walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
11,695 Commits 16 Branches 166 Tags 114 MiB
Commit Graph

158 Commits

Author SHA1 Message Date
Qunxin Liu 35d6af6943 [subset] fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5965777994907648 2021-06-04 18:16:23 -06:00
Qunxin Liu 1b6008ca62 fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5417934246772736 2021-06-02 17:32:16 -06:00
Qunxin Liu 7ab0f4eda9 fuzzer fix 2021-05-31 12:44:33 -06:00
Garret Rieger 425ba1f4ab [subset] fixes infinite loop in hb_set_get_max(). 
Fixes https://oss-fuzz.com/testcase-detail/5363902507515904
 2021-04-20 13:18:07 -06:00
Garret Rieger ec4321068b [subset] fix infinite loop caused by alloc failure in repacker. 
Fixes: https://oss-fuzz.com/testcase-detail/5609112151916544.
 2021-04-20 13:18:07 -06:00
Garret Rieger 0e845d973e [subset] fix memory leak in repacker caused by failed alloc. 
Fixes: https://oss-fuzz.com/testcase-detail/5616763250278400.
 2021-04-20 13:18:07 -06:00
Garret Rieger 3fb62cdc14 [subset] fail on offset overflow in tables that we don't repack. 
Fixes: https://oss-fuzz.com/testcase-detail/5229304507138048
 2021-04-19 17:01:05 -06:00
Qunxin Liu 9dc9f0385d [subset] fix for fuzzer testcase: https://oss-fuzz.com/testcase-detail/5858518134554624 2021-04-09 11:07:28 -06:00
Qunxin Liu 4af5dacedc [subset] add fuzzer testcase 2021-04-07 13:02:04 -06:00
Garret Rieger 64122b5a44 [subset] don't visit lookup if covered glyph set has failed. 
If covered glyph set is in error then the same lookup can be recursed into repeatedly potentially causing a fuzzer timeout. Fixes: https://oss-fuzz.com/testcase-detail/5416421032067072.
 2021-04-06 12:34:44 -06:00
Garret Rieger 71d6d15600 [subset] clamp distance to prevent shifting outside of the limits of int64. 
Fixes https://oss-fuzz.com/testcase-detail/4961171477233664.
 2021-04-06 11:48:39 -06:00
Garret Rieger c5c13006a1 [subset] fix memory leaks found in https://oss-fuzz.com/testcase-detail/5179935334465536 2021-03-31 12:37:45 -06:00
Garret Rieger adca4ce071 [subset] fixes https://oss-fuzz.com/testcase-detail/6173520787800064. 
Caused by incorrect bounds check in glyph closure for context lookups.
 2021-03-30 15:44:41 -06:00
Garret Rieger 752e393ad2 [subset] avoid calling clear on null pool set. 2021-03-30 15:12:52 -06:00
Garret Rieger 8741914a80 [subset] fix memory leak when map insert fails. 2021-03-29 18:02:32 -06:00
Garret Rieger 5b6da6d2f0 [subset] add fuzzer test case. 2021-03-29 17:41:07 -06:00
Garret Rieger a804a0c903 [subset] add fuzzer test case. 2021-03-29 17:15:22 -06:00
Garret Rieger 5ca353a2d0 [subset] fix heap buffer overflow found by fuzzer. 2021-02-16 12:43:02 -07:00
Behdad Esfahbod 33a0f0b686 [test] Remove fuzzed test font that triggers virus alert 
Fixes https://github.com/harfbuzz/harfbuzz/issues/2750
 2021-02-09 12:55:45 -07:00
Garret Rieger a4c3732f59 [ENOMEM] fix set clear() causing corruption if the set is in_error(). 2021-01-21 12:12:05 -07:00
Garret Rieger bbbcad0dbb Revert "[ENOMEM] don't perform set process operations if the other set is in an error state." 
This reverts commit f3929abafe.
 2020-09-16 12:23:38 -06:00
Garret Rieger f3929abafe [ENOMEM] don't perform set process operations if the other set is in an error state. 
Running a process while the other set is in an error state can potentially corrupt this sets map map (for example by overwritting all of the major values with 0).
 2020-09-16 10:36:30 -07:00
Garret Rieger 8c3d4de796 [subset] Fix integer underflow in ContextFormat2. 2020-09-11 15:52:46 -07:00
Garret Rieger 9825e3dd2e [ENOMEM] fix access to unitialized memory. 
If the serialize() call fails to write the object then we can't safely read varstore_prime fields. Fixes https://oss-fuzz.com/testcase-detail/5137462782066688.
 2020-09-02 11:01:07 -07:00
ebraminio 1e48225ca3
[ENOMEM] Check whether serialize context isn't in error 2020-08-13 23:22:14 +04:30
Garret Rieger 9562239f05 [ENOMEM] check for error in lookup visited set. 2020-08-13 01:43:11 +04:30
Garret Rieger 6f754852c1 [ENOMEM] skip asserts in to_bias if serializer is in an error state. 2020-08-12 11:25:30 +04:30
Ebrahim Byagowi ffe06c8f04 [glyf] Guard all the public APIs against null pool runs 
Fixes https://crbug.com/oss-fuzz/24575 and https://crbug.com/oss-fuzz/24737
 2020-08-08 13:43:49 +04:30
Garret Rieger 18ab8029d5 [ENOMEM] check vector status in cmap subsetting. 2020-08-02 00:30:17 +04:30
Garret Rieger 06dbb6acbb [ENOMEM] in GSUB ChainContext subsetting check maps for allocation errors. 2020-08-01 09:21:22 +04:30
Garret Rieger fb1477795c [ENOMEM] Check result of vector resize in CBDT subsetting. 2020-08-01 09:20:52 +04:30
Ebrahim Byagowi efd716de3f [cff] Check for scalars array resize result 
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24504
 2020-07-31 09:27:27 +04:30
Garret Rieger 040ed094ef [ENOMEM] popragate packed/packed_map errors to the serializer. 
Will disable further modifications based on a bad state.
 2020-07-31 08:39:26 +04:30
Garret Rieger 7f358a55f4 [ENOMEM] unchecked resize in CFF2. 2020-07-31 02:04:06 +04:30
Garret Rieger 32f052b033 [ENOMEM] Fix several instances of not checking resize in CFF. 2020-07-31 02:04:06 +04:30
Garret Rieger 15644ee60e [ENOMEM] fix memory leak if allocation fails during pop_pack(). 2020-07-30 04:15:35 +04:30
Garret Rieger 42237adffc [ENOMEM] make serializer modification operations no-ops if it's in an error state. 2020-07-30 03:59:49 +04:30
Garret Rieger 4ba8e3c6fd [ENOMEM] Fix failure to check calloc return. 
Fixes https://oss-fuzz.com/testcase-detail/6246465148813312.
 2020-07-30 00:08:08 +04:30
Garret Rieger d307c24abf [ENOMEM] check resize() return. 
Fixes https://oss-fuzz.com/testcase-detail/5641892164009984.
 2020-07-30 00:08:08 +04:30
Ebrahim Byagowi 11d583a9ea
[aat] Consume glyph insertion from buffer's max_ops (#2223) 
Glyph insertion is an expensive operation and we like to have it limited
based on buffer's input size which is handled by buffer's max_ops.

clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5754958982021120:

Before the change: 0.67s user 0.00s system 99% cpu 0.674 total
 After the change: 0.02s user 0.00s system 98% cpu 0.024 total

Which takes much longer on valgrind and tsan bots.
 2020-07-13 18:53:06 -07:00
ckitagawa b22f61d86a Fix bug 2020-04-21 16:51:55 -07:00
ariza 22f7c61acf implement SID to glyph ID mapping with predefined Charset 
Also fixes oss-fuzz 21769
 2020-04-18 15:42:30 +04:30
Qunxin Liu 0d5695983e [subset] fixes dangling object_t issue in FeatureVariationRecord 
Fixes https://crbug.com/oss-fuzz/21560
revert () does not clean up useless object_t. Adjust the order of
subsetting substitutions and conditions to avoid dangling object_t.
 2020-04-06 13:41:33 +04:30
Ebrahim Byagowi 57b7de032f [subset] Fail ClassDefFormat1 serialization if no space available 
Fixes https://crbug.com/oss-fuzz/21580
 2020-04-05 17:38:04 +04:30
Garret Rieger 014e038b2c [subset] Bail out of context lookup expansion once the lookup limit is encountered. 2020-04-01 11:14:41 +04:30
Garret Rieger 5d345d0cd1 [subset] Limit the number of lookup indices processed subsetting Feature. 
> Also, remove two unnessecary full iterations of the lookup index iterator during serialization of the index array. Fixes fuzzer found timeout.
 2020-04-01 11:13:05 +04:30
Ebrahim Byagowi 96d792ae80 [avar] Prevent mul overflow 
Fixes https://crbug.com/oss-fuzz/21350
 2020-03-26 15:01:14 +00:00
Garret Rieger 4ad686b9c0
[subset] fix fuzzer timeout in layout closure 
Bail out of chain context lookup expansion once the lookup limit is encountered.
 2020-03-26 06:32:28 +00:00
Garret Rieger 430bf69653 Add potentially crashing font as a fuzzer seed. 2020-03-14 00:55:47 +03:30
Garret Rieger 834a224a50
[subset] Put a limit on the number of lookup indices that can be visited during closures 
Fixes https://crbug.com/oss-fuzz/21025
 2020-03-12 13:32:36 +03:30