From 1beb08862e9bd668599f0385d7ba59272fc24912 Mon Sep 17 00:00:00 2001 From: Garret Rieger Date: Mon, 12 Mar 2018 16:08:16 -0700 Subject: [PATCH] [subset] First pass at setting up a fuzzing program for hb-subset. --- src/Makefile.am | 24 ++++++++++++++++++++- test/fuzzing/Makefile.am | 15 +++++++++++++ test/fuzzing/hb-subset-fuzzer.cc | 37 ++++++++++++++++++++++++++++++++ 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 test/fuzzing/hb-subset-fuzzer.cc diff --git a/src/Makefile.am b/src/Makefile.am index afa104b83..4d1f237db 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -17,7 +17,7 @@ check_PROGRAMS = # Convenience targets: lib: $(BUILT_SOURCES) libharfbuzz.la libharfbuzz-subset.la -fuzzing: $(BUILT_SOURCES) libharfbuzz-fuzzing.la +fuzzing: $(BUILT_SOURCES) libharfbuzz-fuzzing.la libharfbuzz-subset-fuzzing.la lib_LTLIBRARIES = libharfbuzz.la @@ -193,6 +193,28 @@ libharfbuzz_fuzzing_la_LIBADD = $(libharfbuzz_la_LIBADD) EXTRA_libharfbuzz_fuzzing_la_DEPENDENCIES = $(EXTRA_libharfbuzz_la_DEPENDENCIES) CLEANFILES += libharfbuzz-fuzzing.la +SUBSET_FUZZING_CPPFLAGS = \ + -DHB_NDEBUG \ + -DHB_MAX_NESTING_LEVEL=3 \ + -DHB_SANITIZE_MAX_EDITS=3 \ + -DHB_SANITIZE_MAX_OPS_FACTOR=3 \ + -DHB_SANITIZE_MAX_OPS_MIN=128 \ + -DHB_BUFFER_MAX_LEN_FACTOR=3 \ + -DHB_BUFFER_MAX_LEN_MIN=8 \ + -DHB_BUFFER_MAX_LEN_DEFAULT=128 \ + -DHB_BUFFER_MAX_OPS_FACTOR=8 \ + -DHB_BUFFER_MAX_OPS_MIN=64 \ + -DHB_BUFFER_MAX_OPS_DEFAULT=1024 \ + $(NULL) +EXTRA_LTLIBRARIES = libharfbuzz-subset-fuzzing.la +libharfbuzz_subset_fuzzing_la_LINK = $(chosen_linker) $(libharfbuzz_subset_fuzzing_la_LDFLAGS) +libharfbuzz_subset_fuzzing_la_SOURCES = $(libharfbuzz_subset_la_SOURCES) +libharfbuzz_subset_fuzzing_la_CPPFLAGS = $(HBCFLAGS) $(SUBSET_FUZZING_CPPFLAGS) +libharfbuzz_subset_fuzzing_la_LDFLAGS = $(AM_LDFLAGS) +libharfbuzz_subset_fuzzing_la_LIBADD = $(libharfbuzz_subset_la_LIBADD) +EXTRA_libharfbuzz_subset_fuzzing_la_DEPENDENCIES = $(EXTRA_libharfbuzz_subset_la_DEPENDENCIES) +CLEANFILES += libharfbuzz-subset-fuzzing.la + if HAVE_ICU if HAVE_ICU_BUILTIN HBCFLAGS += $(ICU_CFLAGS) diff --git a/test/fuzzing/Makefile.am b/test/fuzzing/Makefile.am index a7f736239..638f2f0d6 100644 --- a/test/fuzzing/Makefile.am +++ b/test/fuzzing/Makefile.am @@ -20,6 +20,7 @@ EXTRA_DIST += \ check_PROGRAMS = \ hb-fuzzer \ + hb-subset-fuzzer \ $(NULL) AM_CPPFLAGS = \ @@ -46,6 +47,20 @@ hb_fuzzer_DEPENDENCIES = \ lib \ $(NULL) +hb_subset_fuzzer_SOURCES = \ + hb-subset.hh \ + hb-subset-fuzzer.cc \ + $(NULL) +hb_subset_fuzzer_LDADD = \ + $(top_builddir)/src/libharfbuzz-subset-fuzzing.la \ + $(NULL) +hb_subset_fuzzer_CPPFLAGS = \ + $(AM_CPPFLAGS) \ + $(NULL) +hb_subset_fuzzer_DEPENDENCIES = \ + lib \ + $(NULL) + check: EXEEXT="$(EXEEXT)" srcdir="$(srcdir)" builddir="$(builddir)" $(srcdir)/run-fuzzer-tests.py diff --git a/test/fuzzing/hb-subset-fuzzer.cc b/test/fuzzing/hb-subset-fuzzer.cc new file mode 100644 index 000000000..3081a57cf --- /dev/null +++ b/test/fuzzing/hb-subset-fuzzer.cc @@ -0,0 +1,37 @@ +#include "hb-fuzzer.hh" + +#include +#include +#include + +#include "hb-subset.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + hb_blob_t *blob = hb_blob_create ((const char *)data, size, + HB_MEMORY_MODE_READONLY, NULL, NULL); + hb_face_t *face = hb_face_create (blob, 0); + hb_subset_profile_t *profile = hb_subset_profile_create (); + // TODO(grieger): Loop through common profiles (hints, no hints, etc.) + hb_subset_input_t *input = hb_subset_input_create_or_fail (); + hb_set_t *codepoints = hb_subset_input_unicode_set (input); + + const hb_codepoint_t text[] = + { + 'A', 'B', 'C', 'D', 'E', 'X', 'Y', 'Z', '1', '2', + '3', '@', '_', '%', '&', ')', '*', '$', '!' + }; + for (int i = 0; i < sizeof (text) / sizeof (hb_codepoint_t); i++) + { + hb_set_add (codepoints, text[i]); + } + + hb_face_t *result = hb_subset (face, profile, input); + + hb_subset_input_destroy (input); + hb_subset_profile_destroy (profile); + hb_face_destroy (face); + hb_blob_destroy (blob); + + return 0; +}