Commit Graph

57 Commits

Author SHA1 Message Date
Qunxin Liu e1a5ce6aa6 Fix fuzzer crash testcase
Add a check for stringOffSet(uint16) overflow,
return early if overflow happens
2019-05-24 15:26:20 -04:00
Behdad Esfahbod 9ef241cd40 [test] Add one more 2019-05-20 11:38:02 -04:00
Behdad Esfahbod 3efb7af7e2 [STAT] Fix sanitize condition
Oops!

Fixes https://oss-fuzz.com/testcase-detail/5696825891225600
2019-05-20 11:37:16 -04:00
Behdad Esfahbod 25a5b287f2 Fix sanitize fail of extension sublookups
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=960331
2019-05-10 16:03:20 -07:00
Ebrahim Byagowi df237d2fe7
[test] Add https://crbug.com/oss-fuzz/14641 testcase
As 503748d fix
2019-05-08 14:17:14 -07:00
Ebrahim Byagowi 62c6e17072 [test] Add crbug.com/oss-fuzz/14474 testcase
Fixed at 6977a95f
2019-04-28 10:55:07 -07:00
Michiharu Ariza ba0386060d fix oss-fuzz issue 14345 2019-04-18 18:18:05 -04:00
Behdad Esfahbod ec2a5dc859 Use class templates for Null objects
This allows partial-instantiating custom Null object for template Lookup<T>.
Before, this had to be handcoded per instantiation.  Apparently I missed
adding one for AAT::ankr.lookupTable, so it was getting the wrong (generic)
null for Lookup object, which is wrong and unsafe.

Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=944346
2019-03-26 16:23:40 -07:00
Michiharu Ariza bcb4e505d6
cff2 subset fuzzer issues (#1619)
* add check to FDArray::serialize

* add test files

* fix off by one
2019-03-15 13:46:25 -07:00
Behdad Esfahbod 6879efc2c1 [AAT] Fix anchor bound checking, again
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12532
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=922303
2019-01-17 14:08:02 -05:00
Behdad Esfahbod 91d774712f [test] Add test for previous commit 2019-01-14 15:31:31 -05:00
Behdad Esfahbod 7a6686a589 [AAT] Fix mort ContextualSubtable offset access
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12312
2019-01-14 15:09:14 -05:00
Behdad Esfahbod a3fa7d3336 [AAT] Fix ankr table access
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=918340
2019-01-14 14:37:36 -05:00
Michiharu Ariza 798e98c47b [CFF] bad offset in Index (#1476)
* Update hb-ot-cff-common.hh

* fix bug

* bummer fix wasn't hit. refix

* additional sanity check

* Added test cases for oss-fuzz issues 11805, 11806
2018-12-12 21:08:15 -05:00
Michiharu Ariza bcb4ecaf68 [CFF] check out of range FD index (#1477)
* add fd index checks to subr subsetter

also added oss-fuzz test case

* undid SubrSubsetParam::is_valid

because already validated by SubrClosures.valid
2018-12-12 20:36:01 -05:00
Michiharu Ariza 2941208f1e [CFF] oss-fuzz issue 11690 ASSERT: substr.offset >= opStart (#1461)
* fix oss-fuzz 11690: substr.offset >= opStart

detect recursive subroutine call & handle as error

* fix build failure

* add minimized test case for oss-fuzz 11690

* removed asserts
2018-12-11 15:21:24 -05:00
Michiharu Ariza ae087d10c2 add minimized test case for oss-fuzz issue 11714 2018-12-05 21:47:34 -08:00
Ebrahim Byagowi f95324a335
Merge pull request #1457 from harfbuzz/cff-varstore-sanitize
[CFF] oss-fuzz issue 11713 (CFF2VariationStore::serialize)
2018-12-06 08:33:44 +03:30
Michiharu Ariza 9d8f3b0dfb add minimized test case for oss-fuzz issue 11713 2018-12-05 17:14:51 -08:00
Michiharu Ariza 34e3ef8ff3 Merge branch 'master' into cff-subr-sanitize 2018-12-05 15:50:05 -08:00
Michiharu Ariza 72d8f76368 add minimized test case for oss-fuzz issue 11691 2018-12-05 15:49:11 -08:00
Behdad Esfahbod d9dabc00e9
Merge pull request #1454 from harfbuzz/cff-fixbcd
[CFF] fix oss-fuzz issue 11674: parse_bcd
2018-12-05 15:39:34 -08:00
Michiharu Ariza 6708c5595f fix oss-fuzz issue 11675 (ASSERT: count <= str.len)
Also added an additional error check to avail ()
2018-12-05 12:51:18 -08:00
Michiharu Ariza 010e2ddb38 minimized test case for oss-fuzz issue 11674 2018-12-05 12:23:58 -08:00
Ebrahim Byagowi 79e7e3445e
Merge pull request #1449 from harfbuzz/cff-fixcharset
[CFF] fix for oss-fuzz 11657: Charset overrun
2018-12-05 13:25:18 +03:30
Ebrahim Byagowi cf4b7db6b1
Merge pull request #1448 from harfbuzz/cff-leak
[CFF] fix leak: oss-fuzz 11662
2018-12-05 13:23:23 +03:30
Michiharu Ariza 32cc46c75a [CFF] fix oss-fuzz issue 11670: NULL dereference (#1450)
* guard against no subr access

* code tweak

* add minimized testcase for oss-fuzz 11670 (Null deference)
2018-12-05 09:02:34 +03:30
Michiharu Ariza 78f639b8bf added minimized testcase for oss-fuzz issue 11657 2018-12-04 14:17:03 -08:00
Michiharu Ariza b61f74f69a added minimized test case for oss-fuzz issue 11662 2018-12-04 10:30:35 -08:00
Michiharu Ariza 9424e80526 added minimized test cases 2018-12-03 16:18:10 -08:00
Behdad Esfahbod 84efe0438e [aat] Fix division sign fallout
Happened after 11d2f49af8
since now nClasses is unsigned int...
2018-12-02 12:39:14 -05:00
Behdad Esfahbod 1204a247a5 [fuzzing] Add tests for previous commit
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11526
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11522
2018-11-24 09:49:21 -05:00
Behdad Esfahbod 2c8188bf59 [kerx] Make sure subtables are non-zero-length
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11400
2018-11-22 22:02:19 -05:00
Garret Rieger 8982830d3e [subset] add fuzzer testcase. 2018-11-22 21:30:01 -05:00
Behdad Esfahbod 5212cd8af2 [fuzzing] Add new test 2018-11-12 14:25:18 -05:00
Behdad Esfahbod a549aa14a0 [kerx] Protect against stack underflow
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11367
2018-11-12 13:02:39 -05:00
Behdad Esfahbod 752bd8a192 [kerx] Fix Format1 tupleKern sanitization
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11312
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11305
2018-11-10 21:13:32 -05:00
Behdad Esfahbod 3a9fa8c026 [qsort] Fix O(N^2) behavior if all array elements are the same
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11327

Reported as https://github.com/noporpoise/sort_r/issues/7
2018-11-10 01:58:26 -05:00
Ebrahim Byagowi c560ca9251
[fuzz] A new testcase 2018-11-03 13:03:36 +03:30
Khaled Hosny 0af3d176a6 [sbix] Fix memory leak in early return
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11210
2018-10-30 17:05:28 +02:00
Behdad Esfahbod 12058e44d1 [fuzzing] Add more test 2018-10-26 21:22:26 -07:00
Ebrahim Byagowi 0229eaea29
[fuzz] Add a found hb-subset testcase 2018-10-22 10:51:37 +03:30
Ebrahim Byagowi 9b3461574f
[fuzz] Add more testcases
Fixed already but better to have anyway.

One didn't have minimized but it was only 164 B, so
2018-10-21 11:37:38 +03:30
Behdad Esfahbod 217a3728b4 [fuzzing] Add more font 2018-10-20 20:39:56 -07:00
Ebrahim Byagowi d39acc5a95
[fuzzing] Add new testcases 2018-10-20 12:20:30 +03:30
Ebrahim Byagowi fbf665b307
[fuzz] Add more found cases (#1275) 2018-10-19 08:09:53 +03:30
Behdad Esfahbod b9478e28ac Revert "[test] Remove not-fixed yet testcases (#1268)"
This reverts commit 191eef823f.
2018-10-17 22:11:49 -07:00
Ebrahim Byagowi 191eef823f
[test] Remove not-fixed yet testcases (#1268)
I added them but now that I think, it is a bad idea to have them as
fuzzing bots will find good seeds to tweak in order to find easy new
testcases which causes duplicated issues.
2018-10-18 08:04:18 +03:30
Ebrahim Byagowi 751c10e55e
[fuzz] Add more new testcases 2018-10-18 06:36:48 +03:30
Ebrahim Byagowi fd282eb328
[fuzz] Add a new testcase 2018-10-18 06:33:39 +03:30