#include "hb-fuzzer.hh" #include #include #include #define TEST_OT_FACE_NO_MAIN 1 #include "../api/test-ot-face.c" #undef TEST_OT_FACE_NO_MAIN extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size) { alloc_state = _fuzzing_alloc_state (data, size); hb_blob_t *blob = hb_blob_create ((const char *)data, size, HB_MEMORY_MODE_READONLY, nullptr, nullptr); hb_face_t *face = hb_face_create (blob, 0); hb_font_t *font = hb_font_create (face); hb_ot_font_set_funcs (font); hb_font_set_scale (font, 12, 12); unsigned num_coords = 0; if (size) num_coords = data[size - 1]; num_coords = hb_ot_var_get_axis_count (face) > num_coords ? num_coords : hb_ot_var_get_axis_count (face); int *coords = (int *) calloc (num_coords, sizeof (int)); if (size > num_coords + 1) for (unsigned i = 0; i < num_coords; ++i) coords[i] = ((int) data[size - num_coords + i - 1] - 128) * 10; hb_font_set_var_coords_normalized (font, coords, num_coords); free (coords); { const char text[] = "ABCDEXYZ123@_%&)*$!"; hb_buffer_t *buffer = hb_buffer_create (); hb_buffer_set_flags (buffer, (hb_buffer_flags_t) (HB_BUFFER_FLAG_VERIFY /* | HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT */)); hb_buffer_add_utf8 (buffer, text, -1, 0, -1); hb_buffer_guess_segment_properties (buffer); hb_shape (font, buffer, nullptr, 0); hb_buffer_destroy (buffer); } uint32_t text32[16] = {0}; unsigned int len = sizeof (text32); if (size < len) len = size; if (len) memcpy (text32, data + size - len, len); /* Misc calls on font. */ text32[10] = test_font (font, text32[15]) % 256; hb_buffer_t *buffer = hb_buffer_create (); // hb_buffer_set_flags (buffer, (hb_buffer_flags_t) (HB_BUFFER_FLAG_VERIFY | HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT)); hb_buffer_add_utf32 (buffer, text32, sizeof (text32) / sizeof (text32[0]), 0, -1); hb_buffer_guess_segment_properties (buffer); hb_shape (font, buffer, nullptr, 0); hb_buffer_destroy (buffer); hb_font_destroy (font); hb_face_destroy (face); hb_blob_destroy (blob); return 0; }