Commit Graph

287 Commits

Author SHA1 Message Date
Garret Rieger 9825e3dd2e [ENOMEM] fix access to unitialized memory.
If the serialize() call fails to write the object then we can't safely read varstore_prime fields. Fixes https://oss-fuzz.com/testcase-detail/5137462782066688.
2020-09-02 11:01:07 -07:00
ebraminio 1e48225ca3
[ENOMEM] Check whether serialize context isn't in error 2020-08-13 23:22:14 +04:30
Ebrahim Byagowi 6e32145dc9 [meson] Make compatbile with 0.47.0 2020-08-13 18:28:42 +04:30
Garret Rieger 9562239f05 [ENOMEM] check for error in lookup visited set. 2020-08-13 01:43:11 +04:30
Garret Rieger 6f754852c1 [ENOMEM] skip asserts in to_bias if serializer is in an error state. 2020-08-12 11:25:30 +04:30
Ebrahim Byagowi 057769b1a3 [fuzzer] minor 2020-08-12 02:40:55 +04:30
Ebrahim Byagowi 0417938011 [fuzzer] Mark alloc_state as unused
It is really unused when failing-alloc isn't on.
2020-08-12 02:40:55 +04:30
Ebrahim Byagowi 5193357832 Revert "Remove autotools build support"
This reverts commit 01ac32aab2.
2020-08-11 23:51:59 +04:30
Ebrahim Byagowi ffe06c8f04 [glyf] Guard all the public APIs against null pool runs
Fixes https://crbug.com/oss-fuzz/24575 and https://crbug.com/oss-fuzz/24737
2020-08-08 13:43:49 +04:30
Ebrahim Byagowi 01ac32aab2 Remove autotools build support 2020-08-07 23:28:12 +04:30
Ebrahim Byagowi 679fac87df Skip hb_shape if buffer object is immutable 2020-08-06 23:47:35 +04:30
Garret Rieger 18ab8029d5 [ENOMEM] check vector status in cmap subsetting. 2020-08-02 00:30:17 +04:30
Garret Rieger 06dbb6acbb [ENOMEM] in GSUB ChainContext subsetting check maps for allocation errors. 2020-08-01 09:21:22 +04:30
Garret Rieger fb1477795c [ENOMEM] Check result of vector resize in CBDT subsetting. 2020-08-01 09:20:52 +04:30
Ebrahim Byagowi efd716de3f [cff] Check for scalars array resize result
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24504
2020-07-31 09:27:27 +04:30
Garret Rieger 040ed094ef [ENOMEM] popragate packed/packed_map errors to the serializer.
Will disable further modifications based on a bad state.
2020-07-31 08:39:26 +04:30
Garret Rieger 7f358a55f4 [ENOMEM] unchecked resize in CFF2. 2020-07-31 02:04:06 +04:30
Garret Rieger 32f052b033 [ENOMEM] Fix several instances of not checking resize in CFF. 2020-07-31 02:04:06 +04:30
Garret Rieger 15644ee60e [ENOMEM] fix memory leak if allocation fails during pop_pack(). 2020-07-30 04:15:35 +04:30
Garret Rieger 42237adffc [ENOMEM] make serializer modification operations no-ops if it's in an error state. 2020-07-30 03:59:49 +04:30
Garret Rieger 4ba8e3c6fd [ENOMEM] Fix failure to check calloc return.
Fixes https://oss-fuzz.com/testcase-detail/6246465148813312.
2020-07-30 00:08:08 +04:30
Garret Rieger d307c24abf [ENOMEM] check resize() return.
Fixes https://oss-fuzz.com/testcase-detail/5641892164009984.
2020-07-30 00:08:08 +04:30
Ebrahim Byagowi 48ad745996 [ENOMEM] Fix buffer's content check logic
So now rest of shape fuzzer also can be enabled.

Fixes #2571
2020-07-29 08:09:10 +04:30
Ebrahim Byagowi c33e8006fd [fuzz] Implement failing allocator 2020-07-29 07:35:34 +04:30
Ebrahim Byagowi 5c46683ab8
[fuzz] increase shape fuzzer timeout
as https://circleci.com/gh/harfbuzz/harfbuzz/149203
2020-07-22 17:23:22 +04:30
Ebrahim Byagowi 945bcd7230
minor 2020-07-15 09:54:32 +04:30
Ebrahim Byagowi fa0436ddd1
[ENOMEM][fuzzer/subset] early return if the result is null
I don't see _or_fail APIs idiomatic for the project but since it is there, let's have this
2020-07-15 09:52:40 +04:30
Ebrahim Byagowi 11d583a9ea
[aat] Consume glyph insertion from buffer's max_ops (#2223)
Glyph insertion is an expensive operation and we like to have it limited
based on buffer's input size which is handled by buffer's max_ops.

clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5754958982021120:

Before the change: 0.67s user 0.00s system 99% cpu 0.674 total
 After the change: 0.02s user 0.00s system 98% cpu 0.024 total

Which takes much longer on valgrind and tsan bots.
2020-07-13 18:53:06 -07:00
Ebrahim Byagowi cd6f62d960
[meson] Raise timeout value of subset fuzzer testcases
happens when tsan is enabled
2020-07-12 23:05:11 +04:30
Ebrahim Byagowi e4f9969108 [ci] migrate to meson
two bots, one bot here (distcheck) and one in travis still run autotools and
won't be removed till we decide about autotools
2020-07-08 19:18:31 +04:30
Ebrahim Byagowi e04050e3b8
[meson] split fuzzer_ldflags before use 2020-07-08 01:06:30 +04:30
Ebrahim Byagowi c5def34730 [meson] don't underscorify fuzzers names 2020-07-06 23:51:52 +04:30
Ebrahim Byagowi d608f2ac85 [meson] Add fuzzer_ldflags
As ots, https://github.com/khaledhosny/ots/commit/4d37b9b
2020-07-06 23:51:52 +04:30
Ebrahim Byagowi a470b0b205 Minor, disable strict-aliasing warning in set fuzzer
../test/fuzzing/hb-set-fuzzer.cc: In function ‘int LLVMFuzzerTestOneInput(const uint8_t*, size_t)’:
../test/fuzzing/hb-set-fuzzer.cc:38:82: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
   38 |   const instructions_t &instructions = reinterpret_cast<const instructions_t &> (data);
      |

And it is already disabled at project level so let's disable it here also.
2020-07-05 10:49:10 +04:30
Ebrahim Byagowi a07672d353 [py] minor, replace os.environ.get with os.getenv 2020-07-04 16:16:15 +04:30
Ebrahim Byagowi 47a0fbec31 [meson] Mark longer tests with slow
So one can skip them easily by `meson test -Cbuild --no-suite slow`
2020-06-21 08:47:10 +04:30
Ebrahim Byagowi 0881611778 [fuzzer] Make some use for test_font API calls
Making some use for result of some of the test_font calls to make
sure compilers in fuzzers aren't just optimizing the calls.
2020-06-20 22:06:11 +04:30
Christoph Reiter 03bd6ead44 [meson] Only pass required dependencies to everything
Instead of passing dependencies as required we used one giant shared
dependency list containing all dependencies for every library/executable.
While this kinda works, the specified deps are also used for generating
the pkg-config files and this leads to lots of Requires.private and Libs.private
entries which aren't really needed.

This removes the "deps" array and replaces it with a few smaller ones and
makes sure the public libraries only get passed the dependencies actually
needed.

Fixes #2441
2020-06-04 23:28:57 +04:30
Ebrahim Byagowi a9d13463b5 [meson] Categorize tests using `suite: [...]`
So one can run a category of interested tests like

  meson test -Cbuild --suite aots --suite src --print-errorlogs

Intead issuing particular tests which also is possible like

  meson test -Cbuild test-shape --print-errorlogs
2020-05-30 16:58:46 +04:30
Ebrahim Byagowi 7554f618ec minor, use sys.exit print shorthand 2020-05-28 23:34:37 +04:30
Ebrahim Byagowi f7562672f9 [meson] Use / instead join_paths
We need some of the very recent features of meson, let's use the new features also
2020-05-21 18:52:31 +04:30
Ebrahim Byagowi b8d1760bc0 [meson/ci] Increase cmap fuzzer timeout even more 2020-05-21 14:45:41 +04:30
Ebrahim Byagowi 4b12b8466f [meson] Increase timeout in hope to resolve Actions' bot timeout 2020-05-21 14:23:36 +04:30
Ebrahim Byagowi 1c4dd79cfb [ci] Increase timeout as gh bot issue isn't resolved by serial test 2020-05-21 08:52:05 +04:30
Ebrahim Byagowi 8667df552c [meson] Unbreak the build, oops 2020-05-21 07:19:37 +04:30
Ebrahim Byagowi 791debdc4a
[meson][ci] Don't run subset fuzzer test in parallel
resolves https://github.com/harfbuzz/harfbuzz/runs/695051808#step:6:595 failure
2020-05-21 07:15:09 +04:30
Ebrahim Byagowi 8a5368e2d6 [tests] Enable more gid misc calls on draw fuzzer 2020-05-21 07:00:40 +04:30
Ebrahim Byagowi c68ab4b52b Fix _get_ligature_caret's oob read issue
AAT::Lookup has no other way to detect whether it is returned from
a real and sanitized font data or from a null pool, this checks if
the table has been recognized valid by sanitizer by checking
table's major version which is zero if returned from a null pool and
non-zero if is from a sanitized font data, it is expected the other
calls of the table (unlikely to have more calls however) also do a
similar version check before calling the lookups used on the table.
2020-05-21 06:56:09 +04:30
ckitagawa b22f61d86a Fix bug 2020-04-21 16:51:55 -07:00
ariza 22f7c61acf implement SID to glyph ID mapping with predefined Charset
Also fixes oss-fuzz 21769
2020-04-18 15:42:30 +04:30