The Disturbing Results With Automated Fuzzing Of OpenGL Shaders

Written by Michael Larabel in Standards on 3 October 2017 at 06:25 AM EDT. 39 Comments
STANDARDS
Last winter we covered work being done out of the Imperial College in London on the wild results when fuzzing OpenGL shaders in uncovering issues in multiple OpenGL drivers, including the Mesa drivers. The scholarly results were recently published of this testing within Automated Testing of Graphics Shader Compilers.

Alastair Donaldson and others at the Imperial College London have finished their work into automated testing of shaders. Their work into detecting shader defects has uncovered more than 60 distinct bugs. They explain, "Our experiments over a set of 17 GPU and driver configurations, spanning the main 7 GPU designers, have led to us finding and reporting more than 60 distinct bugs, covering all tested configurations. As well as defective rendering, these issues identify security-critical vulnerabilities that affect WebGL, including a significant remote information leak security bug where a malicious web page can capture the contents of other browser tabs, and a bug whereby visiting a malicious web page can lead to a “blue screen of death” under Windows 10. Our findings show that shader compiler defects are prevalent, and that metamorphic testing provides an effective means for detecting them automatically."


The 29-page paper for those interested in all the exciting technical details can be read at ic.ac.uk. Unfortunately the source to GLFuzz does not appear to be public.
39 Comments
Related News
Linux Foundation, Intel & Others Launch The Open Platform for Enterprise AI
Khronos Releases OpenXR 1.1 For Cross-Platform AR/VR Development
OpenCL 3.0.16 Released With One New Extension, Semaphores & External Memory Finalized
More Organizations Join The Ultra Ethernet Consortium, v1.0 Spec In Q3
Linux Foundation Gets Involved With Lottie To Develop Formal File Format Specification
PoCL 5.0 Released With Transparent OpenCL Over Networked Systems Capability
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Fedora Linux 40 Cleared For Release Next Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance