Commit Graph

364 Commits

Author SHA1 Message Date
Behdad Esfahbod b8c7c0a0e6 [fuzzer] In 50% of runs don't fail the allocator 2022-07-01 15:25:09 -06:00
Garret Rieger 311413f16b [subset] Fix fuzzer issue.
Fixes https://oss-fuzz.com/testcase-detail/5693568490012672. new_index should be set from new_index2 when the entry is present in the map.
2022-06-14 17:49:13 +01:00
Behdad Esfahbod 62e803b361 [sbix] Limit glyph extents
Fixes https://github.com/harfbuzz/harfbuzz/issues/3557
2022-06-01 07:39:20 -06:00
Behdad Esfahbod 5a058ba158 [shape-fuzzer] Add commented out more buffer-verify option
Those currently fail and I've been unable to debug them.

I tried two, passing them to hb-shape doesn't reproduce the failure. :(
2022-06-01 04:53:50 -06:00
Behdad Esfahbod 189f65344a [fuzz-shape] Verify shape output
Let the fuzzers loose on shape verify.
2022-06-01 04:53:50 -06:00
Garret Rieger 8f9f0c494b [subset] Enforce cmap12 group ordering constraints in collect_mapping.
Fixes fuzzer issue: https://oss-fuzz.com/testcase-detail/6365271012540416
2022-05-10 12:15:09 -06:00
Garret Rieger b051f3fa83 [subset] Fix cpal subsetting when there are partial palette overlaps.
The existing code doesn't correctly handle the case where palettes partially overlap in the color record array. This changes the subsetting to only share entries in the color record array when palettes have the same first color index. Partially overlapping palettes will be converted to disjoint segments in the color record array.

Updates one of the color tests to use multiple palettes.

Also fixes fuzzer: https://oss-fuzz.com/testcase-detail/5568200165687296.
2022-05-09 12:25:05 -06:00
Behdad Esfahbod ca8a0f3ea3 [gvar] Protect against out-of-range access
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47281
Fixes https://oss-fuzz.com/testcase-detail/5508865908670464
2022-05-06 11:54:38 -06:00
Behdad Esfahbod a665e29ed7 [use] Avoid O(n^2) in the machine
Fixes https://github.com/harfbuzz/harfbuzz/issues/3502
2022-03-25 15:17:55 -06:00
Behdad Esfahbod 03085132ba [buffer] Fix out-buffer under memory-alloc failure
This was broken in July refactoring of the buffer, and exposed to
ReverseChainSingleSubstFormat1 in 3807061d63

Fixes:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38800
https://bugs.chromium.org/p/chromium/issues/detail?id=1303552
2022-03-21 18:09:06 -06:00
Behdad Esfahbod 151f205819 [draw] Emit move_to immediately, like other operators 2022-02-13 13:21:15 -06:00
Behdad Esfahbod f1a9a9ccaf [draw-state] Pass state down to callbacks 2022-02-13 13:21:14 -06:00
Behdad Esfahbod 1740916ede [draw] Remove check for no-op
This is unnecessary overhead. Up to rasterizers to handle this.  Plus,
this throws off point-numbers in uses that rely on it.

Disabled one test that broke with this.
2022-02-13 13:21:14 -06:00
Behdad Esfahbod 8b4f429000 [draw] Virtualize hb_font_draw_glyph() into hb_font_get_glyph_shape()
To be implemented in hb-ft.
2022-02-13 13:21:14 -06:00
Behdad Esfahbod 2bed4f46fb [draw] Fix draw signatures 2022-02-13 13:21:14 -06:00
Behdad Esfahbod 08e1096609 [draw-fuzzer] Fix signatures 2022-02-13 13:21:14 -06:00
Behdad Esfahbod e0ac6c587b Remove remaining traces of HB_EXPERIMENTAL_API 2022-02-13 13:21:14 -06:00
Behdad Esfahbod b263371b09
Merge pull request #3398 from harfbuzz/buffer-verify
Add HB_BUFFER_FLAG_VERIFY
2022-02-12 15:06:47 -06:00
Behdad Esfahbod af407dd24d Add a fuzzer font 2022-02-12 14:22:35 -06:00
Garret Rieger 4e2f409bce [subset] Don't hold references to members of the active_glyph_stack.
These references may get invalidated after the vector for the stack is resized. Fixes: https://oss-fuzz.com/testcase-detail/5422577634377728
2022-01-31 22:58:53 +02:00
Behdad Esfahbod 61856359cb [fuzz] Disable verification for now. 2022-01-28 14:07:29 -07:00
Behdad Esfahbod 6596e42d16 [fuzz] Verify shape results 2022-01-28 13:55:24 -07:00
luz paz e2e305066a Fix various typos
Found via `codespell -q 3 -S ./perf/texts -L actualy,ba,beng,fo,gir,inout,nd,ot,pres,ro,te,teh,timne`
2022-01-16 05:39:03 -08:00
Garret Rieger 87496bf63e [subset] fix fuzzer timeout if visisted_paint goes into error. 2022-01-13 11:08:24 -08:00
Garret Rieger 067f90a820 [subset] Fix for fuzzer timeout.
Fixes https://oss-fuzz.com/testcase-detail/5549945449480192

In prune_langsys: move LangSys visited check up before any work is done for a LangSys. In this particular case the compare() method is responsible for the majority of the time spent and wasn't being guarded with a visisted check.
2021-12-14 17:34:21 -07:00
Garret Rieger c4573c2ec7 [repacker] don't infinite loop if visited or roots is in error.
Fixes https://oss-fuzz.com/testcase-detail/5205038086094848
2021-12-14 15:57:48 -07:00
Khaled Hosny 69d8f27c69 [meson] Require 0.55.0
We implicitly require it for building ragel subproject. This new version
requirement should satisfied in both Fedora 33 and Debian bullseye, and
not be too cutting edge for us.
2021-11-22 03:11:36 +02:00
Garret Rieger ace98cc65f [subset] Only sanitize recursion depth in COLR. 2021-11-10 10:34:46 -07:00
Garret Rieger f51b48c8e7 [subset] Fix fuzzer found memory leak.
Happens because an insert into a map with an invalid key reports successful, but this causes the set being inserted to be lost.
2021-11-02 17:00:07 -07:00
Qunxin Liu 0a7563a53f [subset] fuzzer fix: https://oss-fuzz.com/testcase?key=6254792024915968
Make sure input is valid, each gid has a corresponding offset value in
the map
2021-11-02 15:25:18 -07:00
Qunxin Liu 85deddb16e [subset] fuzzer fix: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40406 2021-10-27 16:16:15 -07:00
Qunxin Liu 794b00db4b [subset] fuzzer fix: https://oss-fuzz.com/testcase-detail/6616166961905664 2021-09-29 10:29:06 -06:00
Garret Rieger 74f96d9d4b [repacker] fix heap use after free in repacker.
Don't store a reference to the link in overflow records as the link object may be freed if the sorted graph vector is resized.
2021-09-19 09:06:17 -06:00
Garret Rieger fb07f8f876 During subset input creation check for set alloc failures and fail if encountered. 2021-08-24 10:59:14 -06:00
Garret Rieger dc31920bbe Don't serialize null offsets in CPAL.
Fixes https://oss-fuzz.com/testcase-detail/5443213648330752
2021-08-18 16:52:45 -06:00
Garret Rieger c0f3af91b8 [subset] speed up add_gid_and_children and adjust op limit.
Fix for fuzzer timeout: https://oss-fuzz.com/testcase-detail/5001604901240832.

- Operation limit is per glyph, so 100,000 should still be far more than needed.
- Switches from for(...) to while(...) loop for iteration. for(...) calls it.end() which in this case triggers a complete iteration.
- Cache CompositeGlyph size in the iterator to avoid needing to recalculate it.
2021-08-12 14:50:42 -06:00
Garret Rieger c08f1b8903 [map] fix incorrect population count in hash map.
If the same key was set twice the population was being incorrectly incremented.
2021-08-10 14:00:55 -06:00
Garret Rieger 8c0c217b5a [subset] fail reference blob in face builder if allocation for table sorting fails.
Fixes https://oss-fuzz.com/testcase-detail/5041767803125760
2021-08-06 15:54:41 -06:00
Behdad Esfahbod 5086e10538 [test] Add failing fuzzer test case
From https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36236
https://oss-fuzz.com/testcase-detail/5061207689134080
2021-08-04 11:55:53 -06:00
Garret Rieger f9d8e4a976 [subset] switch ..._set_flags to not take a mask. 2021-07-29 18:30:27 -07:00
Garret Rieger 3d534b146c [subset] convert subset input flags into bit flags.
Store the flags in a bit set. Updates the public api to work with the bit set directly.
2021-07-29 18:02:34 -07:00
Behdad Esfahbod 0ded6a70c8 [subset] Fix another fuzzer issue
Addition could overflow on 32bit arch.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36636
Fixes https://oss-fuzz.com/testcase-detail/5072358514753536
2021-07-28 11:35:27 -06:00
Garret Rieger 09474d8d7b [subset] Fix fuzzer timeout in add_gid_and_children.
The composite glyph graph isn't check for max operations by sanitize so track an operations count during the graph traversal.
2021-07-27 13:30:06 -06:00
Behdad Esfahbod c68a00b92e [subset] Fix possible overflows in VarRegionList serialize
Fixes https://oss-fuzz.com/testcase-detail/5362189182566400
2021-07-27 13:28:09 -06:00
Garret Rieger 9ab751ac9f [subset] Remove hb_subset(). Leaving just hb_subset_or_fail(). 2021-07-22 12:14:47 -07:00
Garret Rieger 942636ae13 [subset] Remove hb_subset_input_get/set_retain_gids. 2021-07-22 12:12:36 -07:00
Garret Rieger 8bf5d4d4f7 [subset] Remove hb_subset_input_get/set_drop_hints. 2021-07-22 12:12:36 -07:00
Qunxin Liu 7416faceeb [subset] fuzzer fix: https://oss-fuzz.com/testcase-detail/5715464591376384 2021-07-08 09:09:30 -07:00
Garret Rieger bc06af977f [subset] speed up feature collection when tags are specified.
Precompute a feature index filter to avoid needing to iterate the feature tag list for each encountered feature index. For this particular fuzzer case speeds up feature collection from 50s to 2s.
2021-06-20 17:45:19 -07:00
Garret Rieger 675ebbeb3a [subset] don't alloc zero bytes.
It will be leaked later since hb_blob_create() won't set up the blob to cleanup since it has length zero.
2021-06-16 17:35:39 -06:00