Qunxin Liu
defe9b6da0
crash fix : Heap-buffer-overflow READ 2
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18513
2019-10-25 13:09:47 -07:00
Qunxin Liu
b2fcca6e14
fuzzer crash fix
...
https://oss-fuzz.com/testcase-detail/5643107869917184
2019-10-24 16:11:30 -07:00
Ebrahim Byagowi
9815ca0338
[ci] Use custom subset fuzzer timeout for failing sanitizer bots
2019-10-25 00:16:23 +03:30
Garret Rieger
95ab110cd9
Optimize intersects_array to fix fuzzer timeout.
2019-10-22 13:33:50 -07:00
Qunxin Liu
b33a0d628e
fuzzer crash fix: Null-dereference WRITE
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18363
2019-10-22 01:01:08 +03:30
Ebrahim Byagowi
e766783152
[fuzz] Add https://crbug.com/oss-fuzz/17898 testcase
2019-10-21 22:17:06 +03:30
Garret Rieger
831daf4c76
Enforce HB_MAX_LANGSYS limit during layout subsetting.
2019-10-18 15:10:30 -07:00
Ebrahim Byagowi
0665dce116
[fuzzer] Don't process output in debug mode as it causes timeout
2019-09-21 17:36:33 +04:30
Ebrahim Byagowi
d3b984d379
Revert in-house pow10 ( d80a3ea
) and fix oss-fuzz/16922
...
Probably can be fixed but merging it was wrong so let's revert.
2019-09-02 18:28:03 +04:30
Ebrahim Byagowi
875985cd48
[subset] Don't allow malicious fonts to insert unlimited table headers
...
Fixes https://crbug.com/oss-fuzz/16810
2019-08-29 14:51:22 +04:30
Ebrahim Byagowi
269a120f13
[subset] Raise the bar in new vs old table size
...
https://crbug.com/oss-fuzz/16740
This is actually an interesting thing that {h,v}mtx allocates as
much as a font pretends to have glyphs but the solution is not
that obvious as regular fonts can have less than actually containing
metrics in their {h,v}mtx. This change raises the bar to consider this
hmtx 4 byte for every glyph case.
Initially we wanted to just find things allocating crazy amount of
memory but having the assert has led to interesting findings also
so let's don't remove the assert and see what we can find elsewhere.
2019-08-25 20:37:00 +04:30
Ebrahim Byagowi
28aba780c4
[subset] Fix blob leak of _subset2 when returns early
...
Fixes https://crbug.com/oss-fuzz/16639
2019-08-24 16:11:21 +04:30
Ebrahim Byagowi
b31d627f15
Increase subset fuzzer timeout to 16s
...
To satisfy -valgrind and -tsan bots, very ugly
2019-08-11 23:34:48 +04:30
Ebrahim Byagowi
e21bdf500d
Increase subset fuzzer timeout to 8s
...
Probably we should just remove timeout when running tsan and vaglrind here, the flaky bots
2019-07-28 22:59:09 +04:30
Ebrahim Byagowi
bdfdac0f26
[ci][fuzzer] print valgrind failure if an error happened
2019-07-19 10:33:00 +04:30
Ebrahim Byagowi
f8242b61ab
[fuzz] Increase subset runner timeout for tsan bot
...
Now is flaky let's just increase and maybe investigate later
2019-07-11 15:10:36 +04:30
Ebrahim Byagowi
b65bad18aa
[fuzz] Don't fail when blob is empty
...
And enable more tests able to trig the issue.
2019-07-11 14:31:55 +04:30
Ebrahim Byagowi
c85f624b51
Force blob generation and memory check in hb-subset-fuzzer
2019-07-10 23:38:07 +04:30
Michiharu Ariza
8341c0b304
add test case file
2019-06-27 08:43:31 -07:00
Michiharu Ariza
90872a29ee
change assert(false) to failure
2019-06-11 12:42:28 -07:00
Michiharu Ariza
65e66a2d37
added test data
2019-06-03 16:31:41 -07:00
Bruce Mitchener
5846884f86
test: Use nullptr in C++ code. ( #1744 )
2019-06-03 12:30:25 +04:30
Qunxin Liu
e1a5ce6aa6
Fix fuzzer crash testcase
...
Add a check for stringOffSet(uint16) overflow,
return early if overflow happens
2019-05-24 15:26:20 -04:00
Garret Rieger
0ff3618c2d
[subset] Use hb_subset_input_t inside of subset_options_t so that input defaults are shared between the library and cli.
2019-05-20 13:35:46 -07:00
Behdad Esfahbod
9ef241cd40
[test] Add one more
2019-05-20 11:38:02 -04:00
Behdad Esfahbod
3efb7af7e2
[STAT] Fix sanitize condition
...
Oops!
Fixes https://oss-fuzz.com/testcase-detail/5696825891225600
2019-05-20 11:37:16 -04:00
Ebrahim Byagowi
30c059a978
[test] minor, fix -Weverything bot
2019-05-11 18:48:41 -04:00
Ebrahim Byagowi
25531a3039
[test] minor
...
style fix and add return statement
2019-05-11 19:50:42 +00:00
Behdad Esfahbod
25a5b287f2
Fix sanitize fail of extension sublookups
...
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=960331
2019-05-10 16:03:20 -07:00
Ebrahim Byagowi
df237d2fe7
[test] Add https://crbug.com/oss-fuzz/14641 testcase
...
As 503748d
fix
2019-05-08 14:17:14 -07:00
Ebrahim Byagowi
6d6edc8b25
[valgrind] Use libtool and support run-subset-fuzzer-tests ( #1668 )
2019-04-28 11:54:07 -07:00
Ebrahim Byagowi
62c6e17072
[test] Add crbug.com/oss-fuzz/14474 testcase
...
Fixed at 6977a95f
2019-04-28 10:55:07 -07:00
Michiharu Ariza
ba0386060d
fix oss-fuzz issue 14345
2019-04-18 18:18:05 -04:00
Behdad Esfahbod
b7384c89e2
[fuzzing] Run valgrind with --leak-check=full
2019-04-15 16:53:10 -04:00
Behdad Esfahbod
3ff66c0029
[fuzzing] Fail if valgrind is requested but not found
2019-04-15 16:52:21 -04:00
Behdad Esfahbod
ec2a5dc859
Use class templates for Null objects
...
This allows partial-instantiating custom Null object for template Lookup<T>.
Before, this had to be handcoded per instantiation. Apparently I missed
adding one for AAT::ankr.lookupTable, so it was getting the wrong (generic)
null for Lookup object, which is wrong and unsafe.
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=944346
2019-03-26 16:23:40 -07:00
Michiharu Ariza
bcb4e505d6
cff2 subset fuzzer issues ( #1619 )
...
* add check to FDArray::serialize
* add test files
* fix off by one
2019-03-15 13:46:25 -07:00
Garret Rieger
dc04261a5b
[subset] Update the subset fuzzer to determine which options to use based on data in the fuzzing test case.
...
Add support for toggling retain_gids.
2019-01-30 15:23:19 -08:00
Behdad Esfahbod
6879efc2c1
[AAT] Fix anchor bound checking, again
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12532
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=922303
2019-01-17 14:08:02 -05:00
Behdad Esfahbod
91d774712f
[test] Add test for previous commit
2019-01-14 15:31:31 -05:00
Behdad Esfahbod
7a6686a589
[AAT] Fix mort ContextualSubtable offset access
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12312
2019-01-14 15:09:14 -05:00
Behdad Esfahbod
a3fa7d3336
[AAT] Fix ankr table access
...
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=918340
2019-01-14 14:37:36 -05:00
Michiharu Ariza
798e98c47b
[CFF] bad offset in Index ( #1476 )
...
* Update hb-ot-cff-common.hh
* fix bug
* bummer fix wasn't hit. refix
* additional sanity check
* Added test cases for oss-fuzz issues 11805, 11806
2018-12-12 21:08:15 -05:00
Michiharu Ariza
bcb4ecaf68
[CFF] check out of range FD index ( #1477 )
...
* add fd index checks to subr subsetter
also added oss-fuzz test case
* undid SubrSubsetParam::is_valid
because already validated by SubrClosures.valid
2018-12-12 20:36:01 -05:00
Michiharu Ariza
2941208f1e
[CFF] oss-fuzz issue 11690 ASSERT: substr.offset >= opStart ( #1461 )
...
* fix oss-fuzz 11690: substr.offset >= opStart
detect recursive subroutine call & handle as error
* fix build failure
* add minimized test case for oss-fuzz 11690
* removed asserts
2018-12-11 15:21:24 -05:00
Michiharu Ariza
ae087d10c2
add minimized test case for oss-fuzz issue 11714
2018-12-05 21:47:34 -08:00
Ebrahim Byagowi
f95324a335
Merge pull request #1457 from harfbuzz/cff-varstore-sanitize
...
[CFF] oss-fuzz issue 11713 (CFF2VariationStore::serialize)
2018-12-06 08:33:44 +03:30
Michiharu Ariza
9d8f3b0dfb
add minimized test case for oss-fuzz issue 11713
2018-12-05 17:14:51 -08:00
Michiharu Ariza
34e3ef8ff3
Merge branch 'master' into cff-subr-sanitize
2018-12-05 15:50:05 -08:00
Michiharu Ariza
72d8f76368
add minimized test case for oss-fuzz issue 11691
2018-12-05 15:49:11 -08:00