35d6af6943
[subset] fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5965777994907648
2021-06-04 18:16:23 -06:00
1b6008ca62
fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5417934246772736
2021-06-02 17:32:16 -06:00
7ab0f4eda9
fuzzer fix
2021-05-31 12:44:33 -06:00
425ba1f4ab
[subset] fixes infinite loop in hb_set_get_max().
...
Fixes https://oss-fuzz.com/testcase-detail/5363902507515904
2021-04-20 13:18:07 -06:00
ec4321068b
[subset] fix infinite loop caused by alloc failure in repacker.
...
Fixes: https://oss-fuzz.com/testcase-detail/5609112151916544 .
2021-04-20 13:18:07 -06:00
0e845d973e
[subset] fix memory leak in repacker caused by failed alloc.
...
Fixes: https://oss-fuzz.com/testcase-detail/5616763250278400 .
2021-04-20 13:18:07 -06:00
3fb62cdc14
[subset] fail on offset overflow in tables that we don't repack.
...
Fixes: https://oss-fuzz.com/testcase-detail/5229304507138048
2021-04-19 17:01:05 -06:00
9dc9f0385d
[subset] fix for fuzzer testcase: https://oss-fuzz.com/testcase-detail/5858518134554624
2021-04-09 11:07:28 -06:00
4af5dacedc
[subset] add fuzzer testcase
2021-04-07 13:02:04 -06:00
64122b5a44
[subset] don't visit lookup if covered glyph set has failed.
...
If covered glyph set is in error then the same lookup can be recursed into repeatedly potentially causing a fuzzer timeout. Fixes: https://oss-fuzz.com/testcase-detail/5416421032067072 .
2021-04-06 12:34:44 -06:00
71d6d15600
[subset] clamp distance to prevent shifting outside of the limits of int64.
...
Fixes https://oss-fuzz.com/testcase-detail/4961171477233664 .
2021-04-06 11:48:39 -06:00
c5c13006a1
[subset] fix memory leaks found in https://oss-fuzz.com/testcase-detail/5179935334465536
2021-03-31 12:37:45 -06:00
adca4ce071
[subset] fixes https://oss-fuzz.com/testcase-detail/6173520787800064 .
...
Caused by incorrect bounds check in glyph closure for context lookups.
2021-03-30 15:44:41 -06:00
752e393ad2
[subset] avoid calling clear on null pool set.
2021-03-30 15:12:52 -06:00
8741914a80
[subset] fix memory leak when map insert fails.
2021-03-29 18:02:32 -06:00
5b6da6d2f0
[subset] add fuzzer test case.
2021-03-29 17:41:07 -06:00
a804a0c903
[subset] add fuzzer test case.
2021-03-29 17:15:22 -06:00
f2d08578e7
[tests] Increase shape-fuzzer timeout
2021-03-16 01:15:40 +02:00
5ca353a2d0
[subset] fix heap buffer overflow found by fuzzer.
2021-02-16 12:43:02 -07:00
33a0f0b686
[test] Remove fuzzed test font that triggers virus alert
...
Fixes https://github.com/harfbuzz/harfbuzz/issues/2750
2021-02-09 12:55:45 -07:00
f94bf9f06f
[set fuzzer] limit the total number of set members in a fuzzing input.
...
Currently the fuzzer can create arbitarily long inputs which once big enough will trigger a timeout.
2021-01-26 10:22:07 -08:00
a4c3732f59
[ENOMEM] fix set clear() causing corruption if the set is in_error().
2021-01-21 12:12:05 -07:00
84dd65a874
[test] Remove timeout from test runners
...
See https://github.com/harfbuzz/harfbuzz/issues/2707#issuecomment-707744079
This wasn’t inconsistent as well, HB_TEST_SUBSET_FUZZER_TIMEOUT defaulted
to 12 in the test runner, but it was overridden to 50 in meson.build,
and then meson has its own test timeout.
2020-10-15 00:49:02 -07:00
bbbcad0dbb
Revert "[ENOMEM] don't perform set process operations if the other set is in an error state."
...
This reverts commit f3929abafe
2020-09-16 12:23:38 -06:00
f3929abafe
[ENOMEM] don't perform set process operations if the other set is in an error state.
...
Running a process while the other set is in an error state can potentially corrupt this sets map map (for example by overwritting all of the major values with 0).
2020-09-16 10:36:30 -07:00
8c3d4de796
[subset] Fix integer underflow in ContextFormat2.
2020-09-11 15:52:46 -07:00
9825e3dd2e
[ENOMEM] fix access to unitialized memory.
...
If the serialize() call fails to write the object then we can't safely read varstore_prime fields. Fixes https://oss-fuzz.com/testcase-detail/5137462782066688 .
2020-09-02 11:01:07 -07:00
1e48225ca3
[ENOMEM] Check whether serialize context isn't in error
2020-08-13 23:22:14 +04:30
6e32145dc9
[meson] Make compatbile with 0.47.0
2020-08-13 18:28:42 +04:30
9562239f05
[ENOMEM] check for error in lookup visited set.
2020-08-13 01:43:11 +04:30
6f754852c1
[ENOMEM] skip asserts in to_bias if serializer is in an error state.
2020-08-12 11:25:30 +04:30
057769b1a3
[fuzzer] minor
2020-08-12 02:40:55 +04:30
0417938011
[fuzzer] Mark alloc_state as unused
...
It is really unused when failing-alloc isn't on.
2020-08-12 02:40:55 +04:30
5193357832
Revert "Remove autotools build support"
...
This reverts commit 01ac32aab2
2020-08-11 23:51:59 +04:30
ffe06c8f04
[glyf] Guard all the public APIs against null pool runs
...
Fixes https://crbug.com/oss-fuzz/24575 and https://crbug.com/oss-fuzz/24737
2020-08-08 13:43:49 +04:30
01ac32aab2
Remove autotools build support
2020-08-07 23:28:12 +04:30
679fac87df
Skip hb_shape if buffer object is immutable
2020-08-06 23:47:35 +04:30
18ab8029d5
[ENOMEM] check vector status in cmap subsetting.
2020-08-02 00:30:17 +04:30
06dbb6acbb
[ENOMEM] in GSUB ChainContext subsetting check maps for allocation errors.
2020-08-01 09:21:22 +04:30
fb1477795c
[ENOMEM] Check result of vector resize in CBDT subsetting.
2020-08-01 09:20:52 +04:30
efd716de3f
[cff] Check for scalars array resize result
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24504
2020-07-31 09:27:27 +04:30
040ed094ef
[ENOMEM] popragate packed/packed_map errors to the serializer.
...
Will disable further modifications based on a bad state.
2020-07-31 08:39:26 +04:30
7f358a55f4
[ENOMEM] unchecked resize in CFF2.
2020-07-31 02:04:06 +04:30
32f052b033
[ENOMEM] Fix several instances of not checking resize in CFF.
2020-07-31 02:04:06 +04:30
15644ee60e
[ENOMEM] fix memory leak if allocation fails during pop_pack().
2020-07-30 04:15:35 +04:30
42237adffc
[ENOMEM] make serializer modification operations no-ops if it's in an error state.
2020-07-30 03:59:49 +04:30
4ba8e3c6fd
[ENOMEM] Fix failure to check calloc return.
...
Fixes https://oss-fuzz.com/testcase-detail/6246465148813312 .
2020-07-30 00:08:08 +04:30
d307c24abf
[ENOMEM] check resize() return.
...
Fixes https://oss-fuzz.com/testcase-detail/5641892164009984 .
2020-07-30 00:08:08 +04:30
48ad745996
[ENOMEM] Fix buffer's content check logic
...
So now rest of shape fuzzer also can be enabled.
Fixes #2571
2020-07-29 08:09:10 +04:30
c33e8006fd
[fuzz] Implement failing allocator
2020-07-29 07:35:34 +04:30
5c46683ab8
[fuzz] increase shape fuzzer timeout
...
as https://circleci.com/gh/harfbuzz/harfbuzz/149203
2020-07-22 17:23:22 +04:30
945bcd7230
minor
2020-07-15 09:54:32 +04:30
fa0436ddd1
[ENOMEM][fuzzer/subset] early return if the result is null
...
I don't see _or_fail APIs idiomatic for the project but since it is there, let's have this
2020-07-15 09:52:40 +04:30
11d583a9ea
[aat] Consume glyph insertion from buffer's max_ops ( #2223 )
...
Glyph insertion is an expensive operation and we like to have it limited
based on buffer's input size which is handled by buffer's max_ops.
clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5754958982021120:
Before the change: 0.67s user 0.00s system 99% cpu 0.674 total
After the change: 0.02s user 0.00s system 98% cpu 0.024 total
Which takes much longer on valgrind and tsan bots.
2020-07-13 18:53:06 -07:00
cd6f62d960
[meson] Raise timeout value of subset fuzzer testcases
...
happens when tsan is enabled
2020-07-12 23:05:11 +04:30
e4f9969108
[ci] migrate to meson
...
two bots, one bot here (distcheck) and one in travis still run autotools and
won't be removed till we decide about autotools
2020-07-08 19:18:31 +04:30
e04050e3b8
[meson] split fuzzer_ldflags before use
2020-07-08 01:06:30 +04:30
c5def34730
[meson] don't underscorify fuzzers names
2020-07-06 23:51:52 +04:30
d608f2ac85
[meson] Add fuzzer_ldflags
...
As ots, https://github.com/khaledhosny/ots/commit/4d37b9b
2020-07-06 23:51:52 +04:30
a470b0b205
Minor, disable strict-aliasing warning in set fuzzer
...
../test/fuzzing/hb-set-fuzzer.cc: In function ‘int LLVMFuzzerTestOneInput(const uint8_t*, size_t)’:
../test/fuzzing/hb-set-fuzzer.cc:38:82: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
38 | const instructions_t &instructions = reinterpret_cast<const instructions_t &> (data);
|
And it is already disabled at project level so let's disable it here also.
2020-07-05 10:49:10 +04:30
a07672d353
[py] minor, replace os.environ.get with os.getenv
2020-07-04 16:16:15 +04:30
47a0fbec31
[meson] Mark longer tests with slow
...
So one can skip them easily by `meson test -Cbuild --no-suite slow`
2020-06-21 08:47:10 +04:30
0881611778
[fuzzer] Make some use for test_font API calls
...
Making some use for result of some of the test_font calls to make
sure compilers in fuzzers aren't just optimizing the calls.
2020-06-20 22:06:11 +04:30
03bd6ead44
[meson] Only pass required dependencies to everything
...
Instead of passing dependencies as required we used one giant shared
dependency list containing all dependencies for every library/executable.
While this kinda works, the specified deps are also used for generating
the pkg-config files and this leads to lots of Requires.private and Libs.private
entries which aren't really needed.
This removes the "deps" array and replaces it with a few smaller ones and
makes sure the public libraries only get passed the dependencies actually
needed.
Fixes #2441
2020-06-04 23:28:57 +04:30
a9d13463b5
[meson] Categorize tests using `suite: [...]`
...
So one can run a category of interested tests like
meson test -Cbuild --suite aots --suite src --print-errorlogs
Intead issuing particular tests which also is possible like
meson test -Cbuild test-shape --print-errorlogs
2020-05-30 16:58:46 +04:30
7554f618ec
minor, use sys.exit print shorthand
2020-05-28 23:34:37 +04:30
f7562672f9
[meson] Use / instead join_paths
...
We need some of the very recent features of meson, let's use the new features also
2020-05-21 18:52:31 +04:30
b8d1760bc0
[meson/ci] Increase cmap fuzzer timeout even more
2020-05-21 14:45:41 +04:30
4b12b8466f
[meson] Increase timeout in hope to resolve Actions' bot timeout
2020-05-21 14:23:36 +04:30
1c4dd79cfb
[ci] Increase timeout as gh bot issue isn't resolved by serial test
2020-05-21 08:52:05 +04:30
8667df552c
[meson] Unbreak the build, oops
2020-05-21 07:19:37 +04:30
791debdc4a
[meson][ci] Don't run subset fuzzer test in parallel
...
resolves https://github.com/harfbuzz/harfbuzz/runs/695051808#step:6:595 failure
2020-05-21 07:15:09 +04:30
8a5368e2d6
[tests] Enable more gid misc calls on draw fuzzer
2020-05-21 07:00:40 +04:30
c68ab4b52b
Fix _get_ligature_caret's oob read issue
...
AAT::Lookup has no other way to detect whether it is returned from
a real and sanitized font data or from a null pool, this checks if
the table has been recognized valid by sanitizer by checking
table's major version which is zero if returned from a null pool and
non-zero if is from a sanitized font data, it is expected the other
calls of the table (unlikely to have more calls however) also do a
similar version check before calling the lookups used on the table.
2020-05-21 06:56:09 +04:30
b22f61d86a
Fix bug
2020-04-21 16:51:55 -07:00
22f7c61acf
implement SID to glyph ID mapping with predefined Charset
...
Also fixes oss-fuzz 21769
2020-04-18 15:42:30 +04:30
0d5695983e
[subset] fixes dangling object_t issue in FeatureVariationRecord
...
Fixes https://crbug.com/oss-fuzz/21560
revert () does not clean up useless object_t. Adjust the order of
subsetting substitutions and conditions to avoid dangling object_t.
2020-04-06 13:41:33 +04:30
57b7de032f
[subset] Fail ClassDefFormat1 serialization if no space available
...
Fixes https://crbug.com/oss-fuzz/21580
2020-04-05 17:38:04 +04:30
014e038b2c
[subset] Bail out of context lookup expansion once the lookup limit is encountered.
2020-04-01 11:14:41 +04:30
5d345d0cd1
[subset] Limit the number of lookup indices processed subsetting Feature.
...
> Also, remove two unnessecary full iterations of the lookup index iterator during serialization of the index array. Fixes fuzzer found timeout.
2020-04-01 11:13:05 +04:30
96d792ae80
[avar] Prevent mul overflow
...
Fixes https://crbug.com/oss-fuzz/21350
2020-03-26 15:01:14 +00:00
4ad686b9c0
[subset] fix fuzzer timeout in layout closure
...
Bail out of chain context lookup expansion once the lookup limit is encountered.
2020-03-26 06:32:28 +00:00
7054b12206
[meson] Mark rest of non-install executables explicitly
2020-03-24 19:06:09 +00:00
600bf21fbc
[meson] Add draw-fuzzer runner
2020-03-24 19:06:09 +00:00
28deb6b718
[meson] test/fuzzing simplify
2020-03-24 19:06:09 +00:00
78622231ac
[meson] More comment on tests are causing timeout failure
2020-03-24 19:06:09 +00:00
d57fc627e9
[meson] raise timeout value of subset fuzzer
2020-03-24 19:06:09 +00:00
761695264b
[tests] Remove py2 workaround for lack of timeout in subprocess
2020-03-19 10:32:46 +00:00
b5526a09ff
[tools] Remove in-house 'which' now that we have py3
2020-03-19 10:32:46 +00:00
430bf69653
Add potentially crashing font as a fuzzer seed.
2020-03-14 00:55:47 +03:30
755a77d660
Move outline draw API behind HB_EXPERIMENTAL_API directive
2020-03-13 08:25:53 +03:30
834a224a50
[subset] Put a limit on the number of lookup indices that can be visited during closures
...
Fixes https://crbug.com/oss-fuzz/21025
2020-03-12 13:32:36 +03:30
c494d7abcd
Remove cmake testing and add meson build bot
...
CMake tests are broken anyway as py3 changes so let's get rid of them
2020-03-11 20:15:10 +03:30
1c3f80ba13
[meson] Minor updates
2020-03-11 20:15:10 +03:30
04438554c8
meson: Update build files after rebase
2020-03-11 19:18:57 +03:30
618584e923
meson: rename incbase to incconfig
...
Makes it clearer what it's for: config.h. See #4 .
2020-03-11 19:18:57 +03:30
d4a7237327
meson: all tests passing on Windows / MSVC
2020-03-11 19:18:57 +03:30
7ee650b173
meson: refactor fuzzing test
2020-03-11 19:18:57 +03:30
920efc0ef7
Add Meson build definitions
...
Fixes #490
http://mesonbuild.com
2020-03-11 19:18:57 +03:30
0d729b4b72
[avar] Fix out-of-bound read when input is bigger than all the coords
...
'i' shouldn't become equal to array's length which as the increament
is happened at end of the loop, if the input is bigger than all the
table coords, it will be equal to array's length.
Fixes https://crbug.com/oss-fuzz/21092
2020-03-07 13:20:41 +03:30
Qunxin Liu
Garret Rieger
Khaled Hosny
Behdad Esfahbod
Khaled Hosny
ebraminio
Christoph Reiter
ckitagawa
ariza
Tim-Philipp Müller
Mathieu Duponchelle