Remove the fuzz tests (issue 19297)

Reasons for removal: - These tests never generated any warnings from OSS-Fuzz, in over a year. - An error thrown during image decoding will lead to a broken/missing image, not a security problem. - These tests rely on the Jazzer.js library, which has a number of problems: It now causes failures in Node.js v23 in the CI tests, it's no longer being maintained upstream, and it lacks support for some (fairly common) CPU architectures.
2025-04-19 06:38:07 +02:00 · 2025-01-08 15:21:34 +01:00 · 2025-01-08 15:21:34 +01:00 · c32d49117c
commit c32d49117c
parent dfbd1d5db6
7 changed files with 0 additions and 1182 deletions
--- a/eslint.config.mjs
+++ b/eslint.config.mjs
@ -352,15 +352,6 @@ export default [
      "jasmine/prefer-toHaveBeenCalledWith": "off",
    },
  },
-  {
-    files: jsFiles("test/fuzz"),
-    rules: {
-      "import/no-unresolved": [
-        "error",
-        { ignore: [".*/build/image_decoders/.*"] },
-      ],
-    },
-  },
  {
    files: jsFiles("test/unit"),
    rules: {
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -7,7 +7,6 @@
    "@babel/runtime": "^7.26.0",
    "@fluent/bundle": "^0.18.0",
    "@fluent/dom": "^0.10.0",
-    "@jazzer.js/core": "^2.1.0",
    "@metalsmith/layouts": "^2.7.0",
    "@metalsmith/markdown": "^1.10.0",
    "@napi-rs/canvas": "^0.1.65",
--- a/test/fuzz/README.md
+++ b/test/fuzz/README.md
@ -1,42 +0,0 @@
-# Fuzz Testing
-
-Fuzz testing is:
-
-> An automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a program.
-
-We use coverage guided fuzz testing to automatically discover bugs in PDF.js.
-
-This `fuzz/` directory contains the configuration and the fuzz tests for PDF.js.
-To generate and run fuzz tests, we use the [Jazzer.js](https://github.com/CodeIntelligenceTesting/jazzer.js/) library.
-
-## Running a fuzzer
-
-This directory contains fuzzers like for example `jpeg_image.fuzz`. You can run it with:
-
-Generate image decoders:
-```sh
-$ gulp image_decoders
-```
-
-Run fuzz target:
-```sh
-$ npx jazzer fuzz/jpeg_image.fuzz --sync
-```
-
-You should see output that looks something like this:
-
-```
-#2      INITED exec/s: 0 rss: 128Mb
-#65536  pulse  corp: 1/1b lim: 652 exec/s: 32768 rss: 140Mb
-#131072 pulse  corp: 1/1b lim: 1300 exec/s: 32768 rss: 140Mb
-#262144 pulse  corp: 1/1b lim: 2611 exec/s: 32768 rss: 140Mb
-#524288 pulse  corp: 1/1b lim: 4096 exec/s: 30840 rss: 140Mb
-#1048576        pulse  corp: 1/1b lim: 4096 exec/s: 29959 rss: 140Mb
-#2097152        pulse  corp: 1/1b lim: 4096 exec/s: 29537 rss: 140Mb
-```
-
-It will continue to generate random inputs forever, until it finds a
-bug or is terminated. The testcases for bugs it finds can be seen in
-the form of `crash-*` or `timeout-*` at the place from where command is run.
-You can rerun the fuzzer on a single input by passing it on the
-command line `npx jazzer fuzz/jpeg_image.fuzz /path/to/testcase`.
--- a/test/fuzz/jbig2_image.fuzz.js
+++ b/test/fuzz/jbig2_image.fuzz.js
@ -1,33 +0,0 @@
-import {
-  Jbig2Error,
-  Jbig2Image,
-  setVerbosityLevel,
-  VerbosityLevel,
-} from "../../build/image_decoders/pdf.image_decoders.mjs";
-
-// Avoid unnecessary console "spam", by ignoring `info`/`warn` calls.
-setVerbosityLevel(VerbosityLevel.ERRORS);
-
-const ignored = ["Cannot read properties"];
-
-function ignoredError(error) {
-  if (error instanceof Jbig2Error) {
-    return true;
-  }
-  return ignored.some(message => error.message.includes(message));
-}
-
-/**
- * @param {Buffer} data
- */
-function fuzz(data) {
-  try {
-    new Jbig2Image().parse(new Uint8Array(data));
-  } catch (error) {
-    if (error.message && !ignoredError(error)) {
-      throw error;
-    }
-  }
-}
-
-export { fuzz };
--- a/test/fuzz/jpeg_image.fuzz.js
+++ b/test/fuzz/jpeg_image.fuzz.js
@ -1,33 +0,0 @@
-import {
-  JpegError,
-  JpegImage,
-  setVerbosityLevel,
-  VerbosityLevel,
-} from "../../build/image_decoders/pdf.image_decoders.mjs";
-
-// Avoid unnecessary console "spam", by ignoring `info`/`warn` calls.
-setVerbosityLevel(VerbosityLevel.ERRORS);
-
-const ignored = ["Cannot read properties"];
-
-function ignoredError(error) {
-  if (error instanceof JpegError) {
-    return true;
-  }
-  return ignored.some(message => error.message.includes(message));
-}
-
-/**
- * @param {Buffer} data
- */
-function fuzz(data) {
-  try {
-    new JpegImage().parse(new Uint8Array(data));
-  } catch (error) {
-    if (error.message && !ignoredError(error)) {
-      throw error;
-    }
-  }
-}
-
-export { fuzz };
--- a/test/fuzz/jpx_image.fuzz.js
+++ b/test/fuzz/jpx_image.fuzz.js
@ -1,33 +0,0 @@
-import {
-  JpxError,
-  JpxImage,
-  setVerbosityLevel,
-  VerbosityLevel,
-} from "../../build/image_decoders/pdf.image_decoders.mjs";
-
-// Avoid unnecessary console "spam", by ignoring `info`/`warn` calls.
-setVerbosityLevel(VerbosityLevel.ERRORS);
-
-const ignored = ["Cannot read properties"];
-
-function ignoredError(error) {
-  if (error instanceof JpxError) {
-    return true;
-  }
-  return ignored.some(message => error.message.includes(message));
-}
-
-/**
- * @param {Buffer} data
- */
-function fuzz(data) {
-  try {
-    JpxImage.decode(new Uint8Array(data));
-  } catch (error) {
-    if (error.message && !ignoredError(error)) {
-      throw error;
-    }
-  }
-}
-
-export { fuzz };