Ebrahim Byagowi
1b3b96973b
[gvar] Don't copy shared tuples into gvar's accelerator
2020-03-10 12:46:09 +03:30
Ebrahim Byagowi
29dd1fe506
[gvar] Don't check again against face num glyph
...
Done once by sanitize_shallow
2020-03-10 11:41:58 +03:30
Ebrahim Byagowi
d4b1181760
[gvar] minor, rename gvar_table to table
2020-03-10 11:29:56 +03:30
Ebrahim Byagowi
5c37693864
[gvar] Remove axisCount comparison with fvar as we runtime check that
2020-03-10 11:25:47 +03:30
Ebrahim Byagowi
ba22df36ad
minor
...
makes search for sanitize calls easier for me
2020-03-10 10:43:27 +03:30
Ebrahim Byagowi
8ca9df7acb
[subset] Remove not needed blob sanitize call
2020-03-10 10:40:05 +03:30
Ebrahim Byagowi
07acd1a042
[subset] Rename src_base args to base to match sanitize methods
...
So it will become easier to follow that serialize methods signatures should
match with their sanitize methods counterparts.
2020-03-08 23:39:26 +03:30
ariza
188a0a47c2
removed default base; replaced w/ bias if required
2020-03-08 22:59:43 +03:30
blueshade7
4c3af7d406
add "add_link()" with bias arg
...
issue #2227
2020-03-08 18:48:56 +03:30
Ebrahim Byagowi
bdf372b24c
[subset/cbdt] Release the referenced cbdt table on error
...
Just accidentally spotted it, when the table has less than 4 bytes
2020-03-08 00:49:40 +03:30
Ebrahim Byagowi
0d729b4b72
[avar] Fix out-of-bound read when input is bigger than all the coords
...
'i' shouldn't become equal to array's length which as the increament
is happened at end of the loop, if the input is bigger than all the
table coords, it will be equal to array's length.
Fixes https://crbug.com/oss-fuzz/21092
2020-03-07 13:20:41 +03:30
Ebrahim Byagowi
6924e29f62
[var] Fix hb_ot_var_get_axis_infos's offset semantic
...
The API was adding offset to input's infos buffer index also which is
unusual between our APIs and wrong.
2020-03-06 02:01:04 +03:30
Ebrahim Byagowi
b7617f6b3c
[glyf] Update to latests of ttf-parser
2020-03-05 15:08:06 +03:30
ariza
0b29053864
removed unused code
2020-03-05 10:11:23 +03:30
ariza
e8f010d793
removed unused code & data; rename
2020-03-05 10:11:23 +03:30
Garret Rieger
14a7b6f1ab
Set hb_buffer_t to use array_t.reverse().
2020-03-04 16:52:29 -08:00
ariza
5935a1dc0b
add pop_discard() calls to errror returns
2020-03-05 01:22:51 +03:30
ariza
c05458ec7f
update cff & cff2 subsetters
2020-03-05 01:22:51 +03:30
Ebrahim Byagowi
446d1e3bbc
[fuzz] Add more of fixed cases
2020-03-05 00:49:03 +03:30
Ebrahim Byagowi
9004848560
[gvar] Make sure font's num_coords matches with gvar.axisCount
2020-03-04 12:43:26 +03:30
Ebrahim Byagowi
1af3363f9e
[gvar] Use hb_array_t instead indexing raw pointers
2020-03-04 12:43:26 +03:30
Ebrahim Byagowi
99b5b3f1b1
[gvar] Make sure TupleVarHeader has the needed size
...
Fixes https://crbug.com/oss-fuzz/21026
2020-03-04 12:43:26 +03:30
Ebrahim Byagowi
b398748d8b
[algs] Add hb_clamp
...
Similar to stl and glsl's clamp
2020-03-04 11:18:19 +03:30
Ebrahim Byagowi
558f922788
[fuzz] Avoid empty memcpy and ubsan complain by length checking before memcpy
2020-03-03 21:39:22 +03:30
Ebrahim Byagowi
6543d166fd
[fuzz] Remove the not yet fixed timeout, going to investigate
2020-03-03 21:39:22 +03:30
Ebrahim Byagowi
2bbf1c8673
[fuzz] Add more of supposed to already be fixed cases from Chromium bug tracker
2020-03-03 21:39:22 +03:30
Ebrahim Byagowi
f745777c60
minor, debug bit, ops
2020-03-03 19:14:41 +03:30
Ebrahim Byagowi
f253f06cf3
[fuzz] Add another fixed case
...
https://crbug.com/oss-fuzz/14626
another numerous subtables count which is fixed by d38360397
2020-03-03 19:12:04 +03:30
Ebrahim Byagowi
d383603976
Limit OT::Lookup subtables ( #2219 )
...
Fixes https://crbug.com/oss-fuzz/13943
2020-03-02 22:41:08 +03:30
Ebrahim Byagowi
29efd964f2
[fuzz] Add cases that marked as wontfix
...
Let's see if they were really false alarms, if so, let's just have them.
2020-03-02 14:22:29 +03:30
Ebrahim Byagowi
60262e4ca9
[var] Build end-points array on gvar itself
2020-02-29 22:57:59 +03:30
Ebrahim Byagowi
cb65150fec
[draw] minor
2020-02-29 16:12:54 +03:30
Ebrahim Byagowi
44169f3396
[draw] Fix invalid rendering of some glyph on Estedad-VF
...
Basically reverts 11f3fca
so I can do the same tested and better later
Fixes #2215
2020-02-29 16:04:03 +03:30
Ebrahim Byagowi
86c40b3a1d
[fuzz/draw] Call _get_glyph_extents
...
Other render related APIs also may be added also later such
as ot-color and future rendering things.
2020-02-29 14:53:34 +03:30
Michiharu Ariza
5ab50eebd7
collect_unicodes() with clamp, calling add_range()
...
Use add_range instead an inner loop, clamp its input number by
number of glyphs a face has.
Even the face cmap12 and 13 have 32-bit hb_codepoint_t, which is here
used to make timeout, face's maxp has 16-bit gid limitation at least for now,
using that makes sure we both fix and the timeout and don't need to change
much things here also in order to support 32-bit gids also someday.
Fixes #2204
2020-02-29 13:02:29 +03:30
Garret Rieger
414529e45a
[subset] Limit the number of feature indices processed during script subsetting.
2020-02-28 16:10:14 -08:00
Garret Rieger
75622b0d24
[subset] Limit the number of features processed in the feature closure.
2020-02-28 16:10:14 -08:00
Garret Rieger
410b4881d0
[subset] Add fuzzer timeout testcase.
2020-02-28 16:10:14 -08:00
Garret Rieger
c66ee213b7
Limit the number of feature indices processed during feature collection.
2020-02-28 16:10:14 -08:00
Ebrahim Byagowi
e57ced5fc0
[gvar] Add other possibly fixed fuzzer case
...
Speculatively should've been fixed by 61208401
https://crbug.com/oss-fuzz/20924 related
2020-02-28 23:29:05 +03:30
Ebrahim Byagowi
758fda728b
[glyf] Don't accept gids higher than maxp's glyphs number
...
This specially becomes concerning on sub-components where a gvar table
that is sanitized using maxp's glyphs number overflows when a high gid
accepted here goes to it, maybe an additional check can be put there
also, this however feels to be enough.
Fixes https://crbug.com/oss-fuzz/20944
2020-02-28 23:19:06 +03:30
Ebrahim Byagowi
e642aab116
[subset] Add source_blob as a hb_subset_context_t field ( #2203 )
...
So no more double sanitizing source table.
2020-02-28 22:24:25 +03:30
Ebrahim Byagowi
e90213868b
Revert "collect_unicodes() to check gid < num_glyphs with cmap 12"
...
Didn't fix the case actually, making bots to fail.
This reverts commit 15b43a4104
.
2020-02-28 21:24:51 +03:30
Ebrahim Byagowi
61208401f4
[gvar] Use hb_bytes_t.check_range instead having in house one
...
And use TupleVarHeader calculated size for validity check.
Fixes https://crbug.com/oss-fuzz/20919 and possibly other gvar related issues
2020-02-28 21:09:07 +03:30
Michiharu Ariza
15b43a4104
collect_unicodes() to check gid < num_glyphs with cmap 12
...
fixes #2204
2020-02-28 20:15:39 +03:30
Ebrahim Byagowi
868ecf7b26
[draw] Add fuzzer runner
2020-02-28 19:57:56 +03:30
Qunxin Liu
b0749bfaa5
[subset] GDEF LigCaretList subsetting support
2020-02-28 14:51:52 +03:30
ariza
002f0e20c4
reimplment serialize_int using check_assign()
2020-02-28 14:21:58 +03:30
Ebrahim Byagowi
14b134379d
[gvar] Minor, check whether sub_array result also have enough room
2020-02-27 21:01:48 +03:30
Ebrahim Byagowi
8eba66c1c6
[gvar] Fix invalid memory access by refactoring GlyphVarData fetch logic
...
Fixes https://crbug.com/oss-fuzz/20906
2020-02-27 20:26:54 +03:30