Qunxin Liu
e1a5ce6aa6
Fix fuzzer crash testcase
...
Add a check for stringOffSet(uint16) overflow,
return early if overflow happens
2019-05-24 15:26:20 -04:00
Behdad Esfahbod
9ef241cd40
[test] Add one more
2019-05-20 11:38:02 -04:00
Behdad Esfahbod
3efb7af7e2
[STAT] Fix sanitize condition
...
Oops!
Fixes https://oss-fuzz.com/testcase-detail/5696825891225600
2019-05-20 11:37:16 -04:00
Behdad Esfahbod
25a5b287f2
Fix sanitize fail of extension sublookups
...
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=960331
2019-05-10 16:03:20 -07:00
Ebrahim Byagowi
df237d2fe7
[test] Add https://crbug.com/oss-fuzz/14641 testcase
...
As 503748d
fix
2019-05-08 14:17:14 -07:00
Ebrahim Byagowi
62c6e17072
[test] Add crbug.com/oss-fuzz/14474 testcase
...
Fixed at 6977a95f
2019-04-28 10:55:07 -07:00
Michiharu Ariza
ba0386060d
fix oss-fuzz issue 14345
2019-04-18 18:18:05 -04:00
Behdad Esfahbod
ec2a5dc859
Use class templates for Null objects
...
This allows partial-instantiating custom Null object for template Lookup<T>.
Before, this had to be handcoded per instantiation. Apparently I missed
adding one for AAT::ankr.lookupTable, so it was getting the wrong (generic)
null for Lookup object, which is wrong and unsafe.
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=944346
2019-03-26 16:23:40 -07:00
Michiharu Ariza
bcb4e505d6
cff2 subset fuzzer issues ( #1619 )
...
* add check to FDArray::serialize
* add test files
* fix off by one
2019-03-15 13:46:25 -07:00
Behdad Esfahbod
6879efc2c1
[AAT] Fix anchor bound checking, again
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12532
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=922303
2019-01-17 14:08:02 -05:00
Behdad Esfahbod
91d774712f
[test] Add test for previous commit
2019-01-14 15:31:31 -05:00
Behdad Esfahbod
7a6686a589
[AAT] Fix mort ContextualSubtable offset access
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12312
2019-01-14 15:09:14 -05:00
Behdad Esfahbod
a3fa7d3336
[AAT] Fix ankr table access
...
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=918340
2019-01-14 14:37:36 -05:00
Michiharu Ariza
798e98c47b
[CFF] bad offset in Index ( #1476 )
...
* Update hb-ot-cff-common.hh
* fix bug
* bummer fix wasn't hit. refix
* additional sanity check
* Added test cases for oss-fuzz issues 11805, 11806
2018-12-12 21:08:15 -05:00
Michiharu Ariza
bcb4ecaf68
[CFF] check out of range FD index ( #1477 )
...
* add fd index checks to subr subsetter
also added oss-fuzz test case
* undid SubrSubsetParam::is_valid
because already validated by SubrClosures.valid
2018-12-12 20:36:01 -05:00
Michiharu Ariza
2941208f1e
[CFF] oss-fuzz issue 11690 ASSERT: substr.offset >= opStart ( #1461 )
...
* fix oss-fuzz 11690: substr.offset >= opStart
detect recursive subroutine call & handle as error
* fix build failure
* add minimized test case for oss-fuzz 11690
* removed asserts
2018-12-11 15:21:24 -05:00
Michiharu Ariza
ae087d10c2
add minimized test case for oss-fuzz issue 11714
2018-12-05 21:47:34 -08:00
Ebrahim Byagowi
f95324a335
Merge pull request #1457 from harfbuzz/cff-varstore-sanitize
...
[CFF] oss-fuzz issue 11713 (CFF2VariationStore::serialize)
2018-12-06 08:33:44 +03:30
Michiharu Ariza
9d8f3b0dfb
add minimized test case for oss-fuzz issue 11713
2018-12-05 17:14:51 -08:00
Michiharu Ariza
34e3ef8ff3
Merge branch 'master' into cff-subr-sanitize
2018-12-05 15:50:05 -08:00
Michiharu Ariza
72d8f76368
add minimized test case for oss-fuzz issue 11691
2018-12-05 15:49:11 -08:00
Behdad Esfahbod
d9dabc00e9
Merge pull request #1454 from harfbuzz/cff-fixbcd
...
[CFF] fix oss-fuzz issue 11674: parse_bcd
2018-12-05 15:39:34 -08:00
Michiharu Ariza
6708c5595f
fix oss-fuzz issue 11675 (ASSERT: count <= str.len)
...
Also added an additional error check to avail ()
2018-12-05 12:51:18 -08:00
Michiharu Ariza
010e2ddb38
minimized test case for oss-fuzz issue 11674
2018-12-05 12:23:58 -08:00
Ebrahim Byagowi
79e7e3445e
Merge pull request #1449 from harfbuzz/cff-fixcharset
...
[CFF] fix for oss-fuzz 11657: Charset overrun
2018-12-05 13:25:18 +03:30
Ebrahim Byagowi
cf4b7db6b1
Merge pull request #1448 from harfbuzz/cff-leak
...
[CFF] fix leak: oss-fuzz 11662
2018-12-05 13:23:23 +03:30
Michiharu Ariza
32cc46c75a
[CFF] fix oss-fuzz issue 11670: NULL dereference ( #1450 )
...
* guard against no subr access
* code tweak
* add minimized testcase for oss-fuzz 11670 (Null deference)
2018-12-05 09:02:34 +03:30
Michiharu Ariza
78f639b8bf
added minimized testcase for oss-fuzz issue 11657
2018-12-04 14:17:03 -08:00
Michiharu Ariza
b61f74f69a
added minimized test case for oss-fuzz issue 11662
2018-12-04 10:30:35 -08:00
Michiharu Ariza
9424e80526
added minimized test cases
2018-12-03 16:18:10 -08:00
Behdad Esfahbod
84efe0438e
[aat] Fix division sign fallout
...
Happened after 11d2f49af8
since now nClasses is unsigned int...
2018-12-02 12:39:14 -05:00
Behdad Esfahbod
1204a247a5
[fuzzing] Add tests for previous commit
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11526
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11522
2018-11-24 09:49:21 -05:00
Behdad Esfahbod
2c8188bf59
[kerx] Make sure subtables are non-zero-length
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11400
2018-11-22 22:02:19 -05:00
Garret Rieger
8982830d3e
[subset] add fuzzer testcase.
2018-11-22 21:30:01 -05:00
Behdad Esfahbod
5212cd8af2
[fuzzing] Add new test
2018-11-12 14:25:18 -05:00
Behdad Esfahbod
a549aa14a0
[kerx] Protect against stack underflow
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11367
2018-11-12 13:02:39 -05:00
Behdad Esfahbod
752bd8a192
[kerx] Fix Format1 tupleKern sanitization
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11312
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11305
2018-11-10 21:13:32 -05:00
Behdad Esfahbod
3a9fa8c026
[qsort] Fix O(N^2) behavior if all array elements are the same
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11327
Reported as https://github.com/noporpoise/sort_r/issues/7
2018-11-10 01:58:26 -05:00
Ebrahim Byagowi
c560ca9251
[fuzz] A new testcase
2018-11-03 13:03:36 +03:30
Khaled Hosny
0af3d176a6
[sbix] Fix memory leak in early return
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11210
2018-10-30 17:05:28 +02:00
Behdad Esfahbod
12058e44d1
[fuzzing] Add more test
2018-10-26 21:22:26 -07:00
Ebrahim Byagowi
0229eaea29
[fuzz] Add a found hb-subset testcase
2018-10-22 10:51:37 +03:30
Ebrahim Byagowi
9b3461574f
[fuzz] Add more testcases
...
Fixed already but better to have anyway.
One didn't have minimized but it was only 164 B, so
2018-10-21 11:37:38 +03:30
Behdad Esfahbod
217a3728b4
[fuzzing] Add more font
2018-10-20 20:39:56 -07:00
Ebrahim Byagowi
d39acc5a95
[fuzzing] Add new testcases
2018-10-20 12:20:30 +03:30
Ebrahim Byagowi
fbf665b307
[fuzz] Add more found cases ( #1275 )
2018-10-19 08:09:53 +03:30
Behdad Esfahbod
b9478e28ac
Revert "[test] Remove not-fixed yet testcases ( #1268 )"
...
This reverts commit 191eef823f
.
2018-10-17 22:11:49 -07:00
Ebrahim Byagowi
191eef823f
[test] Remove not-fixed yet testcases ( #1268 )
...
I added them but now that I think, it is a bad idea to have them as
fuzzing bots will find good seeds to tweak in order to find easy new
testcases which causes duplicated issues.
2018-10-18 08:04:18 +03:30
Ebrahim Byagowi
751c10e55e
[fuzz] Add more new testcases
2018-10-18 06:36:48 +03:30
Ebrahim Byagowi
fd282eb328
[fuzz] Add a new testcase
2018-10-18 06:33:39 +03:30