675ebbeb3a
[subset] don't alloc zero bytes.
...
It will be leaked later since hb_blob_create() won't set up the blob to cleanup since it has length zero.
2021-06-16 17:35:39 -06:00
bdfed8f113
[blob] Add failing versions of create API
...
Fixes https://github.com/harfbuzz/harfbuzz/issues/2567
New API:
+hb_blob_create_or_fail()
+hb_blob_create_from_file_or_fail()
Use these in util/ to distinguish empty file from not-found file.
Only err on the latter.
2021-06-15 13:56:30 -06:00
35d6af6943
[subset] fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5965777994907648
2021-06-04 18:16:23 -06:00
1b6008ca62
fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5417934246772736
2021-06-02 17:32:16 -06:00
7ab0f4eda9
fuzzer fix
2021-05-31 12:44:33 -06:00
425ba1f4ab
[subset] fixes infinite loop in hb_set_get_max().
...
Fixes https://oss-fuzz.com/testcase-detail/5363902507515904
2021-04-20 13:18:07 -06:00
ec4321068b
[subset] fix infinite loop caused by alloc failure in repacker.
...
Fixes: https://oss-fuzz.com/testcase-detail/5609112151916544 .
2021-04-20 13:18:07 -06:00
0e845d973e
[subset] fix memory leak in repacker caused by failed alloc.
...
Fixes: https://oss-fuzz.com/testcase-detail/5616763250278400 .
2021-04-20 13:18:07 -06:00
3fb62cdc14
[subset] fail on offset overflow in tables that we don't repack.
...
Fixes: https://oss-fuzz.com/testcase-detail/5229304507138048
2021-04-19 17:01:05 -06:00
9dc9f0385d
[subset] fix for fuzzer testcase: https://oss-fuzz.com/testcase-detail/5858518134554624
2021-04-09 11:07:28 -06:00
4af5dacedc
[subset] add fuzzer testcase
2021-04-07 13:02:04 -06:00
64122b5a44
[subset] don't visit lookup if covered glyph set has failed.
...
If covered glyph set is in error then the same lookup can be recursed into repeatedly potentially causing a fuzzer timeout. Fixes: https://oss-fuzz.com/testcase-detail/5416421032067072 .
2021-04-06 12:34:44 -06:00
71d6d15600
[subset] clamp distance to prevent shifting outside of the limits of int64.
...
Fixes https://oss-fuzz.com/testcase-detail/4961171477233664 .
2021-04-06 11:48:39 -06:00
c5c13006a1
[subset] fix memory leaks found in https://oss-fuzz.com/testcase-detail/5179935334465536
2021-03-31 12:37:45 -06:00
adca4ce071
[subset] fixes https://oss-fuzz.com/testcase-detail/6173520787800064 .
...
Caused by incorrect bounds check in glyph closure for context lookups.
2021-03-30 15:44:41 -06:00
752e393ad2
[subset] avoid calling clear on null pool set.
2021-03-30 15:12:52 -06:00
8741914a80
[subset] fix memory leak when map insert fails.
2021-03-29 18:02:32 -06:00
5b6da6d2f0
[subset] add fuzzer test case.
2021-03-29 17:41:07 -06:00
a804a0c903
[subset] add fuzzer test case.
2021-03-29 17:15:22 -06:00
f2d08578e7
[tests] Increase shape-fuzzer timeout
2021-03-16 01:15:40 +02:00
5ca353a2d0
[subset] fix heap buffer overflow found by fuzzer.
2021-02-16 12:43:02 -07:00
33a0f0b686
[test] Remove fuzzed test font that triggers virus alert
...
Fixes https://github.com/harfbuzz/harfbuzz/issues/2750
2021-02-09 12:55:45 -07:00
f94bf9f06f
[set fuzzer] limit the total number of set members in a fuzzing input.
...
Currently the fuzzer can create arbitarily long inputs which once big enough will trigger a timeout.
2021-01-26 10:22:07 -08:00
a4c3732f59
[ENOMEM] fix set clear() causing corruption if the set is in_error().
2021-01-21 12:12:05 -07:00
84dd65a874
[test] Remove timeout from test runners
...
See https://github.com/harfbuzz/harfbuzz/issues/2707#issuecomment-707744079
This wasn’t inconsistent as well, HB_TEST_SUBSET_FUZZER_TIMEOUT defaulted
to 12 in the test runner, but it was overridden to 50 in meson.build,
and then meson has its own test timeout.
2020-10-15 00:49:02 -07:00
bbbcad0dbb
Revert "[ENOMEM] don't perform set process operations if the other set is in an error state."
...
This reverts commit f3929abafe
2020-09-16 12:23:38 -06:00
f3929abafe
[ENOMEM] don't perform set process operations if the other set is in an error state.
...
Running a process while the other set is in an error state can potentially corrupt this sets map map (for example by overwritting all of the major values with 0).
2020-09-16 10:36:30 -07:00
8c3d4de796
[subset] Fix integer underflow in ContextFormat2.
2020-09-11 15:52:46 -07:00
9825e3dd2e
[ENOMEM] fix access to unitialized memory.
...
If the serialize() call fails to write the object then we can't safely read varstore_prime fields. Fixes https://oss-fuzz.com/testcase-detail/5137462782066688 .
2020-09-02 11:01:07 -07:00
1e48225ca3
[ENOMEM] Check whether serialize context isn't in error
2020-08-13 23:22:14 +04:30
6e32145dc9
[meson] Make compatbile with 0.47.0
2020-08-13 18:28:42 +04:30
9562239f05
[ENOMEM] check for error in lookup visited set.
2020-08-13 01:43:11 +04:30
6f754852c1
[ENOMEM] skip asserts in to_bias if serializer is in an error state.
2020-08-12 11:25:30 +04:30
057769b1a3
[fuzzer] minor
2020-08-12 02:40:55 +04:30
0417938011
[fuzzer] Mark alloc_state as unused
...
It is really unused when failing-alloc isn't on.
2020-08-12 02:40:55 +04:30
5193357832
Revert "Remove autotools build support"
...
This reverts commit 01ac32aab2
2020-08-11 23:51:59 +04:30
ffe06c8f04
[glyf] Guard all the public APIs against null pool runs
...
Fixes https://crbug.com/oss-fuzz/24575 and https://crbug.com/oss-fuzz/24737
2020-08-08 13:43:49 +04:30
01ac32aab2
Remove autotools build support
2020-08-07 23:28:12 +04:30
679fac87df
Skip hb_shape if buffer object is immutable
2020-08-06 23:47:35 +04:30
18ab8029d5
[ENOMEM] check vector status in cmap subsetting.
2020-08-02 00:30:17 +04:30
06dbb6acbb
[ENOMEM] in GSUB ChainContext subsetting check maps for allocation errors.
2020-08-01 09:21:22 +04:30
fb1477795c
[ENOMEM] Check result of vector resize in CBDT subsetting.
2020-08-01 09:20:52 +04:30
efd716de3f
[cff] Check for scalars array resize result
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24504
2020-07-31 09:27:27 +04:30
040ed094ef
[ENOMEM] popragate packed/packed_map errors to the serializer.
...
Will disable further modifications based on a bad state.
2020-07-31 08:39:26 +04:30
7f358a55f4
[ENOMEM] unchecked resize in CFF2.
2020-07-31 02:04:06 +04:30
32f052b033
[ENOMEM] Fix several instances of not checking resize in CFF.
2020-07-31 02:04:06 +04:30
15644ee60e
[ENOMEM] fix memory leak if allocation fails during pop_pack().
2020-07-30 04:15:35 +04:30
42237adffc
[ENOMEM] make serializer modification operations no-ops if it's in an error state.
2020-07-30 03:59:49 +04:30
4ba8e3c6fd
[ENOMEM] Fix failure to check calloc return.
...
Fixes https://oss-fuzz.com/testcase-detail/6246465148813312 .
2020-07-30 00:08:08 +04:30
d307c24abf
[ENOMEM] check resize() return.
...
Fixes https://oss-fuzz.com/testcase-detail/5641892164009984 .
2020-07-30 00:08:08 +04:30
48ad745996
[ENOMEM] Fix buffer's content check logic
...
So now rest of shape fuzzer also can be enabled.
Fixes #2571
2020-07-29 08:09:10 +04:30
c33e8006fd
[fuzz] Implement failing allocator
2020-07-29 07:35:34 +04:30
5c46683ab8
[fuzz] increase shape fuzzer timeout
...
as https://circleci.com/gh/harfbuzz/harfbuzz/149203
2020-07-22 17:23:22 +04:30
945bcd7230
minor
2020-07-15 09:54:32 +04:30
fa0436ddd1
[ENOMEM][fuzzer/subset] early return if the result is null
...
I don't see _or_fail APIs idiomatic for the project but since it is there, let's have this
2020-07-15 09:52:40 +04:30
11d583a9ea
[aat] Consume glyph insertion from buffer's max_ops ( #2223 )
...
Glyph insertion is an expensive operation and we like to have it limited
based on buffer's input size which is handled by buffer's max_ops.
clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5754958982021120:
Before the change: 0.67s user 0.00s system 99% cpu 0.674 total
After the change: 0.02s user 0.00s system 98% cpu 0.024 total
Which takes much longer on valgrind and tsan bots.
2020-07-13 18:53:06 -07:00
cd6f62d960
[meson] Raise timeout value of subset fuzzer testcases
...
happens when tsan is enabled
2020-07-12 23:05:11 +04:30
e4f9969108
[ci] migrate to meson
...
two bots, one bot here (distcheck) and one in travis still run autotools and
won't be removed till we decide about autotools
2020-07-08 19:18:31 +04:30
e04050e3b8
[meson] split fuzzer_ldflags before use
2020-07-08 01:06:30 +04:30
c5def34730
[meson] don't underscorify fuzzers names
2020-07-06 23:51:52 +04:30
d608f2ac85
[meson] Add fuzzer_ldflags
...
As ots, https://github.com/khaledhosny/ots/commit/4d37b9b
2020-07-06 23:51:52 +04:30
a470b0b205
Minor, disable strict-aliasing warning in set fuzzer
...
../test/fuzzing/hb-set-fuzzer.cc: In function ‘int LLVMFuzzerTestOneInput(const uint8_t*, size_t)’:
../test/fuzzing/hb-set-fuzzer.cc:38:82: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
38 | const instructions_t &instructions = reinterpret_cast<const instructions_t &> (data);
|
And it is already disabled at project level so let's disable it here also.
2020-07-05 10:49:10 +04:30
a07672d353
[py] minor, replace os.environ.get with os.getenv
2020-07-04 16:16:15 +04:30
47a0fbec31
[meson] Mark longer tests with slow
...
So one can skip them easily by `meson test -Cbuild --no-suite slow`
2020-06-21 08:47:10 +04:30
0881611778
[fuzzer] Make some use for test_font API calls
...
Making some use for result of some of the test_font calls to make
sure compilers in fuzzers aren't just optimizing the calls.
2020-06-20 22:06:11 +04:30
03bd6ead44
[meson] Only pass required dependencies to everything
...
Instead of passing dependencies as required we used one giant shared
dependency list containing all dependencies for every library/executable.
While this kinda works, the specified deps are also used for generating
the pkg-config files and this leads to lots of Requires.private and Libs.private
entries which aren't really needed.
This removes the "deps" array and replaces it with a few smaller ones and
makes sure the public libraries only get passed the dependencies actually
needed.
Fixes #2441
2020-06-04 23:28:57 +04:30
a9d13463b5
[meson] Categorize tests using `suite: [...]`
...
So one can run a category of interested tests like
meson test -Cbuild --suite aots --suite src --print-errorlogs
Intead issuing particular tests which also is possible like
meson test -Cbuild test-shape --print-errorlogs
2020-05-30 16:58:46 +04:30
7554f618ec
minor, use sys.exit print shorthand
2020-05-28 23:34:37 +04:30
f7562672f9
[meson] Use / instead join_paths
...
We need some of the very recent features of meson, let's use the new features also
2020-05-21 18:52:31 +04:30
b8d1760bc0
[meson/ci] Increase cmap fuzzer timeout even more
2020-05-21 14:45:41 +04:30
4b12b8466f
[meson] Increase timeout in hope to resolve Actions' bot timeout
2020-05-21 14:23:36 +04:30
1c4dd79cfb
[ci] Increase timeout as gh bot issue isn't resolved by serial test
2020-05-21 08:52:05 +04:30
8667df552c
[meson] Unbreak the build, oops
2020-05-21 07:19:37 +04:30
791debdc4a
[meson][ci] Don't run subset fuzzer test in parallel
...
resolves https://github.com/harfbuzz/harfbuzz/runs/695051808#step:6:595 failure
2020-05-21 07:15:09 +04:30
8a5368e2d6
[tests] Enable more gid misc calls on draw fuzzer
2020-05-21 07:00:40 +04:30
c68ab4b52b
Fix _get_ligature_caret's oob read issue
...
AAT::Lookup has no other way to detect whether it is returned from
a real and sanitized font data or from a null pool, this checks if
the table has been recognized valid by sanitizer by checking
table's major version which is zero if returned from a null pool and
non-zero if is from a sanitized font data, it is expected the other
calls of the table (unlikely to have more calls however) also do a
similar version check before calling the lookups used on the table.
2020-05-21 06:56:09 +04:30
b22f61d86a
Fix bug
2020-04-21 16:51:55 -07:00
22f7c61acf
implement SID to glyph ID mapping with predefined Charset
...
Also fixes oss-fuzz 21769
2020-04-18 15:42:30 +04:30
0d5695983e
[subset] fixes dangling object_t issue in FeatureVariationRecord
...
Fixes https://crbug.com/oss-fuzz/21560
revert () does not clean up useless object_t. Adjust the order of
subsetting substitutions and conditions to avoid dangling object_t.
2020-04-06 13:41:33 +04:30
57b7de032f
[subset] Fail ClassDefFormat1 serialization if no space available
...
Fixes https://crbug.com/oss-fuzz/21580
2020-04-05 17:38:04 +04:30
014e038b2c
[subset] Bail out of context lookup expansion once the lookup limit is encountered.
2020-04-01 11:14:41 +04:30
5d345d0cd1
[subset] Limit the number of lookup indices processed subsetting Feature.
...
> Also, remove two unnessecary full iterations of the lookup index iterator during serialization of the index array. Fixes fuzzer found timeout.
2020-04-01 11:13:05 +04:30
96d792ae80
[avar] Prevent mul overflow
...
Fixes https://crbug.com/oss-fuzz/21350
2020-03-26 15:01:14 +00:00
4ad686b9c0
[subset] fix fuzzer timeout in layout closure
...
Bail out of chain context lookup expansion once the lookup limit is encountered.
2020-03-26 06:32:28 +00:00
7054b12206
[meson] Mark rest of non-install executables explicitly
2020-03-24 19:06:09 +00:00
600bf21fbc
[meson] Add draw-fuzzer runner
2020-03-24 19:06:09 +00:00
28deb6b718
[meson] test/fuzzing simplify
2020-03-24 19:06:09 +00:00
78622231ac
[meson] More comment on tests are causing timeout failure
2020-03-24 19:06:09 +00:00
d57fc627e9
[meson] raise timeout value of subset fuzzer
2020-03-24 19:06:09 +00:00
761695264b
[tests] Remove py2 workaround for lack of timeout in subprocess
2020-03-19 10:32:46 +00:00
b5526a09ff
[tools] Remove in-house 'which' now that we have py3
2020-03-19 10:32:46 +00:00
430bf69653
Add potentially crashing font as a fuzzer seed.
2020-03-14 00:55:47 +03:30
755a77d660
Move outline draw API behind HB_EXPERIMENTAL_API directive
2020-03-13 08:25:53 +03:30
834a224a50
[subset] Put a limit on the number of lookup indices that can be visited during closures
...
Fixes https://crbug.com/oss-fuzz/21025
2020-03-12 13:32:36 +03:30
c494d7abcd
Remove cmake testing and add meson build bot
...
CMake tests are broken anyway as py3 changes so let's get rid of them
2020-03-11 20:15:10 +03:30
1c3f80ba13
[meson] Minor updates
2020-03-11 20:15:10 +03:30
04438554c8
meson: Update build files after rebase
2020-03-11 19:18:57 +03:30
618584e923
meson: rename incbase to incconfig
...
Makes it clearer what it's for: config.h. See #4 .
2020-03-11 19:18:57 +03:30
d4a7237327
meson: all tests passing on Windows / MSVC
2020-03-11 19:18:57 +03:30
7ee650b173
meson: refactor fuzzing test
2020-03-11 19:18:57 +03:30
Garret Rieger
Behdad Esfahbod
Qunxin Liu
Khaled Hosny
Khaled Hosny
ebraminio
Christoph Reiter
ckitagawa
ariza
Tim-Philipp Müller
Mathieu Duponchelle