Garret Rieger
8c3d4de796
[subset] Fix integer underflow in ContextFormat2.
2020-09-11 15:52:46 -07:00
Garret Rieger
9825e3dd2e
[ENOMEM] fix access to unitialized memory.
...
If the serialize() call fails to write the object then we can't safely read varstore_prime fields. Fixes https://oss-fuzz.com/testcase-detail/5137462782066688 .
2020-09-02 11:01:07 -07:00
ebraminio
1e48225ca3
[ENOMEM] Check whether serialize context isn't in error
2020-08-13 23:22:14 +04:30
Ebrahim Byagowi
6e32145dc9
[meson] Make compatbile with 0.47.0
2020-08-13 18:28:42 +04:30
Garret Rieger
9562239f05
[ENOMEM] check for error in lookup visited set.
2020-08-13 01:43:11 +04:30
Garret Rieger
6f754852c1
[ENOMEM] skip asserts in to_bias if serializer is in an error state.
2020-08-12 11:25:30 +04:30
Ebrahim Byagowi
057769b1a3
[fuzzer] minor
2020-08-12 02:40:55 +04:30
Ebrahim Byagowi
0417938011
[fuzzer] Mark alloc_state as unused
...
It is really unused when failing-alloc isn't on.
2020-08-12 02:40:55 +04:30
Ebrahim Byagowi
5193357832
Revert "Remove autotools build support"
...
This reverts commit 01ac32aab2
.
2020-08-11 23:51:59 +04:30
Ebrahim Byagowi
ffe06c8f04
[glyf] Guard all the public APIs against null pool runs
...
Fixes https://crbug.com/oss-fuzz/24575 and https://crbug.com/oss-fuzz/24737
2020-08-08 13:43:49 +04:30
Ebrahim Byagowi
01ac32aab2
Remove autotools build support
2020-08-07 23:28:12 +04:30
Ebrahim Byagowi
679fac87df
Skip hb_shape if buffer object is immutable
2020-08-06 23:47:35 +04:30
Garret Rieger
18ab8029d5
[ENOMEM] check vector status in cmap subsetting.
2020-08-02 00:30:17 +04:30
Garret Rieger
06dbb6acbb
[ENOMEM] in GSUB ChainContext subsetting check maps for allocation errors.
2020-08-01 09:21:22 +04:30
Garret Rieger
fb1477795c
[ENOMEM] Check result of vector resize in CBDT subsetting.
2020-08-01 09:20:52 +04:30
Ebrahim Byagowi
efd716de3f
[cff] Check for scalars array resize result
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24504
2020-07-31 09:27:27 +04:30
Garret Rieger
040ed094ef
[ENOMEM] popragate packed/packed_map errors to the serializer.
...
Will disable further modifications based on a bad state.
2020-07-31 08:39:26 +04:30
Garret Rieger
7f358a55f4
[ENOMEM] unchecked resize in CFF2.
2020-07-31 02:04:06 +04:30
Garret Rieger
32f052b033
[ENOMEM] Fix several instances of not checking resize in CFF.
2020-07-31 02:04:06 +04:30
Garret Rieger
15644ee60e
[ENOMEM] fix memory leak if allocation fails during pop_pack().
2020-07-30 04:15:35 +04:30
Garret Rieger
42237adffc
[ENOMEM] make serializer modification operations no-ops if it's in an error state.
2020-07-30 03:59:49 +04:30
Garret Rieger
4ba8e3c6fd
[ENOMEM] Fix failure to check calloc return.
...
Fixes https://oss-fuzz.com/testcase-detail/6246465148813312 .
2020-07-30 00:08:08 +04:30
Garret Rieger
d307c24abf
[ENOMEM] check resize() return.
...
Fixes https://oss-fuzz.com/testcase-detail/5641892164009984 .
2020-07-30 00:08:08 +04:30
Ebrahim Byagowi
48ad745996
[ENOMEM] Fix buffer's content check logic
...
So now rest of shape fuzzer also can be enabled.
Fixes #2571
2020-07-29 08:09:10 +04:30
Ebrahim Byagowi
c33e8006fd
[fuzz] Implement failing allocator
2020-07-29 07:35:34 +04:30
Ebrahim Byagowi
5c46683ab8
[fuzz] increase shape fuzzer timeout
...
as https://circleci.com/gh/harfbuzz/harfbuzz/149203
2020-07-22 17:23:22 +04:30
Ebrahim Byagowi
945bcd7230
minor
2020-07-15 09:54:32 +04:30
Ebrahim Byagowi
fa0436ddd1
[ENOMEM][fuzzer/subset] early return if the result is null
...
I don't see _or_fail APIs idiomatic for the project but since it is there, let's have this
2020-07-15 09:52:40 +04:30
Ebrahim Byagowi
11d583a9ea
[aat] Consume glyph insertion from buffer's max_ops ( #2223 )
...
Glyph insertion is an expensive operation and we like to have it limited
based on buffer's input size which is handled by buffer's max_ops.
clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5754958982021120:
Before the change: 0.67s user 0.00s system 99% cpu 0.674 total
After the change: 0.02s user 0.00s system 98% cpu 0.024 total
Which takes much longer on valgrind and tsan bots.
2020-07-13 18:53:06 -07:00
Ebrahim Byagowi
cd6f62d960
[meson] Raise timeout value of subset fuzzer testcases
...
happens when tsan is enabled
2020-07-12 23:05:11 +04:30
Ebrahim Byagowi
e4f9969108
[ci] migrate to meson
...
two bots, one bot here (distcheck) and one in travis still run autotools and
won't be removed till we decide about autotools
2020-07-08 19:18:31 +04:30
Ebrahim Byagowi
e04050e3b8
[meson] split fuzzer_ldflags before use
2020-07-08 01:06:30 +04:30
Ebrahim Byagowi
c5def34730
[meson] don't underscorify fuzzers names
2020-07-06 23:51:52 +04:30
Ebrahim Byagowi
d608f2ac85
[meson] Add fuzzer_ldflags
...
As ots, https://github.com/khaledhosny/ots/commit/4d37b9b
2020-07-06 23:51:52 +04:30
Ebrahim Byagowi
a470b0b205
Minor, disable strict-aliasing warning in set fuzzer
...
../test/fuzzing/hb-set-fuzzer.cc: In function ‘int LLVMFuzzerTestOneInput(const uint8_t*, size_t)’:
../test/fuzzing/hb-set-fuzzer.cc:38:82: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
38 | const instructions_t &instructions = reinterpret_cast<const instructions_t &> (data);
|
And it is already disabled at project level so let's disable it here also.
2020-07-05 10:49:10 +04:30
Ebrahim Byagowi
a07672d353
[py] minor, replace os.environ.get with os.getenv
2020-07-04 16:16:15 +04:30
Ebrahim Byagowi
47a0fbec31
[meson] Mark longer tests with slow
...
So one can skip them easily by `meson test -Cbuild --no-suite slow`
2020-06-21 08:47:10 +04:30
Ebrahim Byagowi
0881611778
[fuzzer] Make some use for test_font API calls
...
Making some use for result of some of the test_font calls to make
sure compilers in fuzzers aren't just optimizing the calls.
2020-06-20 22:06:11 +04:30
Christoph Reiter
03bd6ead44
[meson] Only pass required dependencies to everything
...
Instead of passing dependencies as required we used one giant shared
dependency list containing all dependencies for every library/executable.
While this kinda works, the specified deps are also used for generating
the pkg-config files and this leads to lots of Requires.private and Libs.private
entries which aren't really needed.
This removes the "deps" array and replaces it with a few smaller ones and
makes sure the public libraries only get passed the dependencies actually
needed.
Fixes #2441
2020-06-04 23:28:57 +04:30
Ebrahim Byagowi
a9d13463b5
[meson] Categorize tests using `suite: [...]`
...
So one can run a category of interested tests like
meson test -Cbuild --suite aots --suite src --print-errorlogs
Intead issuing particular tests which also is possible like
meson test -Cbuild test-shape --print-errorlogs
2020-05-30 16:58:46 +04:30
Ebrahim Byagowi
7554f618ec
minor, use sys.exit print shorthand
2020-05-28 23:34:37 +04:30
Ebrahim Byagowi
f7562672f9
[meson] Use / instead join_paths
...
We need some of the very recent features of meson, let's use the new features also
2020-05-21 18:52:31 +04:30
Ebrahim Byagowi
b8d1760bc0
[meson/ci] Increase cmap fuzzer timeout even more
2020-05-21 14:45:41 +04:30
Ebrahim Byagowi
4b12b8466f
[meson] Increase timeout in hope to resolve Actions' bot timeout
2020-05-21 14:23:36 +04:30
Ebrahim Byagowi
1c4dd79cfb
[ci] Increase timeout as gh bot issue isn't resolved by serial test
2020-05-21 08:52:05 +04:30
Ebrahim Byagowi
8667df552c
[meson] Unbreak the build, oops
2020-05-21 07:19:37 +04:30
Ebrahim Byagowi
791debdc4a
[meson][ci] Don't run subset fuzzer test in parallel
...
resolves https://github.com/harfbuzz/harfbuzz/runs/695051808#step:6:595 failure
2020-05-21 07:15:09 +04:30
Ebrahim Byagowi
8a5368e2d6
[tests] Enable more gid misc calls on draw fuzzer
2020-05-21 07:00:40 +04:30
Ebrahim Byagowi
c68ab4b52b
Fix _get_ligature_caret's oob read issue
...
AAT::Lookup has no other way to detect whether it is returned from
a real and sanitized font data or from a null pool, this checks if
the table has been recognized valid by sanitizer by checking
table's major version which is zero if returned from a null pool and
non-zero if is from a sanitized font data, it is expected the other
calls of the table (unlikely to have more calls however) also do a
similar version check before calling the lookups used on the table.
2020-05-21 06:56:09 +04:30
ckitagawa
b22f61d86a
Fix bug
2020-04-21 16:51:55 -07:00
ariza
22f7c61acf
implement SID to glyph ID mapping with predefined Charset
...
Also fixes oss-fuzz 21769
2020-04-18 15:42:30 +04:30
Qunxin Liu
0d5695983e
[subset] fixes dangling object_t issue in FeatureVariationRecord
...
Fixes https://crbug.com/oss-fuzz/21560
revert () does not clean up useless object_t. Adjust the order of
subsetting substitutions and conditions to avoid dangling object_t.
2020-04-06 13:41:33 +04:30
Ebrahim Byagowi
57b7de032f
[subset] Fail ClassDefFormat1 serialization if no space available
...
Fixes https://crbug.com/oss-fuzz/21580
2020-04-05 17:38:04 +04:30
Garret Rieger
014e038b2c
[subset] Bail out of context lookup expansion once the lookup limit is encountered.
2020-04-01 11:14:41 +04:30
Garret Rieger
5d345d0cd1
[subset] Limit the number of lookup indices processed subsetting Feature.
...
> Also, remove two unnessecary full iterations of the lookup index iterator during serialization of the index array. Fixes fuzzer found timeout.
2020-04-01 11:13:05 +04:30
Ebrahim Byagowi
96d792ae80
[avar] Prevent mul overflow
...
Fixes https://crbug.com/oss-fuzz/21350
2020-03-26 15:01:14 +00:00
Garret Rieger
4ad686b9c0
[subset] fix fuzzer timeout in layout closure
...
Bail out of chain context lookup expansion once the lookup limit is encountered.
2020-03-26 06:32:28 +00:00
Ebrahim Byagowi
7054b12206
[meson] Mark rest of non-install executables explicitly
2020-03-24 19:06:09 +00:00
Ebrahim Byagowi
600bf21fbc
[meson] Add draw-fuzzer runner
2020-03-24 19:06:09 +00:00
Ebrahim Byagowi
28deb6b718
[meson] test/fuzzing simplify
2020-03-24 19:06:09 +00:00
Ebrahim Byagowi
78622231ac
[meson] More comment on tests are causing timeout failure
2020-03-24 19:06:09 +00:00
Ebrahim Byagowi
d57fc627e9
[meson] raise timeout value of subset fuzzer
2020-03-24 19:06:09 +00:00
Ebrahim Byagowi
761695264b
[tests] Remove py2 workaround for lack of timeout in subprocess
2020-03-19 10:32:46 +00:00
Ebrahim Byagowi
b5526a09ff
[tools] Remove in-house 'which' now that we have py3
2020-03-19 10:32:46 +00:00
Garret Rieger
430bf69653
Add potentially crashing font as a fuzzer seed.
2020-03-14 00:55:47 +03:30
Ebrahim Byagowi
755a77d660
Move outline draw API behind HB_EXPERIMENTAL_API directive
2020-03-13 08:25:53 +03:30
Garret Rieger
834a224a50
[subset] Put a limit on the number of lookup indices that can be visited during closures
...
Fixes https://crbug.com/oss-fuzz/21025
2020-03-12 13:32:36 +03:30
Ebrahim Byagowi
c494d7abcd
Remove cmake testing and add meson build bot
...
CMake tests are broken anyway as py3 changes so let's get rid of them
2020-03-11 20:15:10 +03:30
Ebrahim Byagowi
1c3f80ba13
[meson] Minor updates
2020-03-11 20:15:10 +03:30
Khaled Hosny
04438554c8
meson: Update build files after rebase
2020-03-11 19:18:57 +03:30
Tim-Philipp Müller
618584e923
meson: rename incbase to incconfig
...
Makes it clearer what it's for: config.h. See #4 .
2020-03-11 19:18:57 +03:30
Mathieu Duponchelle
d4a7237327
meson: all tests passing on Windows / MSVC
2020-03-11 19:18:57 +03:30
Mathieu Duponchelle
7ee650b173
meson: refactor fuzzing test
2020-03-11 19:18:57 +03:30
Mathieu Duponchelle
920efc0ef7
Add Meson build definitions
...
Fixes #490
http://mesonbuild.com
2020-03-11 19:18:57 +03:30
Ebrahim Byagowi
0d729b4b72
[avar] Fix out-of-bound read when input is bigger than all the coords
...
'i' shouldn't become equal to array's length which as the increament
is happened at end of the loop, if the input is bigger than all the
table coords, it will be equal to array's length.
Fixes https://crbug.com/oss-fuzz/21092
2020-03-07 13:20:41 +03:30
Ebrahim Byagowi
446d1e3bbc
[fuzz] Add more of fixed cases
2020-03-05 00:49:03 +03:30
Ebrahim Byagowi
99b5b3f1b1
[gvar] Make sure TupleVarHeader has the needed size
...
Fixes https://crbug.com/oss-fuzz/21026
2020-03-04 12:43:26 +03:30
Ebrahim Byagowi
558f922788
[fuzz] Avoid empty memcpy and ubsan complain by length checking before memcpy
2020-03-03 21:39:22 +03:30
Ebrahim Byagowi
6543d166fd
[fuzz] Remove the not yet fixed timeout, going to investigate
2020-03-03 21:39:22 +03:30
Ebrahim Byagowi
2bbf1c8673
[fuzz] Add more of supposed to already be fixed cases from Chromium bug tracker
2020-03-03 21:39:22 +03:30
Ebrahim Byagowi
f253f06cf3
[fuzz] Add another fixed case
...
https://crbug.com/oss-fuzz/14626
another numerous subtables count which is fixed by d38360397
2020-03-03 19:12:04 +03:30
Ebrahim Byagowi
d383603976
Limit OT::Lookup subtables ( #2219 )
...
Fixes https://crbug.com/oss-fuzz/13943
2020-03-02 22:41:08 +03:30
Ebrahim Byagowi
29efd964f2
[fuzz] Add cases that marked as wontfix
...
Let's see if they were really false alarms, if so, let's just have them.
2020-03-02 14:22:29 +03:30
Ebrahim Byagowi
cb65150fec
[draw] minor
2020-02-29 16:12:54 +03:30
Ebrahim Byagowi
86c40b3a1d
[fuzz/draw] Call _get_glyph_extents
...
Other render related APIs also may be added also later such
as ot-color and future rendering things.
2020-02-29 14:53:34 +03:30
Michiharu Ariza
5ab50eebd7
collect_unicodes() with clamp, calling add_range()
...
Use add_range instead an inner loop, clamp its input number by
number of glyphs a face has.
Even the face cmap12 and 13 have 32-bit hb_codepoint_t, which is here
used to make timeout, face's maxp has 16-bit gid limitation at least for now,
using that makes sure we both fix and the timeout and don't need to change
much things here also in order to support 32-bit gids also someday.
Fixes #2204
2020-02-29 13:02:29 +03:30
Garret Rieger
410b4881d0
[subset] Add fuzzer timeout testcase.
2020-02-28 16:10:14 -08:00
Ebrahim Byagowi
e57ced5fc0
[gvar] Add other possibly fixed fuzzer case
...
Speculatively should've been fixed by 61208401
https://crbug.com/oss-fuzz/20924 related
2020-02-28 23:29:05 +03:30
Ebrahim Byagowi
758fda728b
[glyf] Don't accept gids higher than maxp's glyphs number
...
This specially becomes concerning on sub-components where a gvar table
that is sanitized using maxp's glyphs number overflows when a high gid
accepted here goes to it, maybe an additional check can be put there
also, this however feels to be enough.
Fixes https://crbug.com/oss-fuzz/20944
2020-02-28 23:19:06 +03:30
Ebrahim Byagowi
e90213868b
Revert "collect_unicodes() to check gid < num_glyphs with cmap 12"
...
Didn't fix the case actually, making bots to fail.
This reverts commit 15b43a4104
.
2020-02-28 21:24:51 +03:30
Ebrahim Byagowi
61208401f4
[gvar] Use hb_bytes_t.check_range instead having in house one
...
And use TupleVarHeader calculated size for validity check.
Fixes https://crbug.com/oss-fuzz/20919 and possibly other gvar related issues
2020-02-28 21:09:07 +03:30
Michiharu Ariza
15b43a4104
collect_unicodes() to check gid < num_glyphs with cmap 12
...
fixes #2204
2020-02-28 20:15:39 +03:30
Ebrahim Byagowi
868ecf7b26
[draw] Add fuzzer runner
2020-02-28 19:57:56 +03:30
Ebrahim Byagowi
8eba66c1c6
[gvar] Fix invalid memory access by refactoring GlyphVarData fetch logic
...
Fixes https://crbug.com/oss-fuzz/20906
2020-02-27 20:26:54 +03:30
ariza
a99134c5be
add oss-fuzz 20886 test file
2020-02-26 09:58:03 -08:00
Ebrahim Byagowi
1b8b863898
minor
2020-02-26 16:36:48 +03:30
Ebrahim Byagowi
132fcfbc47
[fuzz] minor don't abort main.cc when the file was empty or not found
2020-02-26 16:15:17 +03:30
Ebrahim Byagowi
84163c83d3
[draw] Skip commands and paths not contributing anything
...
They aren't contributing to rendering and making issue for stroking, let's skip them
ourselves as Skia does also https://skia-review.googlesource.com/c/skia/+/268166
They are useful for extracting extents and so which that functionality won't be effected by this change.
2020-02-26 16:09:28 +03:30
Ebrahim Byagowi
152000d9c7
[fuzz] Practice variations on font object
2020-02-25 21:16:57 +03:30
Ebrahim Byagowi
036d868913
[draw] Add a fuzzer
...
Specially checks correctness of the API semantics:
* no move happens when a path is already opened with move-to.
* no path will be left open and close-path will happen at the end of opened paths.
* no path opens with a move-to and will be closed with no length.
* paths start and ending points matches.
* no line/quadratic/cubic command will be issued when no path is started.
2020-02-25 19:09:44 +03:30