If we mandate that "svp" only operates on cairo compatible surfaces, then we can get this niceness into android and online too, and can ditch our non-cairo text rendering code paths.
Friday, 20 November 2015
Better polygon rendering in LibreOffice's Gtk3 Support
If we mandate that "svp" only operates on cairo compatible surfaces, then we can get this niceness into android and online too, and can ditch our non-cairo text rendering code paths.
Friday, 13 November 2015
Insert Special Character in Spelling Dialog
Friday, 23 October 2015
finding UI crashes by fuzzing input events with american fuzzy lop
As mentioned previously I've been experimenting using afl as a fuzzing engine to fuzz a stream of serialized keyboard events which LibreOffice reads and dispatches.
Performance is still pretty poor, but by tweaking our headless mode to allow dialogs to be created, then using that headless mode for eventtesting and then hacking out the actual rendering of the UI to the headless backend I've got something that performs reasonably well enough to enable me to set a far higher limit of 50 input events per cycle and start to discover real bugs in impress.
all of which is encouraging, though some of these are possibly very unlikely in real world use. But the prized find is
intermittent crash on undo of insert slide
because I've seen that happen plenty in the real world, and is the problem I was hoping to find.
Turns out its been so difficult to track down because there's a timer involved which is triggered by earlier modifications to the document. To get it to crash by undoing insert slide you have to modify an object in the document, which triggers an object-modified timer, and then very quickly, before the modified-timer fires, undo insert slide. Which has the effect of impress not registering that the slide has been deleted. Some time later, in far away code, impress will crash on use of the deleted slide.
afl-eventtesting was able to find a sequence of keystrokes (which isn't a huge surprise seeing as I primed it with some insert and undo slide sequences so it didn't have to mutate things too far before it modified a document object after an insert and before the undo) to trigger the crash and the eventtesting + headless modes of LibreOffice gave a reproducible platform where the same events happen in the same sequence without any intermediate system-ui events to throw off the delicate timing. Once the thing is reliably reproducible then its just a matter of grinding through the debugging.
Performance is still pretty poor, but by tweaking our headless mode to allow dialogs to be created, then using that headless mode for eventtesting and then hacking out the actual rendering of the UI to the headless backend I've got something that performs reasonably well enough to enable me to set a far higher limit of 50 input events per cycle and start to discover real bugs in impress.
- 5.1 only crash in impress sidebar under some circumstances
- null marked obj still in impress mark cache
- another null deref in impress sidebar panels
- crash in impress if you exit while the annotation window is open
- divide by zero in an impress sidebar panel
- another annotation window null deref issue
- crash on sending a keystroke to an empty impress page list widget
- missing dispose on annotation windows
- missing dispose on alive by unshown panels
- crash if frame is destroyed before keystroke gets to it
- crash if you close impress main frame while slideshow is running
all of which is encouraging, though some of these are possibly very unlikely in real world use. But the prized find is
intermittent crash on undo of insert slide
because I've seen that happen plenty in the real world, and is the problem I was hoping to find.
Turns out its been so difficult to track down because there's a timer involved which is triggered by earlier modifications to the document. To get it to crash by undoing insert slide you have to modify an object in the document, which triggers an object-modified timer, and then very quickly, before the modified-timer fires, undo insert slide. Which has the effect of impress not registering that the slide has been deleted. Some time later, in far away code, impress will crash on use of the deleted slide.
afl-eventtesting was able to find a sequence of keystrokes (which isn't a huge surprise seeing as I primed it with some insert and undo slide sequences so it didn't have to mutate things too far before it modified a document object after an insert and before the undo) to trigger the crash and the eventtesting + headless modes of LibreOffice gave a reproducible platform where the same events happen in the same sequence without any intermediate system-ui events to throw off the delicate timing. Once the thing is reliably reproducible then its just a matter of grinding through the debugging.
Thursday, 15 October 2015
fuzzing LibreOffice input events with american fuzzy lop
This is a demo of using the american fuzzy lop fuzzer as an engine to drive LibreOffice UI testing by fuzzing serialized keyboard input events.
For demo purposes the UI is visible here, but it can be run headlessly too. Given enough time afl can fuzz the initial input text of hello into keyboard shortcuts to enter menus and launch dialogs.
I think the concept is pretty neat and fun, but this is still experimental stage stuff that I'm playing with and trying to up the performance.
Tuesday, 13 October 2015
view/edit shape control points
Wednesday, 30 September 2015
impress save background image
Friday, 25 September 2015
crash testing and coverity, conference report
Subscribe to:
Posts (Atom)