e1a5ce6aa6
Fix fuzzer crash testcase
...
Add a check for stringOffSet(uint16) overflow,
return early if overflow happens
6 years ago
0ff3618c2d
[subset] Use hb_subset_input_t inside of subset_options_t so that input defaults are shared between the library and cli.
6 years ago
9ef241cd40
[test] Add one more
6 years ago
3efb7af7e2
[STAT] Fix sanitize condition
...
Oops!
Fixes https://oss-fuzz.com/testcase-detail/5696825891225600
6 years ago
30c059a978
[test] minor, fix -Weverything bot
6 years ago
25531a3039
[test] minor
...
style fix and add return statement
6 years ago
25a5b287f2
Fix sanitize fail of extension sublookups
...
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=960331
6 years ago
df237d2fe7
[test] Add https://crbug.com/oss-fuzz/14641 testcase
...
As 503748d
6 years ago
6d6edc8b25
[valgrind] Use libtool and support run-subset-fuzzer-tests ( #1668 )
6 years ago
62c6e17072
[test] Add crbug.com/oss-fuzz/14474 testcase
...
Fixed at 6977a95f
6 years ago
ba0386060d
fix oss-fuzz issue 14345
6 years ago
b7384c89e2
[fuzzing] Run valgrind with --leak-check=full
6 years ago
3ff66c0029
[fuzzing] Fail if valgrind is requested but not found
6 years ago
ec2a5dc859
Use class templates for Null objects
...
This allows partial-instantiating custom Null object for template Lookup<T>.
Before, this had to be handcoded per instantiation. Apparently I missed
adding one for AAT::ankr.lookupTable, so it was getting the wrong (generic)
null for Lookup object, which is wrong and unsafe.
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=944346
6 years ago
bcb4e505d6
cff2 subset fuzzer issues ( #1619 )
...
* add check to FDArray::serialize
* add test files
* fix off by one
6 years ago
dc04261a5b
[subset] Update the subset fuzzer to determine which options to use based on data in the fuzzing test case.
...
Add support for toggling retain_gids.
6 years ago
6879efc2c1
[AAT] Fix anchor bound checking, again
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12532
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=922303
6 years ago
91d774712f
[test] Add test for previous commit
6 years ago
7a6686a589
[AAT] Fix mort ContextualSubtable offset access
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12312
6 years ago
a3fa7d3336
[AAT] Fix ankr table access
...
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=918340
6 years ago
798e98c47b
[CFF] bad offset in Index ( #1476 )
...
* Update hb-ot-cff-common.hh
* fix bug
* bummer fix wasn't hit. refix
* additional sanity check
* Added test cases for oss-fuzz issues 11805, 11806
6 years ago
bcb4ecaf68
[CFF] check out of range FD index ( #1477 )
...
* add fd index checks to subr subsetter
also added oss-fuzz test case
* undid SubrSubsetParam::is_valid
because already validated by SubrClosures.valid
6 years ago
2941208f1e
[CFF] oss-fuzz issue 11690 ASSERT: substr.offset >= opStart ( #1461 )
...
* fix oss-fuzz 11690: substr.offset >= opStart
detect recursive subroutine call & handle as error
* fix build failure
* add minimized test case for oss-fuzz 11690
* removed asserts
6 years ago
ae087d10c2
add minimized test case for oss-fuzz issue 11714
6 years ago
9d8f3b0dfb
add minimized test case for oss-fuzz issue 11713
6 years ago
72d8f76368
add minimized test case for oss-fuzz issue 11691
6 years ago
6708c5595f
fix oss-fuzz issue 11675 (ASSERT: count <= str.len)
...
Also added an additional error check to avail ()
6 years ago
010e2ddb38
minimized test case for oss-fuzz issue 11674
6 years ago
32cc46c75a
[CFF] fix oss-fuzz issue 11670: NULL dereference ( #1450 )
...
* guard against no subr access
* code tweak
* add minimized testcase for oss-fuzz 11670 (Null deference)
6 years ago
78f639b8bf
added minimized testcase for oss-fuzz issue 11657
6 years ago
b61f74f69a
added minimized test case for oss-fuzz issue 11662
6 years ago
9424e80526
added minimized test cases
6 years ago
84efe0438e
[aat] Fix division sign fallout
...
Happened after 11d2f49af8
6 years ago
1204a247a5
[fuzzing] Add tests for previous commit
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11526
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11522
6 years ago
2c8188bf59
[kerx] Make sure subtables are non-zero-length
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11400
6 years ago
8982830d3e
[subset] add fuzzer testcase.
6 years ago
5212cd8af2
[fuzzing] Add new test
6 years ago
d6666b3866
[fuzzing] Remove limited-edition build of libraries
...
Use normal, production, shared libraries.
Fixes https://github.com/harfbuzz/harfbuzz/issues/1237
6 years ago
a549aa14a0
[kerx] Protect against stack underflow
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11367
6 years ago
752bd8a192
[kerx] Fix Format1 tupleKern sanitization
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11312
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11305
6 years ago
f9e0552deb
[fuzzing] Make "make lib" faster and more usable
6 years ago
3a9fa8c026
[qsort] Fix O(N^2) behavior if all array elements are the same
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11327
Reported as https://github.com/noporpoise/sort_r/issues/7
6 years ago
0bf76154f1
[fuzzing] Take whatever text we can
6 years ago
8790b2740a
[fuzzing] Fix test
6 years ago
3af0a7edd0
[fuzzing] Add make check-valgrind
6 years ago
6482fda519
[fuzzing] Fuzz glyph-id etc in test-ot-face
6 years ago
bce437cf0b
[test] Call test-ot-face.c test from hb-shape-fuzzer
...
Should increase coverage...
6 years ago
c560ca9251
[fuzz] A new testcase
6 years ago
69297bb216
[fuzzing] Call hb-ot-color API
6 years ago
0af3d176a6
[sbix] Fix memory leak in early return
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11210
6 years ago
Qunxin Liu
Garret Rieger
Behdad Esfahbod
Ebrahim Byagowi
Michiharu Ariza
Behdad Esfahbod
Khaled Hosny