On 6/12/2010 19:11, Christian Henning wrote:
Hi Fabio,
Have you looked into how browsers test against malicious attacks? IIRC they take valid images and change them in a "educatedly random" fashion. (i.e. all kinds of header corruption) As images are a common attack vector for malicious attacks I think that kind of testing is quite important.
I think you bring up a valid point. I'll make an entry in the todo list to add some invalid reads. Now how do I create a good cross selection of invalid jpeg, tiff, png, bmp, and pnm images? I'm open for suggestions.
Note that I also do not have any first hand experience with it, but from what I have heard some forms of randomized (with a logged or fixed seed) fault injection (https://secure.wikimedia.org/wikipedia/en/wiki/Fault_injection) or fuzz-testing (https://secure.wikimedia.org/wikipedia/en/wiki/Fuzz_testing) is quite effective for that kind of testing. A quick google search turned up this (http://www.securiteam.com/tools/6P00B1FNFM.html) for a jpeg fuzzer (haven't checked the license though) I think adding something like this to the test suite would be the most efficient approach, especially since scripted fuzzing does not take too much diskspace. HTH Fabio