e90213868b
Revert "collect_unicodes() to check gid < num_glyphs with cmap 12"
...
Didn't fix the case actually, making bots to fail.
This reverts commit 15b43a4104
2020-02-28 21:24:51 +03:30
61208401f4
[gvar] Use hb_bytes_t.check_range instead having in house one
...
And use TupleVarHeader calculated size for validity check.
Fixes https://crbug.com/oss-fuzz/20919 and possibly other gvar related issues
2020-02-28 21:09:07 +03:30
15b43a4104
collect_unicodes() to check gid < num_glyphs with cmap 12
...
fixes #2204
2020-02-28 20:15:39 +03:30
868ecf7b26
[draw] Add fuzzer runner
2020-02-28 19:57:56 +03:30
8eba66c1c6
[gvar] Fix invalid memory access by refactoring GlyphVarData fetch logic
...
Fixes https://crbug.com/oss-fuzz/20906
2020-02-27 20:26:54 +03:30
a99134c5be
add oss-fuzz 20886 test file
2020-02-26 09:58:03 -08:00
1b8b863898
minor
2020-02-26 16:36:48 +03:30
132fcfbc47
[fuzz] minor don't abort main.cc when the file was empty or not found
2020-02-26 16:15:17 +03:30
84163c83d3
[draw] Skip commands and paths not contributing anything
...
They aren't contributing to rendering and making issue for stroking, let's skip them
ourselves as Skia does also https://skia-review.googlesource.com/c/skia/+/268166
They are useful for extracting extents and so which that functionality won't be effected by this change.
2020-02-26 16:09:28 +03:30
152000d9c7
[fuzz] Practice variations on font object
2020-02-25 21:16:57 +03:30
036d868913
[draw] Add a fuzzer
...
Specially checks correctness of the API semantics:
* no move happens when a path is already opened with move-to.
* no path will be left open and close-path will happen at the end of opened paths.
* no path opens with a move-to and will be closed with no length.
* paths start and ending points matches.
* no line/quadratic/cubic command will be issued when no path is started.
2020-02-25 19:09:44 +03:30
96b71e802f
[fuzz] make the custom loader to handle multiple files
...
Actually this was the way it used to work :)
2020-02-24 23:01:02 +03:30
8d19907704
Remove python2 support from tests/utils scripts
2020-02-19 16:17:45 +03:30
a94d1af193
[fuzz] minor style fixes
2020-02-12 19:30:31 +03:30
1c015d3e9f
[fuzz] minor fuzzer case move, oops
2020-02-12 19:19:37 +03:30
49341faee2
[fuzz] minor, move two fuzzer cases to their correct place
2020-02-12 19:17:18 +03:30
97229244eb
[fuzzer] Fix hb-set-fuzzer minor overflow issue
...
Size shouldn't be smaller than the struct not its pointer size.
Fixes https://crbug.com/oss-fuzz/20655
2020-02-12 15:41:51 +03:30
7b42403c1c
Add explicit values to the set fuzzer enums.
2020-02-11 13:25:44 -08:00
e805923310
Add a few basic seeds for the set fuzzer.
2020-02-11 13:25:44 -08:00
ff984ed3cd
Use multiplication to avoid undefined behaviour per clang
...
Newer versions of MSVC with /we4146 don't like putting negative sign behind a
unsigned number as https://github.com/harfbuzz/harfbuzz/pull/2069
That however have made https://crbug.com/1050424 this complain:
src/hb-ot-color-sbix-table.hh:304:28: runtime error: negation of -2147483648 cannot be represented in type 'int';
cast to an unsigned type to negate this value to itself
which apparently can be fixed using this change.
Let's see if this won't make another ubsan complain!
2020-02-11 19:51:52 +03:30
bca9bc6b92
Add hb-set-fuzzer.
...
It fuzzes all of the hb_set process methods (intersection, subtraction, union, and symmetric difference).
2020-02-11 03:08:39 +03:30
e128f80278
parent 777ba47b50
...
author ckitagawa <ckitagawa@chromium.org> 1579631743 -0500
committer ckitagawa <ckitagawa@chromium.org> 1580506176 -0500
[subset] Add CBLC support
2020-01-31 16:37:30 -05:00
ed857c4680
[subset] Add COLR support
2020-01-28 15:35:53 -05:00
5897697250
[test] Increase subset timeout
...
No random timeout please
2020-01-25 00:32:46 +03:30
0e4b2676bd
[subset] sbix fix missed offset is_null() check
2020-01-24 20:46:07 +03:30
7dc341fe74
[subset] Fix UBSAN issue in sbix
2020-01-23 23:46:22 +03:30
1ab3924b31
refix PR #2087 subset PairPos1
...
also added oss-fuzz 20211 data fixed by this
2020-01-23 10:50:52 -08:00
b18cb5b5ee
Add second fixed test
2020-01-22 10:11:15 -08:00
8614a30bc9
[subset] Fix sbix fuzz problem
2020-01-22 10:11:15 -08:00
6bcf57eaa3
Simplify copy and add fuzzing coverage
2020-01-15 13:36:01 -08:00
dc03a993d0
Fix collect lookups logic of FeatureTableSubstitution ( #2097 )
...
https://crbug.com/oss-fuzz/20036
2020-01-12 14:21:29 +03:30
a32ecc15ae
Fix collect lookups logic of FeatureVariationRecord
...
As "Offset to a feature table substitution table, from beginning of the FeatureVariations table."
from https://docs.microsoft.com/en-us/typography/opentype/spec/chapter2 the record should
match its sanitize logic not the reverse way.
Fixes https://crbug.com/oss-fuzz/20021 and https://crbug.com/oss-fuzz/20022
2020-01-11 15:37:24 +03:30
d2ab1ec65b
fixes oss-fuzz 19978: Null-dereference READ ( #2091 )
2020-01-10 07:54:16 +03:30
257a197ae7
Fail serialize when map has incorrect value
...
fixes https://crbug.com/oss-fuzz/19956
am not super happy with the fix, guess we should do some check
before the memcpy anyway as @blueshade7 thinks also,
so let's have it or revert it when we have a better approach for the case.
2020-01-09 22:55:45 +03:30
8ed46c3678
[fuzz] minor, add another already fixed case
...
https://crbug.com/oss-fuzz/19907
2020-01-07 23:43:53 +03:30
341407f7a5
[fuzz] minor, upload another fixed case
...
https://crbug.com/oss-fuzz/19878
2020-01-07 09:10:24 +03:30
7950beecfc
[subset] Fix null pointer dereference in hvar/vvar subset ( #2085 )
...
Rest of the code assumes there is at least one subtable, lets return here if not.
* https://crbug.com/oss-fuzz/19827
* https://crbug.com/oss-fuzz/19847
2020-01-06 21:25:00 +03:30
64a45be519
[ubsan] Don't decrease pointer if match_glyph_data is null ( #2048 )
...
Similar to fix on https://github.com/harfbuzz/harfbuzz/pull/2022
Fixes https://crbug.com/1023070
2019-11-09 12:25:33 +03:30
84b86a12d9
[fuzz] Remove just added case
...
It didn't fail locally but on bots causing timeout, let remove for now.
2019-11-06 09:22:34 +03:30
a8f049c9a1
[fuzz] Upload testcase of https://crbug.com/oss-fuzz/18529
...
Apparently false alarm per last comment and was ok locally also but lets have it here also
2019-11-05 22:26:36 +03:30
defe9b6da0
crash fix : Heap-buffer-overflow READ 2
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18513
2019-10-25 13:09:47 -07:00
b2fcca6e14
fuzzer crash fix
...
https://oss-fuzz.com/testcase-detail/5643107869917184
2019-10-24 16:11:30 -07:00
9815ca0338
[ci] Use custom subset fuzzer timeout for failing sanitizer bots
2019-10-25 00:16:23 +03:30
95ab110cd9
Optimize intersects_array to fix fuzzer timeout.
2019-10-22 13:33:50 -07:00
b33a0d628e
fuzzer crash fix: Null-dereference WRITE
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18363
2019-10-22 01:01:08 +03:30
e766783152
[fuzz] Add https://crbug.com/oss-fuzz/17898 testcase
2019-10-21 22:17:06 +03:30
831daf4c76
Enforce HB_MAX_LANGSYS limit during layout subsetting.
2019-10-18 15:10:30 -07:00
0665dce116
[fuzzer] Don't process output in debug mode as it causes timeout
2019-09-21 17:36:33 +04:30
d3b984d379
Revert in-house pow10 ( d80a3ea) and fix oss-fuzz/16922
...
Probably can be fixed but merging it was wrong so let's revert.
2019-09-02 18:28:03 +04:30
875985cd48
[subset] Don't allow malicious fonts to insert unlimited table headers
...
Fixes https://crbug.com/oss-fuzz/16810
2019-08-29 14:51:22 +04:30
Ebrahim Byagowi
Michiharu Ariza
Garret Rieger
ckitagawa
ckitagawa-work
Qunxin Liu