harfbuzz/test/fuzzing
Ebrahim Byagowi 269a120f13
[subset] Raise the bar in new vs old table size
https://crbug.com/oss-fuzz/16740

This is actually an interesting thing that {h,v}mtx allocates as
much as a font pretends to have glyphs but the solution is not
that obvious as regular fonts can have less than actually containing
metrics in their {h,v}mtx. This change raises the bar to consider this
hmtx 4 byte for every glyph case.

Initially we wanted to just find things allocating crazy amount of
memory but having the assert has led to interesting findings also
so let's don't remove the assert and see what we can find elsewhere.
2019-08-25 20:37:00 +04:30
..
fonts [subset] Raise the bar in new vs old table size 2019-08-25 20:37:00 +04:30
CMakeLists.txt Remove remains of get-codepoint-fuzzer 2018-10-11 17:31:29 -04:00
Makefile.am [valgrind] Use libtool and support run-subset-fuzzer-tests (#1668) 2019-04-28 11:54:07 -07:00
README Move all references of old url to the new address (#622) 2017-11-20 14:49:22 -05:00
hb-fuzzer.hh [fuzzer] Separate main() into a new file 2016-12-20 20:50:38 -06:00
hb-shape-fuzzer.cc test: Use nullptr in C++ code. (#1744) 2019-06-03 12:30:25 +04:30
hb-subset-fuzzer.cc [fuzz] Don't fail when blob is empty 2019-07-11 14:31:55 +04:30
main.cc [test] minor, fix -Weverything bot 2019-05-11 18:48:41 -04:00
run-shape-fuzzer-tests.py [ci][fuzzer] print valgrind failure if an error happened 2019-07-19 10:33:00 +04:30
run-subset-fuzzer-tests.py Increase subset fuzzer timeout to 16s 2019-08-11 23:34:48 +04:30

README

In order to build the fuzzer one needs to build HarfBuzz and
harfbuzz/test/fuzzing/hb-fuzzer.cc with:
  - Using the most recent Clang
  - With -fsanitize=address (or =undefined, or a combination)
  - With -fsanitize-coverage=edge[,8bit-counters,trace-cmp]
  - With various defines that limit worst case exponential behavior.
    See FUZZING_CPPFLAGS in harfbuzz/src/Makefile.am for the list.
  - link against libFuzzer

To run the fuzzer one needs to first obtain a test corpus as a directory
containing interesting fonts.  A good starting point is inside
harfbuzz/test/shaping/fonts/fonts/.
Then, run the fuzzer like this:
   ./hb-fuzzer -max_len=2048 CORPUS_DIR
Where max_len specifies the maximal length of font files to handle.
The smaller the faster.

For more details consult the following locations:
  - http://llvm.org/docs/LibFuzzer.html or
  - https://github.com/google/libfuzzer-bot/tree/master/harfbuzz
  - https://github.com/harfbuzz/harfbuzz/issues/139