5c46683ab8
[fuzz] increase shape fuzzer timeout
...
as https://circleci.com/gh/harfbuzz/harfbuzz/149203
2020-07-22 17:23:22 +04:30
945bcd7230
minor
2020-07-15 09:54:32 +04:30
fa0436ddd1
[ENOMEM][fuzzer/subset] early return if the result is null
...
I don't see _or_fail APIs idiomatic for the project but since it is there, let's have this
2020-07-15 09:52:40 +04:30
11d583a9ea
[aat] Consume glyph insertion from buffer's max_ops ( #2223 )
...
Glyph insertion is an expensive operation and we like to have it limited
based on buffer's input size which is handled by buffer's max_ops.
clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5754958982021120:
Before the change: 0.67s user 0.00s system 99% cpu 0.674 total
After the change: 0.02s user 0.00s system 98% cpu 0.024 total
Which takes much longer on valgrind and tsan bots.
2020-07-13 18:53:06 -07:00
cd6f62d960
[meson] Raise timeout value of subset fuzzer testcases
...
happens when tsan is enabled
2020-07-12 23:05:11 +04:30
e4f9969108
[ci] migrate to meson
...
two bots, one bot here (distcheck) and one in travis still run autotools and
won't be removed till we decide about autotools
2020-07-08 19:18:31 +04:30
e04050e3b8
[meson] split fuzzer_ldflags before use
2020-07-08 01:06:30 +04:30
c5def34730
[meson] don't underscorify fuzzers names
2020-07-06 23:51:52 +04:30
d608f2ac85
[meson] Add fuzzer_ldflags
...
As ots, https://github.com/khaledhosny/ots/commit/4d37b9b
2020-07-06 23:51:52 +04:30
a470b0b205
Minor, disable strict-aliasing warning in set fuzzer
...
../test/fuzzing/hb-set-fuzzer.cc: In function ‘int LLVMFuzzerTestOneInput(const uint8_t*, size_t)’:
../test/fuzzing/hb-set-fuzzer.cc:38:82: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
38 | const instructions_t &instructions = reinterpret_cast<const instructions_t &> (data);
|
And it is already disabled at project level so let's disable it here also.
2020-07-05 10:49:10 +04:30
a07672d353
[py] minor, replace os.environ.get with os.getenv
2020-07-04 16:16:15 +04:30
47a0fbec31
[meson] Mark longer tests with slow
...
So one can skip them easily by `meson test -Cbuild --no-suite slow`
2020-06-21 08:47:10 +04:30
0881611778
[fuzzer] Make some use for test_font API calls
...
Making some use for result of some of the test_font calls to make
sure compilers in fuzzers aren't just optimizing the calls.
2020-06-20 22:06:11 +04:30
03bd6ead44
[meson] Only pass required dependencies to everything
...
Instead of passing dependencies as required we used one giant shared
dependency list containing all dependencies for every library/executable.
While this kinda works, the specified deps are also used for generating
the pkg-config files and this leads to lots of Requires.private and Libs.private
entries which aren't really needed.
This removes the "deps" array and replaces it with a few smaller ones and
makes sure the public libraries only get passed the dependencies actually
needed.
Fixes #2441
2020-06-04 23:28:57 +04:30
a9d13463b5
[meson] Categorize tests using `suite: [...]`
...
So one can run a category of interested tests like
meson test -Cbuild --suite aots --suite src --print-errorlogs
Intead issuing particular tests which also is possible like
meson test -Cbuild test-shape --print-errorlogs
2020-05-30 16:58:46 +04:30
7554f618ec
minor, use sys.exit print shorthand
2020-05-28 23:34:37 +04:30
f7562672f9
[meson] Use / instead join_paths
...
We need some of the very recent features of meson, let's use the new features also
2020-05-21 18:52:31 +04:30
b8d1760bc0
[meson/ci] Increase cmap fuzzer timeout even more
2020-05-21 14:45:41 +04:30
4b12b8466f
[meson] Increase timeout in hope to resolve Actions' bot timeout
2020-05-21 14:23:36 +04:30
1c4dd79cfb
[ci] Increase timeout as gh bot issue isn't resolved by serial test
2020-05-21 08:52:05 +04:30
8667df552c
[meson] Unbreak the build, oops
2020-05-21 07:19:37 +04:30
791debdc4a
[meson][ci] Don't run subset fuzzer test in parallel
...
resolves https://github.com/harfbuzz/harfbuzz/runs/695051808#step:6:595 failure
2020-05-21 07:15:09 +04:30
8a5368e2d6
[tests] Enable more gid misc calls on draw fuzzer
2020-05-21 07:00:40 +04:30
c68ab4b52b
Fix _get_ligature_caret's oob read issue
...
AAT::Lookup has no other way to detect whether it is returned from
a real and sanitized font data or from a null pool, this checks if
the table has been recognized valid by sanitizer by checking
table's major version which is zero if returned from a null pool and
non-zero if is from a sanitized font data, it is expected the other
calls of the table (unlikely to have more calls however) also do a
similar version check before calling the lookups used on the table.
2020-05-21 06:56:09 +04:30
b22f61d86a
Fix bug
2020-04-21 16:51:55 -07:00
22f7c61acf
implement SID to glyph ID mapping with predefined Charset
...
Also fixes oss-fuzz 21769
2020-04-18 15:42:30 +04:30
0d5695983e
[subset] fixes dangling object_t issue in FeatureVariationRecord
...
Fixes https://crbug.com/oss-fuzz/21560
revert () does not clean up useless object_t. Adjust the order of
subsetting substitutions and conditions to avoid dangling object_t.
2020-04-06 13:41:33 +04:30
57b7de032f
[subset] Fail ClassDefFormat1 serialization if no space available
...
Fixes https://crbug.com/oss-fuzz/21580
2020-04-05 17:38:04 +04:30
014e038b2c
[subset] Bail out of context lookup expansion once the lookup limit is encountered.
2020-04-01 11:14:41 +04:30
5d345d0cd1
[subset] Limit the number of lookup indices processed subsetting Feature.
...
> Also, remove two unnessecary full iterations of the lookup index iterator during serialization of the index array. Fixes fuzzer found timeout.
2020-04-01 11:13:05 +04:30
96d792ae80
[avar] Prevent mul overflow
...
Fixes https://crbug.com/oss-fuzz/21350
2020-03-26 15:01:14 +00:00
4ad686b9c0
[subset] fix fuzzer timeout in layout closure
...
Bail out of chain context lookup expansion once the lookup limit is encountered.
2020-03-26 06:32:28 +00:00
7054b12206
[meson] Mark rest of non-install executables explicitly
2020-03-24 19:06:09 +00:00
600bf21fbc
[meson] Add draw-fuzzer runner
2020-03-24 19:06:09 +00:00
28deb6b718
[meson] test/fuzzing simplify
2020-03-24 19:06:09 +00:00
78622231ac
[meson] More comment on tests are causing timeout failure
2020-03-24 19:06:09 +00:00
d57fc627e9
[meson] raise timeout value of subset fuzzer
2020-03-24 19:06:09 +00:00
761695264b
[tests] Remove py2 workaround for lack of timeout in subprocess
2020-03-19 10:32:46 +00:00
b5526a09ff
[tools] Remove in-house 'which' now that we have py3
2020-03-19 10:32:46 +00:00
430bf69653
Add potentially crashing font as a fuzzer seed.
2020-03-14 00:55:47 +03:30
755a77d660
Move outline draw API behind HB_EXPERIMENTAL_API directive
2020-03-13 08:25:53 +03:30
834a224a50
[subset] Put a limit on the number of lookup indices that can be visited during closures
...
Fixes https://crbug.com/oss-fuzz/21025
2020-03-12 13:32:36 +03:30
c494d7abcd
Remove cmake testing and add meson build bot
...
CMake tests are broken anyway as py3 changes so let's get rid of them
2020-03-11 20:15:10 +03:30
1c3f80ba13
[meson] Minor updates
2020-03-11 20:15:10 +03:30
04438554c8
meson: Update build files after rebase
2020-03-11 19:18:57 +03:30
618584e923
meson: rename incbase to incconfig
...
Makes it clearer what it's for: config.h. See #4 .
2020-03-11 19:18:57 +03:30
d4a7237327
meson: all tests passing on Windows / MSVC
2020-03-11 19:18:57 +03:30
7ee650b173
meson: refactor fuzzing test
2020-03-11 19:18:57 +03:30
920efc0ef7
Add Meson build definitions
...
Fixes #490
http://mesonbuild.com
2020-03-11 19:18:57 +03:30
0d729b4b72
[avar] Fix out-of-bound read when input is bigger than all the coords
...
'i' shouldn't become equal to array's length which as the increament
is happened at end of the loop, if the input is bigger than all the
table coords, it will be equal to array's length.
Fixes https://crbug.com/oss-fuzz/21092
2020-03-07 13:20:41 +03:30
446d1e3bbc
[fuzz] Add more of fixed cases
2020-03-05 00:49:03 +03:30
99b5b3f1b1
[gvar] Make sure TupleVarHeader has the needed size
...
Fixes https://crbug.com/oss-fuzz/21026
2020-03-04 12:43:26 +03:30
558f922788
[fuzz] Avoid empty memcpy and ubsan complain by length checking before memcpy
2020-03-03 21:39:22 +03:30
6543d166fd
[fuzz] Remove the not yet fixed timeout, going to investigate
2020-03-03 21:39:22 +03:30
2bbf1c8673
[fuzz] Add more of supposed to already be fixed cases from Chromium bug tracker
2020-03-03 21:39:22 +03:30
f253f06cf3
[fuzz] Add another fixed case
...
https://crbug.com/oss-fuzz/14626
another numerous subtables count which is fixed by d38360397
2020-03-03 19:12:04 +03:30
d383603976
Limit OT::Lookup subtables ( #2219 )
...
Fixes https://crbug.com/oss-fuzz/13943
2020-03-02 22:41:08 +03:30
29efd964f2
[fuzz] Add cases that marked as wontfix
...
Let's see if they were really false alarms, if so, let's just have them.
2020-03-02 14:22:29 +03:30
cb65150fec
[draw] minor
2020-02-29 16:12:54 +03:30
86c40b3a1d
[fuzz/draw] Call _get_glyph_extents
...
Other render related APIs also may be added also later such
as ot-color and future rendering things.
2020-02-29 14:53:34 +03:30
5ab50eebd7
collect_unicodes() with clamp, calling add_range()
...
Use add_range instead an inner loop, clamp its input number by
number of glyphs a face has.
Even the face cmap12 and 13 have 32-bit hb_codepoint_t, which is here
used to make timeout, face's maxp has 16-bit gid limitation at least for now,
using that makes sure we both fix and the timeout and don't need to change
much things here also in order to support 32-bit gids also someday.
Fixes #2204
2020-02-29 13:02:29 +03:30
410b4881d0
[subset] Add fuzzer timeout testcase.
2020-02-28 16:10:14 -08:00
e57ced5fc0
[gvar] Add other possibly fixed fuzzer case
...
Speculatively should've been fixed by 61208401https://crbug.com/oss-fuzz/20924 related
2020-02-28 23:29:05 +03:30
758fda728b
[glyf] Don't accept gids higher than maxp's glyphs number
...
This specially becomes concerning on sub-components where a gvar table
that is sanitized using maxp's glyphs number overflows when a high gid
accepted here goes to it, maybe an additional check can be put there
also, this however feels to be enough.
Fixes https://crbug.com/oss-fuzz/20944
2020-02-28 23:19:06 +03:30
e90213868b
Revert "collect_unicodes() to check gid < num_glyphs with cmap 12"
...
Didn't fix the case actually, making bots to fail.
This reverts commit 15b43a4104
2020-02-28 21:24:51 +03:30
61208401f4
[gvar] Use hb_bytes_t.check_range instead having in house one
...
And use TupleVarHeader calculated size for validity check.
Fixes https://crbug.com/oss-fuzz/20919 and possibly other gvar related issues
2020-02-28 21:09:07 +03:30
15b43a4104
collect_unicodes() to check gid < num_glyphs with cmap 12
...
fixes #2204
2020-02-28 20:15:39 +03:30
868ecf7b26
[draw] Add fuzzer runner
2020-02-28 19:57:56 +03:30
8eba66c1c6
[gvar] Fix invalid memory access by refactoring GlyphVarData fetch logic
...
Fixes https://crbug.com/oss-fuzz/20906
2020-02-27 20:26:54 +03:30
a99134c5be
add oss-fuzz 20886 test file
2020-02-26 09:58:03 -08:00
1b8b863898
minor
2020-02-26 16:36:48 +03:30
132fcfbc47
[fuzz] minor don't abort main.cc when the file was empty or not found
2020-02-26 16:15:17 +03:30
84163c83d3
[draw] Skip commands and paths not contributing anything
...
They aren't contributing to rendering and making issue for stroking, let's skip them
ourselves as Skia does also https://skia-review.googlesource.com/c/skia/+/268166
They are useful for extracting extents and so which that functionality won't be effected by this change.
2020-02-26 16:09:28 +03:30
152000d9c7
[fuzz] Practice variations on font object
2020-02-25 21:16:57 +03:30
036d868913
[draw] Add a fuzzer
...
Specially checks correctness of the API semantics:
* no move happens when a path is already opened with move-to.
* no path will be left open and close-path will happen at the end of opened paths.
* no path opens with a move-to and will be closed with no length.
* paths start and ending points matches.
* no line/quadratic/cubic command will be issued when no path is started.
2020-02-25 19:09:44 +03:30
96b71e802f
[fuzz] make the custom loader to handle multiple files
...
Actually this was the way it used to work :)
2020-02-24 23:01:02 +03:30
8d19907704
Remove python2 support from tests/utils scripts
2020-02-19 16:17:45 +03:30
a94d1af193
[fuzz] minor style fixes
2020-02-12 19:30:31 +03:30
1c015d3e9f
[fuzz] minor fuzzer case move, oops
2020-02-12 19:19:37 +03:30
49341faee2
[fuzz] minor, move two fuzzer cases to their correct place
2020-02-12 19:17:18 +03:30
97229244eb
[fuzzer] Fix hb-set-fuzzer minor overflow issue
...
Size shouldn't be smaller than the struct not its pointer size.
Fixes https://crbug.com/oss-fuzz/20655
2020-02-12 15:41:51 +03:30
7b42403c1c
Add explicit values to the set fuzzer enums.
2020-02-11 13:25:44 -08:00
e805923310
Add a few basic seeds for the set fuzzer.
2020-02-11 13:25:44 -08:00
ff984ed3cd
Use multiplication to avoid undefined behaviour per clang
...
Newer versions of MSVC with /we4146 don't like putting negative sign behind a
unsigned number as https://github.com/harfbuzz/harfbuzz/pull/2069
That however have made https://crbug.com/1050424 this complain:
src/hb-ot-color-sbix-table.hh:304:28: runtime error: negation of -2147483648 cannot be represented in type 'int';
cast to an unsigned type to negate this value to itself
which apparently can be fixed using this change.
Let's see if this won't make another ubsan complain!
2020-02-11 19:51:52 +03:30
bca9bc6b92
Add hb-set-fuzzer.
...
It fuzzes all of the hb_set process methods (intersection, subtraction, union, and symmetric difference).
2020-02-11 03:08:39 +03:30
e128f80278
parent 777ba47b50
...
author ckitagawa <ckitagawa@chromium.org> 1579631743 -0500
committer ckitagawa <ckitagawa@chromium.org> 1580506176 -0500
[subset] Add CBLC support
2020-01-31 16:37:30 -05:00
ed857c4680
[subset] Add COLR support
2020-01-28 15:35:53 -05:00
5897697250
[test] Increase subset timeout
...
No random timeout please
2020-01-25 00:32:46 +03:30
0e4b2676bd
[subset] sbix fix missed offset is_null() check
2020-01-24 20:46:07 +03:30
7dc341fe74
[subset] Fix UBSAN issue in sbix
2020-01-23 23:46:22 +03:30
1ab3924b31
refix PR #2087 subset PairPos1
...
also added oss-fuzz 20211 data fixed by this
2020-01-23 10:50:52 -08:00
b18cb5b5ee
Add second fixed test
2020-01-22 10:11:15 -08:00
8614a30bc9
[subset] Fix sbix fuzz problem
2020-01-22 10:11:15 -08:00
6bcf57eaa3
Simplify copy and add fuzzing coverage
2020-01-15 13:36:01 -08:00
dc03a993d0
Fix collect lookups logic of FeatureTableSubstitution ( #2097 )
...
https://crbug.com/oss-fuzz/20036
2020-01-12 14:21:29 +03:30
a32ecc15ae
Fix collect lookups logic of FeatureVariationRecord
...
As "Offset to a feature table substitution table, from beginning of the FeatureVariations table."
from https://docs.microsoft.com/en-us/typography/opentype/spec/chapter2 the record should
match its sanitize logic not the reverse way.
Fixes https://crbug.com/oss-fuzz/20021 and https://crbug.com/oss-fuzz/20022
2020-01-11 15:37:24 +03:30
d2ab1ec65b
fixes oss-fuzz 19978: Null-dereference READ ( #2091 )
2020-01-10 07:54:16 +03:30
257a197ae7
Fail serialize when map has incorrect value
...
fixes https://crbug.com/oss-fuzz/19956
am not super happy with the fix, guess we should do some check
before the memcpy anyway as @blueshade7 thinks also,
so let's have it or revert it when we have a better approach for the case.
2020-01-09 22:55:45 +03:30
8ed46c3678
[fuzz] minor, add another already fixed case
...
https://crbug.com/oss-fuzz/19907
2020-01-07 23:43:53 +03:30
341407f7a5
[fuzz] minor, upload another fixed case
...
https://crbug.com/oss-fuzz/19878
2020-01-07 09:10:24 +03:30
7950beecfc
[subset] Fix null pointer dereference in hvar/vvar subset ( #2085 )
...
Rest of the code assumes there is at least one subtable, lets return here if not.
* https://crbug.com/oss-fuzz/19827
* https://crbug.com/oss-fuzz/19847
2020-01-06 21:25:00 +03:30
64a45be519
[ubsan] Don't decrease pointer if match_glyph_data is null ( #2048 )
...
Similar to fix on https://github.com/harfbuzz/harfbuzz/pull/2022
Fixes https://crbug.com/1023070
2019-11-09 12:25:33 +03:30
84b86a12d9
[fuzz] Remove just added case
...
It didn't fail locally but on bots causing timeout, let remove for now.
2019-11-06 09:22:34 +03:30
a8f049c9a1
[fuzz] Upload testcase of https://crbug.com/oss-fuzz/18529
...
Apparently false alarm per last comment and was ok locally also but lets have it here also
2019-11-05 22:26:36 +03:30
defe9b6da0
crash fix : Heap-buffer-overflow READ 2
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18513
2019-10-25 13:09:47 -07:00
b2fcca6e14
fuzzer crash fix
...
https://oss-fuzz.com/testcase-detail/5643107869917184
2019-10-24 16:11:30 -07:00
9815ca0338
[ci] Use custom subset fuzzer timeout for failing sanitizer bots
2019-10-25 00:16:23 +03:30
95ab110cd9
Optimize intersects_array to fix fuzzer timeout.
2019-10-22 13:33:50 -07:00
b33a0d628e
fuzzer crash fix: Null-dereference WRITE
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18363
2019-10-22 01:01:08 +03:30
e766783152
[fuzz] Add https://crbug.com/oss-fuzz/17898 testcase
2019-10-21 22:17:06 +03:30
831daf4c76
Enforce HB_MAX_LANGSYS limit during layout subsetting.
2019-10-18 15:10:30 -07:00
0665dce116
[fuzzer] Don't process output in debug mode as it causes timeout
2019-09-21 17:36:33 +04:30
d3b984d379
Revert in-house pow10 ( d80a3ea) and fix oss-fuzz/16922
...
Probably can be fixed but merging it was wrong so let's revert.
2019-09-02 18:28:03 +04:30
875985cd48
[subset] Don't allow malicious fonts to insert unlimited table headers
...
Fixes https://crbug.com/oss-fuzz/16810
2019-08-29 14:51:22 +04:30
269a120f13
[subset] Raise the bar in new vs old table size
...
https://crbug.com/oss-fuzz/16740
This is actually an interesting thing that {h,v}mtx allocates as
much as a font pretends to have glyphs but the solution is not
that obvious as regular fonts can have less than actually containing
metrics in their {h,v}mtx. This change raises the bar to consider this
hmtx 4 byte for every glyph case.
Initially we wanted to just find things allocating crazy amount of
memory but having the assert has led to interesting findings also
so let's don't remove the assert and see what we can find elsewhere.
2019-08-25 20:37:00 +04:30
28aba780c4
[subset] Fix blob leak of _subset2 when returns early
...
Fixes https://crbug.com/oss-fuzz/16639
2019-08-24 16:11:21 +04:30
b31d627f15
Increase subset fuzzer timeout to 16s
...
To satisfy -valgrind and -tsan bots, very ugly
2019-08-11 23:34:48 +04:30
e21bdf500d
Increase subset fuzzer timeout to 8s
...
Probably we should just remove timeout when running tsan and vaglrind here, the flaky bots
2019-07-28 22:59:09 +04:30
bdfdac0f26
[ci][fuzzer] print valgrind failure if an error happened
2019-07-19 10:33:00 +04:30
f8242b61ab
[fuzz] Increase subset runner timeout for tsan bot
...
Now is flaky let's just increase and maybe investigate later
2019-07-11 15:10:36 +04:30
b65bad18aa
[fuzz] Don't fail when blob is empty
...
And enable more tests able to trig the issue.
2019-07-11 14:31:55 +04:30
c85f624b51
Force blob generation and memory check in hb-subset-fuzzer
2019-07-10 23:38:07 +04:30
8341c0b304
add test case file
2019-06-27 08:43:31 -07:00
90872a29ee
change assert(false) to failure
2019-06-11 12:42:28 -07:00
65e66a2d37
added test data
2019-06-03 16:31:41 -07:00
5846884f86
test: Use nullptr in C++ code. ( #1744 )
2019-06-03 12:30:25 +04:30
e1a5ce6aa6
Fix fuzzer crash testcase
...
Add a check for stringOffSet(uint16) overflow,
return early if overflow happens
2019-05-24 15:26:20 -04:00
0ff3618c2d
[subset] Use hb_subset_input_t inside of subset_options_t so that input defaults are shared between the library and cli.
2019-05-20 13:35:46 -07:00
9ef241cd40
[test] Add one more
2019-05-20 11:38:02 -04:00
3efb7af7e2
[STAT] Fix sanitize condition
...
Oops!
Fixes https://oss-fuzz.com/testcase-detail/5696825891225600
2019-05-20 11:37:16 -04:00
30c059a978
[test] minor, fix -Weverything bot
2019-05-11 18:48:41 -04:00
25531a3039
[test] minor
...
style fix and add return statement
2019-05-11 19:50:42 +00:00
25a5b287f2
Fix sanitize fail of extension sublookups
...
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=960331
2019-05-10 16:03:20 -07:00
df237d2fe7
[test] Add https://crbug.com/oss-fuzz/14641 testcase
...
As 503748d
2019-05-08 14:17:14 -07:00
6d6edc8b25
[valgrind] Use libtool and support run-subset-fuzzer-tests ( #1668 )
2019-04-28 11:54:07 -07:00
62c6e17072
[test] Add crbug.com/oss-fuzz/14474 testcase
...
Fixed at 6977a95f
2019-04-28 10:55:07 -07:00
ba0386060d
fix oss-fuzz issue 14345
2019-04-18 18:18:05 -04:00
b7384c89e2
[fuzzing] Run valgrind with --leak-check=full
2019-04-15 16:53:10 -04:00
3ff66c0029
[fuzzing] Fail if valgrind is requested but not found
2019-04-15 16:52:21 -04:00
ec2a5dc859
Use class templates for Null objects
...
This allows partial-instantiating custom Null object for template Lookup<T>.
Before, this had to be handcoded per instantiation. Apparently I missed
adding one for AAT::ankr.lookupTable, so it was getting the wrong (generic)
null for Lookup object, which is wrong and unsafe.
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=944346
2019-03-26 16:23:40 -07:00
bcb4e505d6
cff2 subset fuzzer issues ( #1619 )
...
* add check to FDArray::serialize
* add test files
* fix off by one
2019-03-15 13:46:25 -07:00
dc04261a5b
[subset] Update the subset fuzzer to determine which options to use based on data in the fuzzing test case.
...
Add support for toggling retain_gids.
2019-01-30 15:23:19 -08:00
6879efc2c1
[AAT] Fix anchor bound checking, again
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12532
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=922303
2019-01-17 14:08:02 -05:00
91d774712f
[test] Add test for previous commit
2019-01-14 15:31:31 -05:00
7a6686a589
[AAT] Fix mort ContextualSubtable offset access
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12312
2019-01-14 15:09:14 -05:00
a3fa7d3336
[AAT] Fix ankr table access
...
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=918340
2019-01-14 14:37:36 -05:00
798e98c47b
[CFF] bad offset in Index ( #1476 )
...
* Update hb-ot-cff-common.hh
* fix bug
* bummer fix wasn't hit. refix
* additional sanity check
* Added test cases for oss-fuzz issues 11805, 11806
2018-12-12 21:08:15 -05:00
bcb4ecaf68
[CFF] check out of range FD index ( #1477 )
...
* add fd index checks to subr subsetter
also added oss-fuzz test case
* undid SubrSubsetParam::is_valid
because already validated by SubrClosures.valid
2018-12-12 20:36:01 -05:00
2941208f1e
[CFF] oss-fuzz issue 11690 ASSERT: substr.offset >= opStart ( #1461 )
...
* fix oss-fuzz 11690: substr.offset >= opStart
detect recursive subroutine call & handle as error
* fix build failure
* add minimized test case for oss-fuzz 11690
* removed asserts
2018-12-11 15:21:24 -05:00
ae087d10c2
add minimized test case for oss-fuzz issue 11714
2018-12-05 21:47:34 -08:00
Ebrahim Byagowi
Christoph Reiter
ckitagawa
ariza
Qunxin Liu
Garret Rieger
Khaled Hosny
Tim-Philipp Müller
Mathieu Duponchelle
ckitagawa-work
Michiharu Ariza
Bruce Mitchener
Behdad Esfahbod
Behdad Esfahbod