Ebrahim Byagowi
8eba66c1c6
[gvar] Fix invalid memory access by refactoring GlyphVarData fetch logic
...
Fixes https://crbug.com/oss-fuzz/20906
2020-02-27 20:26:54 +03:30
ariza
a99134c5be
add oss-fuzz 20886 test file
2020-02-26 09:58:03 -08:00
Ebrahim Byagowi
1b8b863898
minor
2020-02-26 16:36:48 +03:30
Ebrahim Byagowi
132fcfbc47
[fuzz] minor don't abort main.cc when the file was empty or not found
2020-02-26 16:15:17 +03:30
Ebrahim Byagowi
84163c83d3
[draw] Skip commands and paths not contributing anything
...
They aren't contributing to rendering and making issue for stroking, let's skip them
ourselves as Skia does also https://skia-review.googlesource.com/c/skia/+/268166
They are useful for extracting extents and so which that functionality won't be effected by this change.
2020-02-26 16:09:28 +03:30
Ebrahim Byagowi
152000d9c7
[fuzz] Practice variations on font object
2020-02-25 21:16:57 +03:30
Ebrahim Byagowi
036d868913
[draw] Add a fuzzer
...
Specially checks correctness of the API semantics:
* no move happens when a path is already opened with move-to.
* no path will be left open and close-path will happen at the end of opened paths.
* no path opens with a move-to and will be closed with no length.
* paths start and ending points matches.
* no line/quadratic/cubic command will be issued when no path is started.
2020-02-25 19:09:44 +03:30
Ebrahim Byagowi
96b71e802f
[fuzz] make the custom loader to handle multiple files
...
Actually this was the way it used to work :)
2020-02-24 23:01:02 +03:30
Ebrahim Byagowi
8d19907704
Remove python2 support from tests/utils scripts
2020-02-19 16:17:45 +03:30
Ebrahim Byagowi
a94d1af193
[fuzz] minor style fixes
2020-02-12 19:30:31 +03:30
Ebrahim Byagowi
1c015d3e9f
[fuzz] minor fuzzer case move, oops
2020-02-12 19:19:37 +03:30
Ebrahim Byagowi
49341faee2
[fuzz] minor, move two fuzzer cases to their correct place
2020-02-12 19:17:18 +03:30
Ebrahim Byagowi
97229244eb
[fuzzer] Fix hb-set-fuzzer minor overflow issue
...
Size shouldn't be smaller than the struct not its pointer size.
Fixes https://crbug.com/oss-fuzz/20655
2020-02-12 15:41:51 +03:30
Garret Rieger
7b42403c1c
Add explicit values to the set fuzzer enums.
2020-02-11 13:25:44 -08:00
Garret Rieger
e805923310
Add a few basic seeds for the set fuzzer.
2020-02-11 13:25:44 -08:00
Ebrahim Byagowi
ff984ed3cd
Use multiplication to avoid undefined behaviour per clang
...
Newer versions of MSVC with /we4146 don't like putting negative sign behind a
unsigned number as https://github.com/harfbuzz/harfbuzz/pull/2069
That however have made https://crbug.com/1050424 this complain:
src/hb-ot-color-sbix-table.hh:304:28: runtime error: negation of -2147483648 cannot be represented in type 'int';
cast to an unsigned type to negate this value to itself
which apparently can be fixed using this change.
Let's see if this won't make another ubsan complain!
2020-02-11 19:51:52 +03:30
Garret Rieger
bca9bc6b92
Add hb-set-fuzzer.
...
It fuzzes all of the hb_set process methods (intersection, subtraction, union, and symmetric difference).
2020-02-11 03:08:39 +03:30
ckitagawa
e128f80278
parent 777ba47b50
...
author ckitagawa <ckitagawa@chromium.org> 1579631743 -0500
committer ckitagawa <ckitagawa@chromium.org> 1580506176 -0500
[subset] Add CBLC support
2020-01-31 16:37:30 -05:00
ckitagawa
ed857c4680
[subset] Add COLR support
2020-01-28 15:35:53 -05:00
Ebrahim Byagowi
5897697250
[test] Increase subset timeout
...
No random timeout please
2020-01-25 00:32:46 +03:30
ckitagawa-work
0e4b2676bd
[subset] sbix fix missed offset is_null() check
2020-01-24 20:46:07 +03:30
ckitagawa
7dc341fe74
[subset] Fix UBSAN issue in sbix
2020-01-23 23:46:22 +03:30
ariza
1ab3924b31
refix PR #2087 subset PairPos1
...
also added oss-fuzz 20211 data fixed by this
2020-01-23 10:50:52 -08:00
ckitagawa
b18cb5b5ee
Add second fixed test
2020-01-22 10:11:15 -08:00
ckitagawa
8614a30bc9
[subset] Fix sbix fuzz problem
2020-01-22 10:11:15 -08:00
ckitagawa
6bcf57eaa3
Simplify copy and add fuzzing coverage
2020-01-15 13:36:01 -08:00
Ebrahim Byagowi
dc03a993d0
Fix collect lookups logic of FeatureTableSubstitution ( #2097 )
...
https://crbug.com/oss-fuzz/20036
2020-01-12 14:21:29 +03:30
Ebrahim Byagowi
a32ecc15ae
Fix collect lookups logic of FeatureVariationRecord
...
As "Offset to a feature table substitution table, from beginning of the FeatureVariations table."
from https://docs.microsoft.com/en-us/typography/opentype/spec/chapter2 the record should
match its sanitize logic not the reverse way.
Fixes https://crbug.com/oss-fuzz/20021 and https://crbug.com/oss-fuzz/20022
2020-01-11 15:37:24 +03:30
Michiharu Ariza
d2ab1ec65b
fixes oss-fuzz 19978: Null-dereference READ ( #2091 )
2020-01-10 07:54:16 +03:30
Ebrahim Byagowi
257a197ae7
Fail serialize when map has incorrect value
...
fixes https://crbug.com/oss-fuzz/19956
am not super happy with the fix, guess we should do some check
before the memcpy anyway as @blueshade7 thinks also,
so let's have it or revert it when we have a better approach for the case.
2020-01-09 22:55:45 +03:30
Ebrahim Byagowi
8ed46c3678
[fuzz] minor, add another already fixed case
...
https://crbug.com/oss-fuzz/19907
2020-01-07 23:43:53 +03:30
Ebrahim Byagowi
341407f7a5
[fuzz] minor, upload another fixed case
...
https://crbug.com/oss-fuzz/19878
2020-01-07 09:10:24 +03:30
Ebrahim Byagowi
7950beecfc
[subset] Fix null pointer dereference in hvar/vvar subset ( #2085 )
...
Rest of the code assumes there is at least one subtable, lets return here if not.
* https://crbug.com/oss-fuzz/19827
* https://crbug.com/oss-fuzz/19847
2020-01-06 21:25:00 +03:30
Ebrahim Byagowi
64a45be519
[ubsan] Don't decrease pointer if match_glyph_data is null ( #2048 )
...
Similar to fix on https://github.com/harfbuzz/harfbuzz/pull/2022
Fixes https://crbug.com/1023070
2019-11-09 12:25:33 +03:30
Ebrahim Byagowi
84b86a12d9
[fuzz] Remove just added case
...
It didn't fail locally but on bots causing timeout, let remove for now.
2019-11-06 09:22:34 +03:30
Ebrahim Byagowi
a8f049c9a1
[fuzz] Upload testcase of https://crbug.com/oss-fuzz/18529
...
Apparently false alarm per last comment and was ok locally also but lets have it here also
2019-11-05 22:26:36 +03:30
Qunxin Liu
defe9b6da0
crash fix : Heap-buffer-overflow READ 2
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18513
2019-10-25 13:09:47 -07:00
Qunxin Liu
b2fcca6e14
fuzzer crash fix
...
https://oss-fuzz.com/testcase-detail/5643107869917184
2019-10-24 16:11:30 -07:00
Ebrahim Byagowi
9815ca0338
[ci] Use custom subset fuzzer timeout for failing sanitizer bots
2019-10-25 00:16:23 +03:30
Garret Rieger
95ab110cd9
Optimize intersects_array to fix fuzzer timeout.
2019-10-22 13:33:50 -07:00
Qunxin Liu
b33a0d628e
fuzzer crash fix: Null-dereference WRITE
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18363
2019-10-22 01:01:08 +03:30
Ebrahim Byagowi
e766783152
[fuzz] Add https://crbug.com/oss-fuzz/17898 testcase
2019-10-21 22:17:06 +03:30
Garret Rieger
831daf4c76
Enforce HB_MAX_LANGSYS limit during layout subsetting.
2019-10-18 15:10:30 -07:00
Ebrahim Byagowi
0665dce116
[fuzzer] Don't process output in debug mode as it causes timeout
2019-09-21 17:36:33 +04:30
Ebrahim Byagowi
d3b984d379
Revert in-house pow10 ( d80a3ea
) and fix oss-fuzz/16922
...
Probably can be fixed but merging it was wrong so let's revert.
2019-09-02 18:28:03 +04:30
Ebrahim Byagowi
875985cd48
[subset] Don't allow malicious fonts to insert unlimited table headers
...
Fixes https://crbug.com/oss-fuzz/16810
2019-08-29 14:51:22 +04:30
Ebrahim Byagowi
269a120f13
[subset] Raise the bar in new vs old table size
...
https://crbug.com/oss-fuzz/16740
This is actually an interesting thing that {h,v}mtx allocates as
much as a font pretends to have glyphs but the solution is not
that obvious as regular fonts can have less than actually containing
metrics in their {h,v}mtx. This change raises the bar to consider this
hmtx 4 byte for every glyph case.
Initially we wanted to just find things allocating crazy amount of
memory but having the assert has led to interesting findings also
so let's don't remove the assert and see what we can find elsewhere.
2019-08-25 20:37:00 +04:30
Ebrahim Byagowi
28aba780c4
[subset] Fix blob leak of _subset2 when returns early
...
Fixes https://crbug.com/oss-fuzz/16639
2019-08-24 16:11:21 +04:30
Ebrahim Byagowi
b31d627f15
Increase subset fuzzer timeout to 16s
...
To satisfy -valgrind and -tsan bots, very ugly
2019-08-11 23:34:48 +04:30
Ebrahim Byagowi
e21bdf500d
Increase subset fuzzer timeout to 8s
...
Probably we should just remove timeout when running tsan and vaglrind here, the flaky bots
2019-07-28 22:59:09 +04:30