[subset] First pass at setting up a fuzzing program for hb-subset.

src/Makefile.am

@@ -17,7 +17,7 @@ check_PROGRAMS =
 
 # Convenience targets:
 lib: $(BUILT_SOURCES) libharfbuzz.la libharfbuzz-subset.la
-fuzzing: $(BUILT_SOURCES) libharfbuzz-fuzzing.la
+fuzzing: $(BUILT_SOURCES) libharfbuzz-fuzzing.la libharfbuzz-subset-fuzzing.la
 
 lib_LTLIBRARIES = libharfbuzz.la
 
@@ -193,6 +193,28 @@ libharfbuzz_fuzzing_la_LIBADD = $(libharfbuzz_la_LIBADD)
 EXTRA_libharfbuzz_fuzzing_la_DEPENDENCIES = $(EXTRA_libharfbuzz_la_DEPENDENCIES)
 CLEANFILES += libharfbuzz-fuzzing.la
 
+SUBSET_FUZZING_CPPFLAGS = \
+	-DHB_NDEBUG \
+	-DHB_MAX_NESTING_LEVEL=3 \
+	-DHB_SANITIZE_MAX_EDITS=3 \
+	-DHB_SANITIZE_MAX_OPS_FACTOR=3 \
+	-DHB_SANITIZE_MAX_OPS_MIN=128 \
+	-DHB_BUFFER_MAX_LEN_FACTOR=3 \
+	-DHB_BUFFER_MAX_LEN_MIN=8 \
+	-DHB_BUFFER_MAX_LEN_DEFAULT=128 \
+	-DHB_BUFFER_MAX_OPS_FACTOR=8 \
+	-DHB_BUFFER_MAX_OPS_MIN=64 \
+	-DHB_BUFFER_MAX_OPS_DEFAULT=1024 \
+	$(NULL)
+EXTRA_LTLIBRARIES = libharfbuzz-subset-fuzzing.la
+libharfbuzz_subset_fuzzing_la_LINK = $(chosen_linker) $(libharfbuzz_subset_fuzzing_la_LDFLAGS)
+libharfbuzz_subset_fuzzing_la_SOURCES = $(libharfbuzz_subset_la_SOURCES)
+libharfbuzz_subset_fuzzing_la_CPPFLAGS = $(HBCFLAGS) $(SUBSET_FUZZING_CPPFLAGS)
+libharfbuzz_subset_fuzzing_la_LDFLAGS = $(AM_LDFLAGS)
+libharfbuzz_subset_fuzzing_la_LIBADD = $(libharfbuzz_subset_la_LIBADD)
+EXTRA_libharfbuzz_subset_fuzzing_la_DEPENDENCIES = $(EXTRA_libharfbuzz_subset_la_DEPENDENCIES)
+CLEANFILES += libharfbuzz-subset-fuzzing.la
+
 if HAVE_ICU
 if HAVE_ICU_BUILTIN
 HBCFLAGS += $(ICU_CFLAGS)

test/fuzzing/Makefile.am

@@ -20,6 +20,7 @@ EXTRA_DIST += \
 
 check_PROGRAMS = \
 	hb-fuzzer \
+	hb-subset-fuzzer \
 	$(NULL)
 
 AM_CPPFLAGS = \
@@ -46,6 +47,20 @@ hb_fuzzer_DEPENDENCIES = \
 	lib \
 	$(NULL)
 
+hb_subset_fuzzer_SOURCES = \
+	hb-subset.hh \
+	hb-subset-fuzzer.cc \
+	$(NULL)
+hb_subset_fuzzer_LDADD = \
+	$(top_builddir)/src/libharfbuzz-subset-fuzzing.la \
+	$(NULL)
+hb_subset_fuzzer_CPPFLAGS = \
+	$(AM_CPPFLAGS) \
+	$(NULL)
+hb_subset_fuzzer_DEPENDENCIES = \
+	lib \
+	$(NULL)
+
 check:
 	EXEEXT="$(EXEEXT)" srcdir="$(srcdir)" builddir="$(builddir)" $(srcdir)/run-fuzzer-tests.py
 

test/fuzzing/hb-subset-fuzzer.cc

@@ -0,0 +1,37 @@
+#include "hb-fuzzer.hh"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "hb-subset.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+  hb_blob_t *blob = hb_blob_create ((const char *)data, size,
+                                    HB_MEMORY_MODE_READONLY, NULL, NULL);
+  hb_face_t *face = hb_face_create (blob, 0);
+  hb_subset_profile_t *profile = hb_subset_profile_create ();
+  // TODO(grieger): Loop through common profiles (hints, no hints, etc.)
+  hb_subset_input_t *input = hb_subset_input_create_or_fail ();
+  hb_set_t *codepoints = hb_subset_input_unicode_set (input);
+
+  const hb_codepoint_t text[] =
+      {
+        'A', 'B', 'C', 'D', 'E', 'X', 'Y', 'Z', '1', '2',
+        '3', '@', '_', '%', '&', ')', '*', '$', '!'
+      };
+  for (int i = 0; i < sizeof (text) / sizeof (hb_codepoint_t); i++)
+  {
+    hb_set_add (codepoints, text[i]);
+  }
+
+  hb_face_t *result = hb_subset (face, profile, input);
+
+  hb_subset_input_destroy (input);
+  hb_subset_profile_destroy (profile);
+  hb_face_destroy (face);
+  hb_blob_destroy (blob);
+
+  return 0;
+}