Commit Graph

248 Commits

Author SHA1 Message Date
Ebrahim Byagowi 7554f618ec minor, use sys.exit print shorthand 2020-05-28 23:34:37 +04:30
Ebrahim Byagowi f7562672f9 [meson] Use / instead join_paths
We need some of the very recent features of meson, let's use the new features also
2020-05-21 18:52:31 +04:30
Ebrahim Byagowi b8d1760bc0 [meson/ci] Increase cmap fuzzer timeout even more 2020-05-21 14:45:41 +04:30
Ebrahim Byagowi 4b12b8466f [meson] Increase timeout in hope to resolve Actions' bot timeout 2020-05-21 14:23:36 +04:30
Ebrahim Byagowi 1c4dd79cfb [ci] Increase timeout as gh bot issue isn't resolved by serial test 2020-05-21 08:52:05 +04:30
Ebrahim Byagowi 8667df552c [meson] Unbreak the build, oops 2020-05-21 07:19:37 +04:30
Ebrahim Byagowi 791debdc4a
[meson][ci] Don't run subset fuzzer test in parallel
resolves https://github.com/harfbuzz/harfbuzz/runs/695051808#step:6:595 failure
2020-05-21 07:15:09 +04:30
Ebrahim Byagowi 8a5368e2d6 [tests] Enable more gid misc calls on draw fuzzer 2020-05-21 07:00:40 +04:30
Ebrahim Byagowi c68ab4b52b Fix _get_ligature_caret's oob read issue
AAT::Lookup has no other way to detect whether it is returned from
a real and sanitized font data or from a null pool, this checks if
the table has been recognized valid by sanitizer by checking
table's major version which is zero if returned from a null pool and
non-zero if is from a sanitized font data, it is expected the other
calls of the table (unlikely to have more calls however) also do a
similar version check before calling the lookups used on the table.
2020-05-21 06:56:09 +04:30
ckitagawa b22f61d86a Fix bug 2020-04-21 16:51:55 -07:00
ariza 22f7c61acf implement SID to glyph ID mapping with predefined Charset
Also fixes oss-fuzz 21769
2020-04-18 15:42:30 +04:30
Qunxin Liu 0d5695983e [subset] fixes dangling object_t issue in FeatureVariationRecord
Fixes https://crbug.com/oss-fuzz/21560
revert () does not clean up useless object_t. Adjust the order of
subsetting substitutions and conditions to avoid dangling object_t.
2020-04-06 13:41:33 +04:30
Ebrahim Byagowi 57b7de032f [subset] Fail ClassDefFormat1 serialization if no space available
Fixes https://crbug.com/oss-fuzz/21580
2020-04-05 17:38:04 +04:30
Garret Rieger 014e038b2c [subset] Bail out of context lookup expansion once the lookup limit is encountered. 2020-04-01 11:14:41 +04:30
Garret Rieger 5d345d0cd1 [subset] Limit the number of lookup indices processed subsetting Feature.
> Also, remove two unnessecary full iterations of the lookup index iterator during serialization of the index array. Fixes fuzzer found timeout.
2020-04-01 11:13:05 +04:30
Ebrahim Byagowi 96d792ae80 [avar] Prevent mul overflow
Fixes https://crbug.com/oss-fuzz/21350
2020-03-26 15:01:14 +00:00
Garret Rieger 4ad686b9c0
[subset] fix fuzzer timeout in layout closure
Bail out of chain context lookup expansion once the lookup limit is encountered.
2020-03-26 06:32:28 +00:00
Ebrahim Byagowi 7054b12206 [meson] Mark rest of non-install executables explicitly 2020-03-24 19:06:09 +00:00
Ebrahim Byagowi 600bf21fbc [meson] Add draw-fuzzer runner 2020-03-24 19:06:09 +00:00
Ebrahim Byagowi 28deb6b718 [meson] test/fuzzing simplify 2020-03-24 19:06:09 +00:00
Ebrahim Byagowi 78622231ac [meson] More comment on tests are causing timeout failure 2020-03-24 19:06:09 +00:00
Ebrahim Byagowi d57fc627e9 [meson] raise timeout value of subset fuzzer 2020-03-24 19:06:09 +00:00
Ebrahim Byagowi 761695264b [tests] Remove py2 workaround for lack of timeout in subprocess 2020-03-19 10:32:46 +00:00
Ebrahim Byagowi b5526a09ff [tools] Remove in-house 'which' now that we have py3 2020-03-19 10:32:46 +00:00
Garret Rieger 430bf69653 Add potentially crashing font as a fuzzer seed. 2020-03-14 00:55:47 +03:30
Ebrahim Byagowi 755a77d660 Move outline draw API behind HB_EXPERIMENTAL_API directive 2020-03-13 08:25:53 +03:30
Garret Rieger 834a224a50
[subset] Put a limit on the number of lookup indices that can be visited during closures
Fixes https://crbug.com/oss-fuzz/21025
2020-03-12 13:32:36 +03:30
Ebrahim Byagowi c494d7abcd Remove cmake testing and add meson build bot
CMake tests are broken anyway as py3 changes so let's get rid of them
2020-03-11 20:15:10 +03:30
Ebrahim Byagowi 1c3f80ba13 [meson] Minor updates 2020-03-11 20:15:10 +03:30
Khaled Hosny 04438554c8 meson: Update build files after rebase 2020-03-11 19:18:57 +03:30
Tim-Philipp Müller 618584e923 meson: rename incbase to incconfig
Makes it clearer what it's for: config.h. See #4.
2020-03-11 19:18:57 +03:30
Mathieu Duponchelle d4a7237327 meson: all tests passing on Windows / MSVC 2020-03-11 19:18:57 +03:30
Mathieu Duponchelle 7ee650b173 meson: refactor fuzzing test 2020-03-11 19:18:57 +03:30
Mathieu Duponchelle 920efc0ef7 Add Meson build definitions
Fixes #490

http://mesonbuild.com
2020-03-11 19:18:57 +03:30
Ebrahim Byagowi 0d729b4b72 [avar] Fix out-of-bound read when input is bigger than all the coords
'i' shouldn't become equal to array's length which as the increament
is happened at end of the loop, if the input is bigger than all the
table coords, it will be equal to array's length.

Fixes https://crbug.com/oss-fuzz/21092
2020-03-07 13:20:41 +03:30
Ebrahim Byagowi 446d1e3bbc [fuzz] Add more of fixed cases 2020-03-05 00:49:03 +03:30
Ebrahim Byagowi 99b5b3f1b1 [gvar] Make sure TupleVarHeader has the needed size
Fixes https://crbug.com/oss-fuzz/21026
2020-03-04 12:43:26 +03:30
Ebrahim Byagowi 558f922788 [fuzz] Avoid empty memcpy and ubsan complain by length checking before memcpy 2020-03-03 21:39:22 +03:30
Ebrahim Byagowi 6543d166fd [fuzz] Remove the not yet fixed timeout, going to investigate 2020-03-03 21:39:22 +03:30
Ebrahim Byagowi 2bbf1c8673 [fuzz] Add more of supposed to already be fixed cases from Chromium bug tracker 2020-03-03 21:39:22 +03:30
Ebrahim Byagowi f253f06cf3 [fuzz] Add another fixed case
https://crbug.com/oss-fuzz/14626

another numerous subtables count which is fixed by d38360397
2020-03-03 19:12:04 +03:30
Ebrahim Byagowi d383603976
Limit OT::Lookup subtables (#2219)
Fixes https://crbug.com/oss-fuzz/13943
2020-03-02 22:41:08 +03:30
Ebrahim Byagowi 29efd964f2
[fuzz] Add cases that marked as wontfix
Let's see if they were really false alarms, if so, let's just have them.
2020-03-02 14:22:29 +03:30
Ebrahim Byagowi cb65150fec
[draw] minor 2020-02-29 16:12:54 +03:30
Ebrahim Byagowi 86c40b3a1d [fuzz/draw] Call _get_glyph_extents
Other render related APIs also may be added also later such
as ot-color and future rendering things.
2020-02-29 14:53:34 +03:30
Michiharu Ariza 5ab50eebd7
collect_unicodes() with clamp, calling add_range()
Use add_range instead an inner loop, clamp its input number by
number of glyphs a face has.

Even the face cmap12 and 13 have 32-bit hb_codepoint_t, which is here
used to make timeout, face's maxp has 16-bit gid limitation at least for now,
using that makes sure we both fix and the timeout and don't need to change
much things here also in order to support 32-bit gids also someday.

Fixes #2204
2020-02-29 13:02:29 +03:30
Garret Rieger 410b4881d0 [subset] Add fuzzer timeout testcase. 2020-02-28 16:10:14 -08:00
Ebrahim Byagowi e57ced5fc0
[gvar] Add other possibly fixed fuzzer case
Speculatively should've been fixed by 61208401

https://crbug.com/oss-fuzz/20924 related
2020-02-28 23:29:05 +03:30
Ebrahim Byagowi 758fda728b
[glyf] Don't accept gids higher than maxp's glyphs number
This specially becomes concerning on sub-components where a gvar table
that is sanitized using maxp's glyphs number overflows when a high gid
accepted here goes to it, maybe an additional check can be put there
also, this however feels to be enough.

Fixes https://crbug.com/oss-fuzz/20944
2020-02-28 23:19:06 +03:30
Ebrahim Byagowi e90213868b Revert "collect_unicodes() to check gid < num_glyphs with cmap 12"
Didn't fix the case actually, making bots to fail.

This reverts commit 15b43a4104.
2020-02-28 21:24:51 +03:30