From dc04261a5b8408bcfde16090ddf91568c3d8dae7 Mon Sep 17 00:00:00 2001
From: Garret Rieger <grieger@google.com>
Date: Wed, 30 Jan 2019 15:23:19 -0800
Subject: [PATCH] [subset] Update the subset fuzzer to determine which options
 to use based on data in the fuzzing test case. Add support for toggling
 retain_gids.

---
 test/fuzzing/hb-subset-fuzzer.cc | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/test/fuzzing/hb-subset-fuzzer.cc b/test/fuzzing/hb-subset-fuzzer.cc
index 3a71f221f..56ffd2271 100644
--- a/test/fuzzing/hb-subset-fuzzer.cc
+++ b/test/fuzzing/hb-subset-fuzzer.cc
@@ -11,11 +11,13 @@ trySubset (hb_face_t *face,
 	   const hb_codepoint_t text[],
 	   int text_length,
 	   bool drop_hints,
-	   bool drop_layout)
+	   bool drop_layout,
+	   bool retain_gids)
 {
   hb_subset_input_t *input = hb_subset_input_create_or_fail ();
   hb_subset_input_set_drop_hints (input, drop_hints);
   hb_subset_input_set_drop_layout (input, drop_layout);
+  hb_subset_input_set_retain_gids (input, retain_gids);
   hb_set_t *codepoints = hb_subset_input_unicode_set (input);
 
   for (int i = 0; i < text_length; i++)
@@ -32,16 +34,14 @@ trySubset (hb_face_t *face,
 static void
 trySubset (hb_face_t *face,
 	   const hb_codepoint_t text[],
-	   int text_length)
+	   int text_length,
+	   const uint8_t flags[1])
 {
-  for (unsigned int drop_hints = 0; drop_hints < 2; drop_hints++)
-  {
-    for (unsigned int drop_layout = 0; drop_layout < 2; drop_layout++)
-    {
-      trySubset (face, text, text_length,
-		 (bool) drop_hints, (bool) drop_layout);
-    }
-  }
+  bool drop_hints =  flags[0] & (1 << 0);
+  bool drop_layout = flags[0] & (1 << 1);
+  bool retain_gids = flags[0] & (1 << 2);
+  trySubset (face, text, text_length,
+	     drop_hints, drop_layout, retain_gids);
 }
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
@@ -55,21 +55,27 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
   hb_face_collect_unicodes (face, output);
   hb_set_destroy (output);
 
+  uint8_t flags[1] = {0};
   const hb_codepoint_t text[] =
       {
 	'A', 'B', 'C', 'D', 'E', 'X', 'Y', 'Z', '1', '2',
 	'3', '@', '_', '%', '&', ')', '*', '$', '!'
       };
 
-  trySubset (face, text, sizeof (text) / sizeof (hb_codepoint_t));
+  trySubset (face, text, sizeof (text) / sizeof (hb_codepoint_t), flags);
 
   hb_codepoint_t text_from_data[16];
-  if (size > sizeof(text_from_data)) {
+  if (size > sizeof(text_from_data) + sizeof(flags)) {
     memcpy (text_from_data,
 	    data + size - sizeof(text_from_data),
 	    sizeof(text_from_data));
+
+    memcpy (flags,
+	    data + size - sizeof(text_from_data) - sizeof(flags),
+	    sizeof(flags));
     unsigned int text_size = sizeof (text_from_data) / sizeof (hb_codepoint_t);
-    trySubset (face, text_from_data, text_size);
+
+    trySubset (face, text_from_data, text_size, flags);
   }
 
   hb_face_destroy (face);