harfbuzz

Commit Graph

Author	SHA1	Message	Date
Ebrahim Byagowi	64a45be519	[ubsan] Don't decrease pointer if match_glyph_data is null (#2048 ) Similar to fix on https://github.com/harfbuzz/harfbuzz/pull/2022 Fixes https://crbug.com/1023070	2019-11-09 12:25:33 +03:30
Ebrahim Byagowi	84b86a12d9	[fuzz] Remove just added case It didn't fail locally but on bots causing timeout, let remove for now.	2019-11-06 09:22:34 +03:30
Ebrahim Byagowi	a8f049c9a1	[fuzz] Upload testcase of https://crbug.com/oss-fuzz/18529 Apparently false alarm per last comment and was ok locally also but lets have it here also	2019-11-05 22:26:36 +03:30
Qunxin Liu	defe9b6da0	crash fix : Heap-buffer-overflow READ 2 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18513	2019-10-25 13:09:47 -07:00
Qunxin Liu	b2fcca6e14	fuzzer crash fix https://oss-fuzz.com/testcase-detail/5643107869917184	2019-10-24 16:11:30 -07:00
Garret Rieger	95ab110cd9	Optimize intersects_array to fix fuzzer timeout.	2019-10-22 13:33:50 -07:00
Qunxin Liu	b33a0d628e	fuzzer crash fix: Null-dereference WRITE https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18363	2019-10-22 01:01:08 +03:30
Ebrahim Byagowi	e766783152	[fuzz] Add https://crbug.com/oss-fuzz/17898 testcase	2019-10-21 22:17:06 +03:30
Garret Rieger	831daf4c76	Enforce HB_MAX_LANGSYS limit during layout subsetting.	2019-10-18 15:10:30 -07:00
Ebrahim Byagowi	d3b984d379	Revert in-house pow10 (`d80a3ea`) and fix oss-fuzz/16922 Probably can be fixed but merging it was wrong so let's revert.	2019-09-02 18:28:03 +04:30
Ebrahim Byagowi	875985cd48	[subset] Don't allow malicious fonts to insert unlimited table headers Fixes https://crbug.com/oss-fuzz/16810	2019-08-29 14:51:22 +04:30
Ebrahim Byagowi	269a120f13	[subset] Raise the bar in new vs old table size https://crbug.com/oss-fuzz/16740 This is actually an interesting thing that {h,v}mtx allocates as much as a font pretends to have glyphs but the solution is not that obvious as regular fonts can have less than actually containing metrics in their {h,v}mtx. This change raises the bar to consider this hmtx 4 byte for every glyph case. Initially we wanted to just find things allocating crazy amount of memory but having the assert has led to interesting findings also so let's don't remove the assert and see what we can find elsewhere.	2019-08-25 20:37:00 +04:30
Ebrahim Byagowi	28aba780c4	[subset] Fix blob leak of _subset2 when returns early Fixes https://crbug.com/oss-fuzz/16639	2019-08-24 16:11:21 +04:30
Ebrahim Byagowi	b65bad18aa	[fuzz] Don't fail when blob is empty And enable more tests able to trig the issue.	2019-07-11 14:31:55 +04:30
Michiharu Ariza	8341c0b304	add test case file	2019-06-27 08:43:31 -07:00
Michiharu Ariza	90872a29ee	change assert(false) to failure	2019-06-11 12:42:28 -07:00
Michiharu Ariza	65e66a2d37	added test data	2019-06-03 16:31:41 -07:00
Qunxin Liu	e1a5ce6aa6	Fix fuzzer crash testcase Add a check for stringOffSet(uint16) overflow, return early if overflow happens	2019-05-24 15:26:20 -04:00
Behdad Esfahbod	9ef241cd40	[test] Add one more	2019-05-20 11:38:02 -04:00
Behdad Esfahbod	3efb7af7e2	[STAT] Fix sanitize condition Oops! Fixes https://oss-fuzz.com/testcase-detail/5696825891225600	2019-05-20 11:37:16 -04:00
Behdad Esfahbod	25a5b287f2	Fix sanitize fail of extension sublookups Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=960331	2019-05-10 16:03:20 -07:00
Ebrahim Byagowi	df237d2fe7	[test] Add https://crbug.com/oss-fuzz/14641 testcase As `503748d` fix	2019-05-08 14:17:14 -07:00
Ebrahim Byagowi	62c6e17072	[test] Add crbug.com/oss-fuzz/14474 testcase Fixed at `6977a95f`	2019-04-28 10:55:07 -07:00
Michiharu Ariza	ba0386060d	fix oss-fuzz issue 14345	2019-04-18 18:18:05 -04:00
Behdad Esfahbod	ec2a5dc859	Use class templates for Null objects This allows partial-instantiating custom Null object for template Lookup<T>. Before, this had to be handcoded per instantiation. Apparently I missed adding one for AAT::ankr.lookupTable, so it was getting the wrong (generic) null for Lookup object, which is wrong and unsafe. Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=944346	2019-03-26 16:23:40 -07:00
Michiharu Ariza	bcb4e505d6	cff2 subset fuzzer issues (#1619 ) * add check to FDArray::serialize * add test files * fix off by one	2019-03-15 13:46:25 -07:00
Behdad Esfahbod	6879efc2c1	[AAT] Fix anchor bound checking, again Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12532 Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=922303	2019-01-17 14:08:02 -05:00
Behdad Esfahbod	91d774712f	[test] Add test for previous commit	2019-01-14 15:31:31 -05:00
Behdad Esfahbod	7a6686a589	[AAT] Fix mort ContextualSubtable offset access Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12312	2019-01-14 15:09:14 -05:00
Behdad Esfahbod	a3fa7d3336	[AAT] Fix ankr table access Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=918340	2019-01-14 14:37:36 -05:00
Michiharu Ariza	798e98c47b	[CFF] bad offset in Index (#1476 ) * Update hb-ot-cff-common.hh * fix bug * bummer fix wasn't hit. refix * additional sanity check * Added test cases for oss-fuzz issues 11805, 11806	2018-12-12 21:08:15 -05:00
Michiharu Ariza	bcb4ecaf68	[CFF] check out of range FD index (#1477 ) * add fd index checks to subr subsetter also added oss-fuzz test case * undid SubrSubsetParam::is_valid because already validated by SubrClosures.valid	2018-12-12 20:36:01 -05:00
Michiharu Ariza	2941208f1e	[CFF] oss-fuzz issue 11690 ASSERT: substr.offset >= opStart (#1461 ) * fix oss-fuzz 11690: substr.offset >= opStart detect recursive subroutine call & handle as error * fix build failure * add minimized test case for oss-fuzz 11690 * removed asserts	2018-12-11 15:21:24 -05:00
Michiharu Ariza	ae087d10c2	add minimized test case for oss-fuzz issue 11714	2018-12-05 21:47:34 -08:00
Ebrahim Byagowi	f95324a335	Merge pull request #1457 from harfbuzz/cff-varstore-sanitize [CFF] oss-fuzz issue 11713 (CFF2VariationStore::serialize)	2018-12-06 08:33:44 +03:30
Michiharu Ariza	9d8f3b0dfb	add minimized test case for oss-fuzz issue 11713	2018-12-05 17:14:51 -08:00
Michiharu Ariza	34e3ef8ff3	Merge branch 'master' into cff-subr-sanitize	2018-12-05 15:50:05 -08:00
Michiharu Ariza	72d8f76368	add minimized test case for oss-fuzz issue 11691	2018-12-05 15:49:11 -08:00
Behdad Esfahbod	d9dabc00e9	Merge pull request #1454 from harfbuzz/cff-fixbcd [CFF] fix oss-fuzz issue 11674: parse_bcd	2018-12-05 15:39:34 -08:00
Michiharu Ariza	6708c5595f	fix oss-fuzz issue 11675 (ASSERT: count <= str.len) Also added an additional error check to avail ()	2018-12-05 12:51:18 -08:00
Michiharu Ariza	010e2ddb38	minimized test case for oss-fuzz issue 11674	2018-12-05 12:23:58 -08:00
Ebrahim Byagowi	79e7e3445e	Merge pull request #1449 from harfbuzz/cff-fixcharset [CFF] fix for oss-fuzz 11657: Charset overrun	2018-12-05 13:25:18 +03:30
Ebrahim Byagowi	cf4b7db6b1	Merge pull request #1448 from harfbuzz/cff-leak [CFF] fix leak: oss-fuzz 11662	2018-12-05 13:23:23 +03:30
Michiharu Ariza	32cc46c75a	[CFF] fix oss-fuzz issue 11670: NULL dereference (#1450 ) * guard against no subr access * code tweak * add minimized testcase for oss-fuzz 11670 (Null deference)	2018-12-05 09:02:34 +03:30
Michiharu Ariza	78f639b8bf	added minimized testcase for oss-fuzz issue 11657	2018-12-04 14:17:03 -08:00
Michiharu Ariza	b61f74f69a	added minimized test case for oss-fuzz issue 11662	2018-12-04 10:30:35 -08:00
Michiharu Ariza	9424e80526	added minimized test cases	2018-12-03 16:18:10 -08:00
Behdad Esfahbod	84efe0438e	[aat] Fix division sign fallout Happened after `11d2f49af8` since now nClasses is unsigned int...	2018-12-02 12:39:14 -05:00
Behdad Esfahbod	1204a247a5	[fuzzing] Add tests for previous commit Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11526 Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11522	2018-11-24 09:49:21 -05:00
Behdad Esfahbod	2c8188bf59	[kerx] Make sure subtables are non-zero-length Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11400	2018-11-22 22:02:19 -05:00

1 2

74 Commits