it about randomly into a new one, then load that inside LibreOffice, and see if it crashes - if it does; file a bug report with the file (or fix the crash). You will need to unzip, fuzz, and re-zip up an ODF file (which requires the mimetype as the first entry, and no compression ie zip -0).

Skills: shell, basic XML experience, optionally bit of debugger
Comment 1 Juan Jose Pablos 2011-12-17 07:27:18 UTC 
Something like this ¿right?
---------------------
unzip -d example example.odt
perl fuzzml example/content.xml example/newcontent.xml
mv example/newcontent.xml example/content.xml
cd example
zip -0 ../text.odt mimetype
zip -r ../test.odt .
cd ..
rm -r example
libreoffice test.odt
-----------
Comment 2 Michael Meeks 2011-12-17 13:35:06 UTC 
Sure - that's the right idea; worth turning into a script I guess :-) Then of course, we need to re-load the file notice it crashing left and right - and try to find out why & how to patch that;

It's quite a job - as/when you find a crasher, if it's not obvious it'd be great to work together on that.

And of course, the more complex and tangled the input document - using as many weirdo features as possible ;-) the better the attack surface from fuzzing.

ATB.
Comment 3 Florian Reisinger 2012-05-18 09:00:18 UTC 
Deteted "Easyhack" from summary
Comment 4 Björn Michaelsen 2013-10-04 18:47:50 UTC 
adding LibreOffice developer list as CC to unresolved EasyHacks for better visibility.

see e.g. http://nabble.documentfoundation.org/minutes-of-ESC-call-td4076214.html for details
Comment 5 John Smith 2014-04-21 19:10:51 UTC 
proposed a change to dev-tools: An implementation of easyhack bug #38841.  https://gerrit.libreoffice.org/9114
Comment 6 John Smith 2014-04-22 13:59:05 UTC 
Abandoned the patch; resetting assignee to default.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.