Ebrahim Byagowi
d57fc627e9
[meson] raise timeout value of subset fuzzer
2020-03-24 19:06:09 +00:00
Ebrahim Byagowi
761695264b
[tests] Remove py2 workaround for lack of timeout in subprocess
2020-03-19 10:32:46 +00:00
Ebrahim Byagowi
b5526a09ff
[tools] Remove in-house 'which' now that we have py3
2020-03-19 10:32:46 +00:00
Garret Rieger
430bf69653
Add potentially crashing font as a fuzzer seed.
2020-03-14 00:55:47 +03:30
Ebrahim Byagowi
755a77d660
Move outline draw API behind HB_EXPERIMENTAL_API directive
2020-03-13 08:25:53 +03:30
Garret Rieger
834a224a50
[subset] Put a limit on the number of lookup indices that can be visited during closures
...
Fixes https://crbug.com/oss-fuzz/21025
2020-03-12 13:32:36 +03:30
Ebrahim Byagowi
c494d7abcd
Remove cmake testing and add meson build bot
...
CMake tests are broken anyway as py3 changes so let's get rid of them
2020-03-11 20:15:10 +03:30
Ebrahim Byagowi
1c3f80ba13
[meson] Minor updates
2020-03-11 20:15:10 +03:30
Khaled Hosny
04438554c8
meson: Update build files after rebase
2020-03-11 19:18:57 +03:30
Tim-Philipp Müller
618584e923
meson: rename incbase to incconfig
...
Makes it clearer what it's for: config.h. See #4 .
2020-03-11 19:18:57 +03:30
Mathieu Duponchelle
d4a7237327
meson: all tests passing on Windows / MSVC
2020-03-11 19:18:57 +03:30
Mathieu Duponchelle
7ee650b173
meson: refactor fuzzing test
2020-03-11 19:18:57 +03:30
Mathieu Duponchelle
920efc0ef7
Add Meson build definitions
...
Fixes #490
http://mesonbuild.com
2020-03-11 19:18:57 +03:30
Ebrahim Byagowi
0d729b4b72
[avar] Fix out-of-bound read when input is bigger than all the coords
...
'i' shouldn't become equal to array's length which as the increament
is happened at end of the loop, if the input is bigger than all the
table coords, it will be equal to array's length.
Fixes https://crbug.com/oss-fuzz/21092
2020-03-07 13:20:41 +03:30
Ebrahim Byagowi
446d1e3bbc
[fuzz] Add more of fixed cases
2020-03-05 00:49:03 +03:30
Ebrahim Byagowi
99b5b3f1b1
[gvar] Make sure TupleVarHeader has the needed size
...
Fixes https://crbug.com/oss-fuzz/21026
2020-03-04 12:43:26 +03:30
Ebrahim Byagowi
558f922788
[fuzz] Avoid empty memcpy and ubsan complain by length checking before memcpy
2020-03-03 21:39:22 +03:30
Ebrahim Byagowi
6543d166fd
[fuzz] Remove the not yet fixed timeout, going to investigate
2020-03-03 21:39:22 +03:30
Ebrahim Byagowi
2bbf1c8673
[fuzz] Add more of supposed to already be fixed cases from Chromium bug tracker
2020-03-03 21:39:22 +03:30
Ebrahim Byagowi
f253f06cf3
[fuzz] Add another fixed case
...
https://crbug.com/oss-fuzz/14626
another numerous subtables count which is fixed by d38360397
2020-03-03 19:12:04 +03:30
Ebrahim Byagowi
d383603976
Limit OT::Lookup subtables ( #2219 )
...
Fixes https://crbug.com/oss-fuzz/13943
2020-03-02 22:41:08 +03:30
Ebrahim Byagowi
29efd964f2
[fuzz] Add cases that marked as wontfix
...
Let's see if they were really false alarms, if so, let's just have them.
2020-03-02 14:22:29 +03:30
Ebrahim Byagowi
cb65150fec
[draw] minor
2020-02-29 16:12:54 +03:30
Ebrahim Byagowi
86c40b3a1d
[fuzz/draw] Call _get_glyph_extents
...
Other render related APIs also may be added also later such
as ot-color and future rendering things.
2020-02-29 14:53:34 +03:30
Michiharu Ariza
5ab50eebd7
collect_unicodes() with clamp, calling add_range()
...
Use add_range instead an inner loop, clamp its input number by
number of glyphs a face has.
Even the face cmap12 and 13 have 32-bit hb_codepoint_t, which is here
used to make timeout, face's maxp has 16-bit gid limitation at least for now,
using that makes sure we both fix and the timeout and don't need to change
much things here also in order to support 32-bit gids also someday.
Fixes #2204
2020-02-29 13:02:29 +03:30
Garret Rieger
410b4881d0
[subset] Add fuzzer timeout testcase.
2020-02-28 16:10:14 -08:00
Ebrahim Byagowi
e57ced5fc0
[gvar] Add other possibly fixed fuzzer case
...
Speculatively should've been fixed by 61208401
https://crbug.com/oss-fuzz/20924 related
2020-02-28 23:29:05 +03:30
Ebrahim Byagowi
758fda728b
[glyf] Don't accept gids higher than maxp's glyphs number
...
This specially becomes concerning on sub-components where a gvar table
that is sanitized using maxp's glyphs number overflows when a high gid
accepted here goes to it, maybe an additional check can be put there
also, this however feels to be enough.
Fixes https://crbug.com/oss-fuzz/20944
2020-02-28 23:19:06 +03:30
Ebrahim Byagowi
e90213868b
Revert "collect_unicodes() to check gid < num_glyphs with cmap 12"
...
Didn't fix the case actually, making bots to fail.
This reverts commit 15b43a4104
.
2020-02-28 21:24:51 +03:30
Ebrahim Byagowi
61208401f4
[gvar] Use hb_bytes_t.check_range instead having in house one
...
And use TupleVarHeader calculated size for validity check.
Fixes https://crbug.com/oss-fuzz/20919 and possibly other gvar related issues
2020-02-28 21:09:07 +03:30
Michiharu Ariza
15b43a4104
collect_unicodes() to check gid < num_glyphs with cmap 12
...
fixes #2204
2020-02-28 20:15:39 +03:30
Ebrahim Byagowi
868ecf7b26
[draw] Add fuzzer runner
2020-02-28 19:57:56 +03:30
Ebrahim Byagowi
8eba66c1c6
[gvar] Fix invalid memory access by refactoring GlyphVarData fetch logic
...
Fixes https://crbug.com/oss-fuzz/20906
2020-02-27 20:26:54 +03:30
ariza
a99134c5be
add oss-fuzz 20886 test file
2020-02-26 09:58:03 -08:00
Ebrahim Byagowi
1b8b863898
minor
2020-02-26 16:36:48 +03:30
Ebrahim Byagowi
132fcfbc47
[fuzz] minor don't abort main.cc when the file was empty or not found
2020-02-26 16:15:17 +03:30
Ebrahim Byagowi
84163c83d3
[draw] Skip commands and paths not contributing anything
...
They aren't contributing to rendering and making issue for stroking, let's skip them
ourselves as Skia does also https://skia-review.googlesource.com/c/skia/+/268166
They are useful for extracting extents and so which that functionality won't be effected by this change.
2020-02-26 16:09:28 +03:30
Ebrahim Byagowi
152000d9c7
[fuzz] Practice variations on font object
2020-02-25 21:16:57 +03:30
Ebrahim Byagowi
036d868913
[draw] Add a fuzzer
...
Specially checks correctness of the API semantics:
* no move happens when a path is already opened with move-to.
* no path will be left open and close-path will happen at the end of opened paths.
* no path opens with a move-to and will be closed with no length.
* paths start and ending points matches.
* no line/quadratic/cubic command will be issued when no path is started.
2020-02-25 19:09:44 +03:30
Ebrahim Byagowi
96b71e802f
[fuzz] make the custom loader to handle multiple files
...
Actually this was the way it used to work :)
2020-02-24 23:01:02 +03:30
Ebrahim Byagowi
8d19907704
Remove python2 support from tests/utils scripts
2020-02-19 16:17:45 +03:30
Ebrahim Byagowi
a94d1af193
[fuzz] minor style fixes
2020-02-12 19:30:31 +03:30
Ebrahim Byagowi
1c015d3e9f
[fuzz] minor fuzzer case move, oops
2020-02-12 19:19:37 +03:30
Ebrahim Byagowi
49341faee2
[fuzz] minor, move two fuzzer cases to their correct place
2020-02-12 19:17:18 +03:30
Ebrahim Byagowi
97229244eb
[fuzzer] Fix hb-set-fuzzer minor overflow issue
...
Size shouldn't be smaller than the struct not its pointer size.
Fixes https://crbug.com/oss-fuzz/20655
2020-02-12 15:41:51 +03:30
Garret Rieger
7b42403c1c
Add explicit values to the set fuzzer enums.
2020-02-11 13:25:44 -08:00
Garret Rieger
e805923310
Add a few basic seeds for the set fuzzer.
2020-02-11 13:25:44 -08:00
Ebrahim Byagowi
ff984ed3cd
Use multiplication to avoid undefined behaviour per clang
...
Newer versions of MSVC with /we4146 don't like putting negative sign behind a
unsigned number as https://github.com/harfbuzz/harfbuzz/pull/2069
That however have made https://crbug.com/1050424 this complain:
src/hb-ot-color-sbix-table.hh:304:28: runtime error: negation of -2147483648 cannot be represented in type 'int';
cast to an unsigned type to negate this value to itself
which apparently can be fixed using this change.
Let's see if this won't make another ubsan complain!
2020-02-11 19:51:52 +03:30
Garret Rieger
bca9bc6b92
Add hb-set-fuzzer.
...
It fuzzes all of the hb_set process methods (intersection, subtraction, union, and symmetric difference).
2020-02-11 03:08:39 +03:30
ckitagawa
e128f80278
parent 777ba47b50
...
author ckitagawa <ckitagawa@chromium.org> 1579631743 -0500
committer ckitagawa <ckitagawa@chromium.org> 1580506176 -0500
[subset] Add CBLC support
2020-01-31 16:37:30 -05:00