Commit Graph

17 Commits

Author SHA1 Message Date
Behdad Esfahbod baf7779d2d Limit how much recursion GSUB/GPOS does
This only counts recursions right now.  Good start.

Hopefully...
Fixes https://github.com/behdad/harfbuzz/issues/429
2017-11-14 21:55:37 -08:00
Behdad Esfahbod b9c96b5d7c Add test for previous commit
At some point we should run tests under valgrind...
2017-11-14 15:56:21 -08:00
Behdad Esfahbod 8eed9cb11e [kern] Fix invalid memory access if offset is zero
If offset is zero, we return Null() object.  Wasn't prepared for that.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4088
2017-11-09 18:09:40 -08:00
Behdad Esfahbod a11501444c Add few tests found by libFuzzer and oss-fuzz 2017-02-25 13:37:54 -08:00
jfkthame 44f7d6ecde Guard against underflow when adjusting length (#421)
* Guard against underflow when adjusting length

With the fuzz-testcase in mozilla bug 1295299, we end up with a recursed lookup that removes 3 items, when `match_positions[idx]` is 0, which results in (unsigned) `end` wrapping to a huge value.

Making `end` a signed int is probably the simplest route to a fix.

Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1295299.

* Add testcase for #421.
2017-02-16 19:03:24 -08:00
Behdad Esfahbod 4b4a1b9f23 Fix assert fail with contextual matching
As discovered by libFuzzer / Chromium fuzzing.

Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=659496
CC https://github.com/behdad/harfbuzz/issues/139
2016-12-21 23:14:16 -06:00
Behdad Esfahbod c373155904 [fuzzing] Add test for recent fix
Test from https://github.com/behdad/harfbuzz/issues/223

I forgot that we do run hb-fuzzer on tests in shaping/tests/fuzzed.tests.
2016-02-19 15:13:07 +07:00
Behdad Esfahbod 9cc1ed4fa6 Do not allow recursiving to same position and same lookup
This is just to make it harder to be extremely slow.  There definitely
are ways still, just harder.  Oh well... how do we tame this problem
without solving halting problem?!

Fixes https://github.com/behdad/harfbuzz/issues/174
2015-11-19 12:39:09 -08:00
Behdad Esfahbod 85062e3b46 Add tests for previous two commits
To fully test what these are supposed to test, they should be run
against libharfbuzz-fuzzing.la instead of libharfbuzz.la, but for
now just record the files.
2015-11-18 23:09:13 -08:00
Behdad Esfahbod 5a7eb5d4d8 [fuzzing] Add test case for OOM
From https://github.com/behdad/harfbuzz/issues/161
2015-11-06 00:01:24 -08:00
Behdad Esfahbod 2f0dfd43cd Fix test expectation 2015-11-03 12:28:34 -08:00
Behdad Esfahbod df698f3299 [ot-font] Fix hmtx table length checking, *again*
Exactly the same problem that I fixed in
63ef0b41dc

I rewrote the table checking yesterday in
67f8821fb2
and introduced the exact same issue again. :(
Good thing we have ongoing fuzzing going now.  Was discovered
immediately by libFuzzer.  Thanks kcc!

https://github.com/behdad/harfbuzz/issues/139#issuecomment-153449473
Fixes https://github.com/behdad/harfbuzz/issues/156
2015-11-03 12:15:12 -08:00
Behdad Esfahbod 67f8821fb2 [ot] Make bad-hmtx handling match FreeType
Also route fuzzing-related tests through hb-ot-font, to reduce dependency
on FreeType behavior for badly-broken fonts.  Fixes failing test with
FreeType master.
2015-11-02 15:37:29 -08:00
Behdad Esfahbod 338ffec9e4 Add tests for a couple of fixed issues found by libFuzzer
From:
https://github.com/behdad/harfbuzz/issues/139#issuecomment-147616887
https://github.com/behdad/harfbuzz/issues/139#issuecomment-148289957
2015-10-15 12:56:19 -03:00
Behdad Esfahbod 55db94be2b Add test for previous commit 2015-10-13 00:33:59 -04:00
Behdad Esfahbod 98c6fccc00 Add test for ee9b0b6cb5 2015-10-11 21:41:04 -04:00
Behdad Esfahbod 34379b49e6 Add test for previous fix 2015-10-09 12:34:02 -04:00