Commit Graph

10436 Commits

Author SHA1 Message Date
ariza 0b29053864 removed unused code 2020-03-05 10:11:23 +03:30
ariza e8f010d793 removed unused code & data; rename 2020-03-05 10:11:23 +03:30
Garret Rieger 14a7b6f1ab Set hb_buffer_t to use array_t.reverse(). 2020-03-04 16:52:29 -08:00
ariza 5935a1dc0b add pop_discard() calls to errror returns 2020-03-05 01:22:51 +03:30
ariza c05458ec7f update cff & cff2 subsetters 2020-03-05 01:22:51 +03:30
Ebrahim Byagowi 446d1e3bbc [fuzz] Add more of fixed cases 2020-03-05 00:49:03 +03:30
Ebrahim Byagowi 9004848560 [gvar] Make sure font's num_coords matches with gvar.axisCount 2020-03-04 12:43:26 +03:30
Ebrahim Byagowi 1af3363f9e [gvar] Use hb_array_t instead indexing raw pointers 2020-03-04 12:43:26 +03:30
Ebrahim Byagowi 99b5b3f1b1 [gvar] Make sure TupleVarHeader has the needed size
Fixes https://crbug.com/oss-fuzz/21026
2020-03-04 12:43:26 +03:30
Ebrahim Byagowi b398748d8b
[algs] Add hb_clamp
Similar to stl and glsl's clamp
2020-03-04 11:18:19 +03:30
Ebrahim Byagowi 558f922788 [fuzz] Avoid empty memcpy and ubsan complain by length checking before memcpy 2020-03-03 21:39:22 +03:30
Ebrahim Byagowi 6543d166fd [fuzz] Remove the not yet fixed timeout, going to investigate 2020-03-03 21:39:22 +03:30
Ebrahim Byagowi 2bbf1c8673 [fuzz] Add more of supposed to already be fixed cases from Chromium bug tracker 2020-03-03 21:39:22 +03:30
Ebrahim Byagowi f745777c60 minor, debug bit, ops 2020-03-03 19:14:41 +03:30
Ebrahim Byagowi f253f06cf3 [fuzz] Add another fixed case
https://crbug.com/oss-fuzz/14626

another numerous subtables count which is fixed by d38360397
2020-03-03 19:12:04 +03:30
Ebrahim Byagowi d383603976
Limit OT::Lookup subtables (#2219)
Fixes https://crbug.com/oss-fuzz/13943
2020-03-02 22:41:08 +03:30
Ebrahim Byagowi 29efd964f2
[fuzz] Add cases that marked as wontfix
Let's see if they were really false alarms, if so, let's just have them.
2020-03-02 14:22:29 +03:30
Ebrahim Byagowi 60262e4ca9 [var] Build end-points array on gvar itself 2020-02-29 22:57:59 +03:30
Ebrahim Byagowi cb65150fec
[draw] minor 2020-02-29 16:12:54 +03:30
Ebrahim Byagowi 44169f3396
[draw] Fix invalid rendering of some glyph on Estedad-VF
Basically reverts 11f3fca so I can do the same tested and better later

Fixes #2215
2020-02-29 16:04:03 +03:30
Ebrahim Byagowi 86c40b3a1d [fuzz/draw] Call _get_glyph_extents
Other render related APIs also may be added also later such
as ot-color and future rendering things.
2020-02-29 14:53:34 +03:30
Michiharu Ariza 5ab50eebd7
collect_unicodes() with clamp, calling add_range()
Use add_range instead an inner loop, clamp its input number by
number of glyphs a face has.

Even the face cmap12 and 13 have 32-bit hb_codepoint_t, which is here
used to make timeout, face's maxp has 16-bit gid limitation at least for now,
using that makes sure we both fix and the timeout and don't need to change
much things here also in order to support 32-bit gids also someday.

Fixes #2204
2020-02-29 13:02:29 +03:30
Garret Rieger 414529e45a [subset] Limit the number of feature indices processed during script subsetting. 2020-02-28 16:10:14 -08:00
Garret Rieger 75622b0d24 [subset] Limit the number of features processed in the feature closure. 2020-02-28 16:10:14 -08:00
Garret Rieger 410b4881d0 [subset] Add fuzzer timeout testcase. 2020-02-28 16:10:14 -08:00
Garret Rieger c66ee213b7 Limit the number of feature indices processed during feature collection. 2020-02-28 16:10:14 -08:00
Ebrahim Byagowi e57ced5fc0
[gvar] Add other possibly fixed fuzzer case
Speculatively should've been fixed by 61208401

https://crbug.com/oss-fuzz/20924 related
2020-02-28 23:29:05 +03:30
Ebrahim Byagowi 758fda728b
[glyf] Don't accept gids higher than maxp's glyphs number
This specially becomes concerning on sub-components where a gvar table
that is sanitized using maxp's glyphs number overflows when a high gid
accepted here goes to it, maybe an additional check can be put there
also, this however feels to be enough.

Fixes https://crbug.com/oss-fuzz/20944
2020-02-28 23:19:06 +03:30
Ebrahim Byagowi e642aab116
[subset] Add source_blob as a hb_subset_context_t field (#2203)
So no more double sanitizing source table.
2020-02-28 22:24:25 +03:30
Ebrahim Byagowi e90213868b Revert "collect_unicodes() to check gid < num_glyphs with cmap 12"
Didn't fix the case actually, making bots to fail.

This reverts commit 15b43a4104.
2020-02-28 21:24:51 +03:30
Ebrahim Byagowi 61208401f4
[gvar] Use hb_bytes_t.check_range instead having in house one
And use TupleVarHeader calculated size for validity check.

Fixes https://crbug.com/oss-fuzz/20919 and possibly other gvar related issues
2020-02-28 21:09:07 +03:30
Michiharu Ariza 15b43a4104
collect_unicodes() to check gid < num_glyphs with cmap 12
fixes #2204
2020-02-28 20:15:39 +03:30
Ebrahim Byagowi 868ecf7b26 [draw] Add fuzzer runner 2020-02-28 19:57:56 +03:30
Qunxin Liu b0749bfaa5 [subset] GDEF LigCaretList subsetting support 2020-02-28 14:51:52 +03:30
ariza 002f0e20c4 reimplment serialize_int using check_assign() 2020-02-28 14:21:58 +03:30
Ebrahim Byagowi 14b134379d [gvar] Minor, check whether sub_array result also have enough room 2020-02-27 21:01:48 +03:30
Ebrahim Byagowi 8eba66c1c6 [gvar] Fix invalid memory access by refactoring GlyphVarData fetch logic
Fixes https://crbug.com/oss-fuzz/20906
2020-02-27 20:26:54 +03:30
Evgeniy Reizner f44e1dc07d Fix spelling. 2020-02-27 13:33:56 +03:30
Qunxin Liu 5ad761b943 [subset] GDEF MarkGlyphSets subsetting support 2020-02-26 15:15:21 -08:00
Qunxin Liu fcd7f33bbb [subset] GDEF glyphClassDef subsetting support
glyphClassDef uses the same ClassDef format. However, glyphClassDef table
uses predefined class values so we do not remap class values.
2020-02-26 11:10:31 -08:00
Garret Rieger 50129b03a1 Add a reverse () call to hb_array_t. 2020-02-26 11:09:54 -08:00
Garret Rieger 38c6598c1c Switch to C style comments. 2020-02-26 11:09:54 -08:00
Garret Rieger 52b6e0baa0 When serializing cmap14 order the offsets from smallest to largest.
Current versions of OTS fail fonts with cmap 14's who's last offset does not point to the a block at the end of the table.
2020-02-26 11:09:54 -08:00
ariza a99134c5be add oss-fuzz 20886 test file 2020-02-26 09:58:03 -08:00
ariza d0aaba5c50 fixes oss-fuzz 20886
hb_set_t::resize () is needed after compact()
2020-02-26 09:35:32 -08:00
Ebrahim Byagowi 05a25c1a5b
[cff] minor, remove unused fields 2020-02-26 19:35:27 +03:30
Ebrahim Byagowi 9fe0dc3464 [draw] Pass draw_helper_t itself around instead recreating it
Specially helpful if we want to change the design
2020-02-26 17:40:46 +03:30
Ebrahim Byagowi 1b8b863898 minor 2020-02-26 16:36:48 +03:30
Ebrahim Byagowi 4cdaa9d1f4 [glyf] Simplify contour end logic
So no need for infinite loop here
2020-02-26 16:29:14 +03:30
Ebrahim Byagowi 132fcfbc47 [fuzz] minor don't abort main.cc when the file was empty or not found 2020-02-26 16:15:17 +03:30