walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Check for failed subset input creation in the fuzzer.

This commit is contained in:
Garret Rieger 2023-03-13 19:50:28 +00:00 committed by Behdad Esfahbod
parent 6d2705a719
commit 7a87b17742
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-4801020053291008 Normal file
View File

Binary file not shown.

12
test/fuzzing/hb-subset-fuzzer.cc
View File

@ -64,12 +64,24 @@ extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
}; };
hb_subset_input_t *input = hb_subset_input_create_or_fail (); hb_subset_input_t *input = hb_subset_input_create_or_fail ();
if (!input)
{
hb_face_destroy (face);
hb_blob_destroy (blob);
return 0;
}
trySubset (face, text, sizeof (text) / sizeof (hb_codepoint_t), flags, input); trySubset (face, text, sizeof (text) / sizeof (hb_codepoint_t), flags, input);
unsigned num_axes; unsigned num_axes;
hb_codepoint_t text_from_data[16]; hb_codepoint_t text_from_data[16];
if (size > sizeof (text_from_data) + sizeof (flags) + sizeof(num_axes)) { if (size > sizeof (text_from_data) + sizeof (flags) + sizeof(num_axes)) {
hb_subset_input_t *input = hb_subset_input_create_or_fail (); hb_subset_input_t *input = hb_subset_input_create_or_fail ();
if (!input)
{
hb_face_destroy (face);
hb_blob_destroy (blob);
return 0;
}
size -= sizeof (text_from_data); size -= sizeof (text_from_data);
memcpy (text_from_data, memcpy (text_from_data,
data + size, data + size,