From 152000d9c761233261cfbfb22e771eb97576aab3 Mon Sep 17 00:00:00 2001
From: Ebrahim Byagowi <ebrahim@gnu.org>
Date: Tue, 25 Feb 2020 20:07:25 +0330
Subject: [PATCH] [fuzz] Practice variations on font object

---
 test/api/test-ot-face.c         |  8 +++-----
 test/fuzzing/hb-shape-fuzzer.cc | 16 ++++++++++++++--
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/test/api/test-ot-face.c b/test/api/test-ot-face.c
index f37077373..0109168ef 100644
--- a/test/api/test-ot-face.c
+++ b/test/api/test-ot-face.c
@@ -33,10 +33,9 @@
 
 
 static void
-test_face (hb_face_t *face,
-	   hb_codepoint_t cp)
+test_font (hb_font_t *font, hb_codepoint_t cp)
 {
-  hb_font_t *font = hb_font_create (face);
+  hb_face_t *face = hb_font_get_face (font);
   hb_set_t *set;
   hb_codepoint_t g;
   hb_position_t x, y;
@@ -126,14 +125,13 @@ test_face (hb_face_t *face,
   hb_draw_funcs_destroy (funcs);
 
   hb_set_destroy (set);
-  hb_font_destroy (font);
 }
 
 #ifndef TEST_OT_FACE_NO_MAIN
 static void
 test_ot_face_empty (void)
 {
-  test_face (hb_face_get_empty (), 0);
+  test_font (hb_font_get_empty (), 0);
 }
 
 static void
diff --git a/test/fuzzing/hb-shape-fuzzer.cc b/test/fuzzing/hb-shape-fuzzer.cc
index 64a6b12df..c761b2a39 100644
--- a/test/fuzzing/hb-shape-fuzzer.cc
+++ b/test/fuzzing/hb-shape-fuzzer.cc
@@ -3,6 +3,8 @@
 #include <hb-ot.h>
 #include <string.h>
 
+#include <stdlib.h>
+
 #define TEST_OT_FACE_NO_MAIN 1
 #include "../api/test-ot-face.c"
 #undef TEST_OT_FACE_NO_MAIN
@@ -16,6 +18,16 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
   hb_ot_font_set_funcs (font);
   hb_font_set_scale (font, 12, 12);
 
+  unsigned num_coords = 0;
+  if (size) num_coords = data[size - 1];
+  num_coords = hb_ot_var_get_axis_count (face) > num_coords ? num_coords : hb_ot_var_get_axis_count (face);
+  int *coords = (int *) calloc (num_coords, sizeof (int));
+  if (size > num_coords + 1)
+    for (unsigned i = 0; i < num_coords; ++i)
+      coords[i] = ((int) data[size - num_coords + i - 1] - 128) * 10;
+  hb_font_set_var_coords_normalized (font, coords, num_coords);
+  free (coords);
+
   {
     const char text[] = "ABCDEXYZ123@_%&)*$!";
     hb_buffer_t *buffer = hb_buffer_create ();
@@ -37,8 +49,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
   hb_shape (font, buffer, nullptr, 0);
   hb_buffer_destroy (buffer);
 
-  /* Misc calls on face. */
-  test_face (face, text32[15]);
+  /* Misc calls on font. */
+  test_font (font, text32[15]);
 
   hb_font_destroy (font);
   hb_face_destroy (face);