Glyph insertion is an expensive operation and we like to have it limited
based on buffer's input size which is handled by buffer's max_ops.
clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5754958982021120:
Before the change: 0.67s user 0.00s system 99% cpu 0.674 total
After the change: 0.02s user 0.00s system 98% cpu 0.024 total
Which takes much longer on valgrind and tsan bots.
../test/fuzzing/hb-set-fuzzer.cc: In function ‘int LLVMFuzzerTestOneInput(const uint8_t*, size_t)’:
../test/fuzzing/hb-set-fuzzer.cc:38:82: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
38 | const instructions_t &instructions = reinterpret_cast<const instructions_t &> (data);
|
And it is already disabled at project level so let's disable it here also.
Instead of passing dependencies as required we used one giant shared
dependency list containing all dependencies for every library/executable.
While this kinda works, the specified deps are also used for generating
the pkg-config files and this leads to lots of Requires.private and Libs.private
entries which aren't really needed.
This removes the "deps" array and replaces it with a few smaller ones and
makes sure the public libraries only get passed the dependencies actually
needed.
Fixes#2441
So one can run a category of interested tests like
meson test -Cbuild --suite aots --suite src --print-errorlogs
Intead issuing particular tests which also is possible like
meson test -Cbuild test-shape --print-errorlogs
AAT::Lookup has no other way to detect whether it is returned from
a real and sanitized font data or from a null pool, this checks if
the table has been recognized valid by sanitizer by checking
table's major version which is zero if returned from a null pool and
non-zero if is from a sanitized font data, it is expected the other
calls of the table (unlikely to have more calls however) also do a
similar version check before calling the lookups used on the table.
Fixes https://crbug.com/oss-fuzz/21560
revert () does not clean up useless object_t. Adjust the order of
subsetting substitutions and conditions to avoid dangling object_t.
'i' shouldn't become equal to array's length which as the increament
is happened at end of the loop, if the input is bigger than all the
table coords, it will be equal to array's length.
Fixes https://crbug.com/oss-fuzz/21092
Ebrahim Byagowi
Christoph Reiter
ckitagawa
ariza
Qunxin Liu
Garret Rieger
Khaled Hosny
Tim-Philipp Müller
Mathieu Duponchelle