harfbuzz

Commit Graph

Author	SHA1	Message	Date
Garret Rieger	c08f1b8903	[map] fix incorrect population count in hash map. If the same key was set twice the population was being incorrectly incremented.	2021-08-10 14:00:55 -06:00
Garret Rieger	8c0c217b5a	[subset] fail reference blob in face builder if allocation for table sorting fails. Fixes https://oss-fuzz.com/testcase-detail/5041767803125760	2021-08-06 15:54:41 -06:00
Behdad Esfahbod	5086e10538	[test] Add failing fuzzer test case From https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36236 https://oss-fuzz.com/testcase-detail/5061207689134080	2021-08-04 11:55:53 -06:00
Behdad Esfahbod	0ded6a70c8	[subset] Fix another fuzzer issue Addition could overflow on 32bit arch. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36636 Fixes https://oss-fuzz.com/testcase-detail/5072358514753536	2021-07-28 11:35:27 -06:00
Garret Rieger	09474d8d7b	[subset] Fix fuzzer timeout in add_gid_and_children. The composite glyph graph isn't check for max operations by sanitize so track an operations count during the graph traversal.	2021-07-27 13:30:06 -06:00
Behdad Esfahbod	c68a00b92e	[subset] Fix possible overflows in VarRegionList serialize Fixes https://oss-fuzz.com/testcase-detail/5362189182566400	2021-07-27 13:28:09 -06:00
Qunxin Liu	7416faceeb	[subset] fuzzer fix: https://oss-fuzz.com/testcase-detail/5715464591376384	2021-07-08 09:09:30 -07:00
Garret Rieger	bc06af977f	[subset] speed up feature collection when tags are specified. Precompute a feature index filter to avoid needing to iterate the feature tag list for each encountered feature index. For this particular fuzzer case speeds up feature collection from 50s to 2s.	2021-06-20 17:45:19 -07:00
Garret Rieger	675ebbeb3a	[subset] don't alloc zero bytes. It will be leaked later since hb_blob_create() won't set up the blob to cleanup since it has length zero.	2021-06-16 17:35:39 -06:00
Qunxin Liu	35d6af6943	[subset] fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5965777994907648	2021-06-04 18:16:23 -06:00
Qunxin Liu	1b6008ca62	fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5417934246772736	2021-06-02 17:32:16 -06:00
Qunxin Liu	7ab0f4eda9	fuzzer fix	2021-05-31 12:44:33 -06:00
Garret Rieger	425ba1f4ab	[subset] fixes infinite loop in hb_set_get_max(). Fixes https://oss-fuzz.com/testcase-detail/5363902507515904	2021-04-20 13:18:07 -06:00
Garret Rieger	ec4321068b	[subset] fix infinite loop caused by alloc failure in repacker. Fixes: https://oss-fuzz.com/testcase-detail/5609112151916544.	2021-04-20 13:18:07 -06:00
Garret Rieger	0e845d973e	[subset] fix memory leak in repacker caused by failed alloc. Fixes: https://oss-fuzz.com/testcase-detail/5616763250278400.	2021-04-20 13:18:07 -06:00
Garret Rieger	3fb62cdc14	[subset] fail on offset overflow in tables that we don't repack. Fixes: https://oss-fuzz.com/testcase-detail/5229304507138048	2021-04-19 17:01:05 -06:00
Qunxin Liu	9dc9f0385d	[subset] fix for fuzzer testcase: https://oss-fuzz.com/testcase-detail/5858518134554624	2021-04-09 11:07:28 -06:00
Qunxin Liu	4af5dacedc	[subset] add fuzzer testcase	2021-04-07 13:02:04 -06:00
Garret Rieger	64122b5a44	[subset] don't visit lookup if covered glyph set has failed. If covered glyph set is in error then the same lookup can be recursed into repeatedly potentially causing a fuzzer timeout. Fixes: https://oss-fuzz.com/testcase-detail/5416421032067072.	2021-04-06 12:34:44 -06:00
Garret Rieger	71d6d15600	[subset] clamp distance to prevent shifting outside of the limits of int64. Fixes https://oss-fuzz.com/testcase-detail/4961171477233664.	2021-04-06 11:48:39 -06:00
Garret Rieger	c5c13006a1	[subset] fix memory leaks found in https://oss-fuzz.com/testcase-detail/5179935334465536	2021-03-31 12:37:45 -06:00
Garret Rieger	adca4ce071	[subset] fixes https://oss-fuzz.com/testcase-detail/6173520787800064 . Caused by incorrect bounds check in glyph closure for context lookups.	2021-03-30 15:44:41 -06:00
Garret Rieger	752e393ad2	[subset] avoid calling clear on null pool set.	2021-03-30 15:12:52 -06:00
Garret Rieger	8741914a80	[subset] fix memory leak when map insert fails.	2021-03-29 18:02:32 -06:00
Garret Rieger	5b6da6d2f0	[subset] add fuzzer test case.	2021-03-29 17:41:07 -06:00
Garret Rieger	a804a0c903	[subset] add fuzzer test case.	2021-03-29 17:15:22 -06:00
Garret Rieger	5ca353a2d0	[subset] fix heap buffer overflow found by fuzzer.	2021-02-16 12:43:02 -07:00
Behdad Esfahbod	33a0f0b686	[test] Remove fuzzed test font that triggers virus alert Fixes https://github.com/harfbuzz/harfbuzz/issues/2750	2021-02-09 12:55:45 -07:00
Garret Rieger	a4c3732f59	[ENOMEM] fix set clear() causing corruption if the set is in_error().	2021-01-21 12:12:05 -07:00
Garret Rieger	bbbcad0dbb	Revert "[ENOMEM] don't perform set process operations if the other set is in an error state." This reverts commit `f3929abafe`.	2020-09-16 12:23:38 -06:00
Garret Rieger	f3929abafe	[ENOMEM] don't perform set process operations if the other set is in an error state. Running a process while the other set is in an error state can potentially corrupt this sets map map (for example by overwritting all of the major values with 0).	2020-09-16 10:36:30 -07:00
Garret Rieger	8c3d4de796	[subset] Fix integer underflow in ContextFormat2.	2020-09-11 15:52:46 -07:00
Garret Rieger	9825e3dd2e	[ENOMEM] fix access to unitialized memory. If the serialize() call fails to write the object then we can't safely read varstore_prime fields. Fixes https://oss-fuzz.com/testcase-detail/5137462782066688.	2020-09-02 11:01:07 -07:00
ebraminio	1e48225ca3	[ENOMEM] Check whether serialize context isn't in error	2020-08-13 23:22:14 +04:30
Garret Rieger	9562239f05	[ENOMEM] check for error in lookup visited set.	2020-08-13 01:43:11 +04:30
Garret Rieger	6f754852c1	[ENOMEM] skip asserts in to_bias if serializer is in an error state.	2020-08-12 11:25:30 +04:30
Ebrahim Byagowi	ffe06c8f04	[glyf] Guard all the public APIs against null pool runs Fixes https://crbug.com/oss-fuzz/24575 and https://crbug.com/oss-fuzz/24737	2020-08-08 13:43:49 +04:30
Garret Rieger	18ab8029d5	[ENOMEM] check vector status in cmap subsetting.	2020-08-02 00:30:17 +04:30
Garret Rieger	06dbb6acbb	[ENOMEM] in GSUB ChainContext subsetting check maps for allocation errors.	2020-08-01 09:21:22 +04:30
Garret Rieger	fb1477795c	[ENOMEM] Check result of vector resize in CBDT subsetting.	2020-08-01 09:20:52 +04:30
Ebrahim Byagowi	efd716de3f	[cff] Check for scalars array resize result Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24504	2020-07-31 09:27:27 +04:30
Garret Rieger	040ed094ef	[ENOMEM] popragate packed/packed_map errors to the serializer. Will disable further modifications based on a bad state.	2020-07-31 08:39:26 +04:30
Garret Rieger	7f358a55f4	[ENOMEM] unchecked resize in CFF2.	2020-07-31 02:04:06 +04:30
Garret Rieger	32f052b033	[ENOMEM] Fix several instances of not checking resize in CFF.	2020-07-31 02:04:06 +04:30
Garret Rieger	15644ee60e	[ENOMEM] fix memory leak if allocation fails during pop_pack().	2020-07-30 04:15:35 +04:30
Garret Rieger	42237adffc	[ENOMEM] make serializer modification operations no-ops if it's in an error state.	2020-07-30 03:59:49 +04:30
Garret Rieger	4ba8e3c6fd	[ENOMEM] Fix failure to check calloc return. Fixes https://oss-fuzz.com/testcase-detail/6246465148813312.	2020-07-30 00:08:08 +04:30
Garret Rieger	d307c24abf	[ENOMEM] check resize() return. Fixes https://oss-fuzz.com/testcase-detail/5641892164009984.	2020-07-30 00:08:08 +04:30
Ebrahim Byagowi	11d583a9ea	[aat] Consume glyph insertion from buffer's max_ops (#2223 ) Glyph insertion is an expensive operation and we like to have it limited based on buffer's input size which is handled by buffer's max_ops. clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5754958982021120: Before the change: 0.67s user 0.00s system 99% cpu 0.674 total After the change: 0.02s user 0.00s system 98% cpu 0.024 total Which takes much longer on valgrind and tsan bots.	2020-07-13 18:53:06 -07:00
ckitagawa	b22f61d86a	Fix bug	2020-04-21 16:51:55 -07:00

1 2 3 4

167 Commits