kmx git

Commit	Date	Message
62e803b3	2022-06-01T07:38:21	[sbix] Limit glyph extents Fixes https://github.com/harfbuzz/harfbuzz/issues/3557
5a058ba1	2022-05-31T05:35:17	[shape-fuzzer] Add commented out more buffer-verify option Those currently fail and I've been unable to debug them. I tried two, passing them to hb-shape doesn't reproduce the failure. :(
189f6534	2022-02-13T13:22:08	[fuzz-shape] Verify shape output Let the fuzzers loose on shape verify.
8f9f0c49	2022-05-10T17:47:08	[subset] Enforce cmap12 group ordering constraints in collect_mapping. Fixes fuzzer issue: https://oss-fuzz.com/testcase-detail/6365271012540416
b051f3fa	2022-05-05T23:27:34	[subset] Fix cpal subsetting when there are partial palette overlaps. The existing code doesn't correctly handle the case where palettes partially overlap in the color record array. This changes the subsetting to only share entries in the color record array when palettes have the same first color index. Partially overlapping palettes will be converted to disjoint segments in the color record array. Updates one of the color tests to use multiple palettes. Also fixes fuzzer: https://oss-fuzz.com/testcase-detail/5568200165687296.
ca8a0f3e	2022-05-06T11:54:38	[gvar] Protect against out-of-range access Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47281 Fixes https://oss-fuzz.com/testcase-detail/5508865908670464
a665e29e	2022-03-23T17:30:25	[use] Avoid O(n^2) in the machine Fixes https://github.com/harfbuzz/harfbuzz/issues/3502
03085132	2022-03-21T18:06:33	[buffer] Fix out-buffer under memory-alloc failure This was broken in July refactoring of the buffer, and exposed to ReverseChainSingleSubstFormat1 in 3807061d634b60bd6235d6e1d8c47a034377f924 Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38800 https://bugs.chromium.org/p/chromium/issues/detail?id=1303552
151f2058	2022-02-10T16:27:18	[draw] Emit move_to immediately, like other operators
f1a9a9cc	2022-02-03T14:10:40	[draw-state] Pass state down to callbacks
1740916e	2022-02-03T12:50:47	[draw] Remove check for no-op This is unnecessary overhead. Up to rasterizers to handle this. Plus, this throws off point-numbers in uses that rely on it. Disabled one test that broke with this.
8b4f4290	2022-02-03T01:14:47	[draw] Virtualize hb_font_draw_glyph() into hb_font_get_glyph_shape() To be implemented in hb-ft.
2bed4f46	2022-02-02T21:42:48	[draw] Fix draw signatures
08e10966	2022-02-02T19:01:42	[draw-fuzzer] Fix signatures
e0ac6c58	2022-02-02T18:57:12	Remove remaining traces of HB_EXPERIMENTAL_API
b263371b	2022-02-12T15:06:47	Merge pull request #3398 from harfbuzz/buffer-verify Add HB_BUFFER_FLAG_VERIFY
af407dd2	2022-02-12T13:53:16	Add a fuzzer font
4e2f409b	2022-01-31T12:20:32	[subset] Don't hold references to members of the active_glyph_stack. These references may get invalidated after the vector for the stack is resized. Fixes: https://oss-fuzz.com/testcase-detail/5422577634377728
61856359	2022-01-28T14:07:29	[fuzz] Disable verification for now.
6596e42d	2022-01-28T13:55:24	[fuzz] Verify shape results
e2e30506	2022-01-16T07:00:53	Fix various typos Found via `codespell -q 3 -S ./perf/texts -L actualy,ba,beng,fo,gir,inout,nd,ot,pres,ro,te,teh,timne`
87496bf6	2022-01-13T11:03:45	[subset] fix fuzzer timeout if visisted_paint goes into error.
067f90a8	2021-12-14T16:24:38	[subset] Fix for fuzzer timeout. Fixes https://oss-fuzz.com/testcase-detail/5549945449480192 In prune_langsys: move LangSys visited check up before any work is done for a LangSys. In this particular case the compare() method is responsible for the majority of the time spent and wasn't being guarded with a visisted check.
c4573c2e	2021-12-14T14:49:15	[repacker] don't infinite loop if visited or roots is in error. Fixes https://oss-fuzz.com/testcase-detail/5205038086094848
69d8f27c	2021-11-20T17:09:15	[meson] Require 0.55.0 We implicitly require it for building ragel subproject. This new version requirement should satisfied in both Fedora 33 and Debian bullseye, and not be too cutting edge for us.
ace98cc6	2021-11-08T15:47:56	[subset] Only sanitize recursion depth in COLR.
f51b48c8	2021-11-02T16:16:52	[subset] Fix fuzzer found memory leak. Happens because an insert into a map with an invalid key reports successful, but this causes the set being inserted to be lost.
0a7563a5	2021-11-01T14:56:14	[subset] fuzzer fix: https://oss-fuzz.com/testcase?key=6254792024915968 Make sure input is valid, each gid has a corresponding offset value in the map
85deddb1	2021-10-27T14:36:02	[subset] fuzzer fix: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40406
794b00db	2021-09-27T17:21:16	[subset] fuzzer fix: https://oss-fuzz.com/testcase-detail/6616166961905664
74f96d9d	2021-09-17T13:46:07	[repacker] fix heap use after free in repacker. Don't store a reference to the link in overflow records as the link object may be freed if the sorted graph vector is resized.
fb07f8f8	2021-08-23T15:33:57	During subset input creation check for set alloc failures and fail if encountered.
dc31920b	2021-08-18T14:20:14	Don't serialize null offsets in CPAL. Fixes https://oss-fuzz.com/testcase-detail/5443213648330752
c0f3af91	2021-08-11T16:20:05	[subset] speed up add_gid_and_children and adjust op limit. Fix for fuzzer timeout: https://oss-fuzz.com/testcase-detail/5001604901240832. - Operation limit is per glyph, so 100,000 should still be far more than needed. - Switches from for(...) to while(...) loop for iteration. for(...) calls it.end() which in this case triggers a complete iteration. - Cache CompositeGlyph size in the iterator to avoid needing to recalculate it.
c08f1b89	2021-08-10T12:29:32	[map] fix incorrect population count in hash map. If the same key was set twice the population was being incorrectly incremented.
8c0c217b	2021-08-06T10:45:38	[subset] fail reference blob in face builder if allocation for table sorting fails. Fixes https://oss-fuzz.com/testcase-detail/5041767803125760
5086e105	2021-07-29T17:03:55	[test] Add failing fuzzer test case From https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36236 https://oss-fuzz.com/testcase-detail/5061207689134080
f9d8e4a9	2021-07-29T15:25:41	[subset] switch ..._set_flags to not take a mask.
3d534b14	2021-07-29T11:52:14	[subset] convert subset input flags into bit flags. Store the flags in a bit set. Updates the public api to work with the bit set directly.
0ded6a70	2021-07-28T11:28:38	[subset] Fix another fuzzer issue Addition could overflow on 32bit arch. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36636 Fixes https://oss-fuzz.com/testcase-detail/5072358514753536
09474d8d	2021-06-29T16:07:14	[subset] Fix fuzzer timeout in add_gid_and_children. The composite glyph graph isn't check for max operations by sanitize so track an operations count during the graph traversal.
c68a00b9	2021-07-27T13:25:22	[subset] Fix possible overflows in VarRegionList serialize Fixes https://oss-fuzz.com/testcase-detail/5362189182566400
9ab751ac	2021-06-23T13:38:47	[subset] Remove hb_subset(). Leaving just hb_subset_or_fail().
942636ae	2021-06-09T16:18:39	[subset] Remove hb_subset_input_get/set_retain_gids.
8bf5d4d4	2021-06-09T14:05:17	[subset] Remove hb_subset_input_get/set_drop_hints.
7416face	2021-07-07T11:27:49	[subset] fuzzer fix: https://oss-fuzz.com/testcase-detail/5715464591376384
bc06af97	2021-06-16T15:49:14	[subset] speed up feature collection when tags are specified. Precompute a feature index filter to avoid needing to iterate the feature tag list for each encountered feature index. For this particular fuzzer case speeds up feature collection from 50s to 2s.
675ebbeb	2021-06-16T10:40:46	[subset] don't alloc zero bytes. It will be leaked later since hb_blob_create() won't set up the blob to cleanup since it has length zero.
bdfed8f1	2021-06-14T15:46:04	[blob] Add failing versions of create API Fixes https://github.com/harfbuzz/harfbuzz/issues/2567 New API: +hb_blob_create_or_fail() +hb_blob_create_from_file_or_fail() Use these in util/ to distinguish empty file from not-found file. Only err on the latter.
35d6af69	2021-06-04T10:04:27	[subset] fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5965777994907648
1b6008ca	2021-06-02T15:07:18	fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5417934246772736
7ab0f4ed	2021-05-27T11:40:34	fuzzer fix
425ba1f4	2021-04-19T18:01:24	[subset] fixes infinite loop in hb_set_get_max(). Fixes https://oss-fuzz.com/testcase-detail/5363902507515904
ec432106	2021-04-19T17:18:05	[subset] fix infinite loop caused by alloc failure in repacker. Fixes: https://oss-fuzz.com/testcase-detail/5609112151916544.
0e845d97	2021-04-19T16:09:37	[subset] fix memory leak in repacker caused by failed alloc. Fixes: https://oss-fuzz.com/testcase-detail/5616763250278400.
3fb62cdc	2021-04-05T15:48:34	[subset] fail on offset overflow in tables that we don't repack. Fixes: https://oss-fuzz.com/testcase-detail/5229304507138048
9dc9f038	2021-04-08T11:00:17	[subset] fix for fuzzer testcase: https://oss-fuzz.com/testcase-detail/5858518134554624
4af5dace	2021-04-07T10:56:49	[subset] add fuzzer testcase
64122b5a	2021-04-05T12:53:08	[subset] don't visit lookup if covered glyph set has failed. If covered glyph set is in error then the same lookup can be recursed into repeatedly potentially causing a fuzzer timeout. Fixes: https://oss-fuzz.com/testcase-detail/5416421032067072.
71d6d156	2021-04-05T12:03:17	[subset] clamp distance to prevent shifting outside of the limits of int64. Fixes https://oss-fuzz.com/testcase-detail/4961171477233664.
c5c13006	2021-03-31T11:23:46	[subset] fix memory leaks found in https://oss-fuzz.com/testcase-detail/5179935334465536
adca4ce0	2021-03-30T13:20:50	[subset] fixes https://oss-fuzz.com/testcase-detail/6173520787800064. Caused by incorrect bounds check in glyph closure for context lookups.
752e393a	2021-03-29T17:23:33	[subset] avoid calling clear on null pool set.
8741914a	2021-03-29T16:39:44	[subset] fix memory leak when map insert fails.
5b6da6d2	2021-03-29T16:19:17	[subset] add fuzzer test case.
a804a0c9	2021-03-29T14:25:20	[subset] add fuzzer test case.
f2d08578	2021-03-16T00:19:40	[tests] Increase shape-fuzzer timeout
5ca353a2	2021-02-12T15:16:59	[subset] fix heap buffer overflow found by fuzzer.
33a0f0b6	2021-02-09T12:55:45	[test] Remove fuzzed test font that triggers virus alert Fixes https://github.com/harfbuzz/harfbuzz/issues/2750
f94bf9f0	2021-01-25T15:57:42	[set fuzzer] limit the total number of set members in a fuzzing input. Currently the fuzzer can create arbitarily long inputs which once big enough will trigger a timeout.
a4c3732f	2020-09-16T12:35:09	[ENOMEM] fix set clear() causing corruption if the set is in_error().
84dd65a8	2020-10-13T20:21:28	[test] Remove timeout from test runners See https://github.com/harfbuzz/harfbuzz/issues/2707#issuecomment-707744079 This wasn’t inconsistent as well, HB_TEST_SUBSET_FUZZER_TIMEOUT defaulted to 12 in the test runner, but it was overridden to 50 in meson.build, and then meson has its own test timeout.
bbbcad0d	2020-09-16T11:19:40	Revert "[ENOMEM] don't perform set process operations if the other set is in an error state." This reverts commit f3929abafe3b64f15d0dc2d21ad7b493eeb92dfe.
f3929aba	2020-09-15T13:06:36	[ENOMEM] don't perform set process operations if the other set is in an error state. Running a process while the other set is in an error state can potentially corrupt this sets map map (for example by overwritting all of the major values with 0).
8c3d4de7	2020-09-09T12:38:34	[subset] Fix integer underflow in ContextFormat2.
9825e3dd	2020-08-26T17:31:50	[ENOMEM] fix access to unitialized memory. If the serialize() call fails to write the object then we can't safely read varstore_prime fields. Fixes https://oss-fuzz.com/testcase-detail/5137462782066688.
1e48225c	2020-08-13T23:22:14	[ENOMEM] Check whether serialize context isn't in error
6e32145d	2020-08-13T00:13:06	[meson] Make compatbile with 0.47.0
9562239f	2020-08-12T13:01:22	[ENOMEM] check for error in lookup visited set.
6f754852	2020-08-11T15:40:47	[ENOMEM] skip asserts in to_bias if serializer is in an error state.
057769b1	2020-08-12T02:30:33	[fuzzer] minor
04179380	2020-08-12T02:19:06	[fuzzer] Mark alloc_state as unused It is really unused when failing-alloc isn't on.
51933578	2020-08-11T23:51:59	Revert "Remove autotools build support" This reverts commit 01ac32aab2109681abc58bb2f96a4ef4a7f0c6df.
ffe06c8f	2020-08-08T13:17:34	[glyf] Guard all the public APIs against null pool runs Fixes https://crbug.com/oss-fuzz/24575 and https://crbug.com/oss-fuzz/24737
01ac32aa	2020-08-02T11:35:55	Remove autotools build support
679fac87	2020-07-30T15:29:43	Skip hb_shape if buffer object is immutable
18ab8029	2020-07-31T14:40:49	[ENOMEM] check vector status in cmap subsetting.
06dbb6ac	2020-07-31T15:56:14	[ENOMEM] in GSUB ChainContext subsetting check maps for allocation errors.
fb147779	2020-07-31T14:00:38	[ENOMEM] Check result of vector resize in CBDT subsetting.
efd716de	2020-07-31T08:58:53	[cff] Check for scalars array resize result Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24504
040ed094	2020-07-30T15:14:02	[ENOMEM] popragate packed/packed_map errors to the serializer. Will disable further modifications based on a bad state.
7f358a55	2020-07-30T13:57:30	[ENOMEM] unchecked resize in CFF2.
32f052b0	2020-07-30T13:45:04	[ENOMEM] Fix several instances of not checking resize in CFF.
15644ee6	2020-07-29T16:37:39	[ENOMEM] fix memory leak if allocation fails during pop_pack().
42237adf	2020-07-29T15:18:25	[ENOMEM] make serializer modification operations no-ops if it's in an error state.
4ba8e3c6	2020-07-29T12:33:42	[ENOMEM] Fix failure to check calloc return. Fixes https://oss-fuzz.com/testcase-detail/6246465148813312.
d307c24a	2020-07-29T12:23:37	[ENOMEM] check resize() return. Fixes https://oss-fuzz.com/testcase-detail/5641892164009984.
48ad7459	2020-07-29T08:09:08	[ENOMEM] Fix buffer's content check logic So now rest of shape fuzzer also can be enabled. Fixes #2571
c33e8006	2020-07-14T19:29:58	[fuzz] Implement failing allocator
5c46683a	2020-07-22T17:23:22	[fuzz] increase shape fuzzer timeout as https://circleci.com/gh/harfbuzz/harfbuzz/149203

62e803b3

2022-06-01T07:38:21

[sbix] Limit glyph extents Fixes https://github.com/harfbuzz/harfbuzz/issues/3557

5a058ba1

2022-05-31T05:35:17

[shape-fuzzer] Add commented out more buffer-verify option Those currently fail and I've been unable to debug them. I tried two, passing them to hb-shape doesn't reproduce the failure. :(

189f6534

2022-02-13T13:22:08

[fuzz-shape] Verify shape output Let the fuzzers loose on shape verify.

8f9f0c49

2022-05-10T17:47:08

[subset] Enforce cmap12 group ordering constraints in collect_mapping. Fixes fuzzer issue: https://oss-fuzz.com/testcase-detail/6365271012540416

b051f3fa

2022-05-05T23:27:34

[subset] Fix cpal subsetting when there are partial palette overlaps. The existing code doesn't correctly handle the case where palettes partially overlap in the color record array. This changes the subsetting to only share entries in the color record array when palettes have the same first color index. Partially overlapping palettes will be converted to disjoint segments in the color record array. Updates one of the color tests to use multiple palettes. Also fixes fuzzer: https://oss-fuzz.com/testcase-detail/5568200165687296.

ca8a0f3e

2022-05-06T11:54:38

[gvar] Protect against out-of-range access Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47281 Fixes https://oss-fuzz.com/testcase-detail/5508865908670464

a665e29e

2022-03-23T17:30:25

[use] Avoid O(n^2) in the machine Fixes https://github.com/harfbuzz/harfbuzz/issues/3502

03085132

2022-03-21T18:06:33

[buffer] Fix out-buffer under memory-alloc failure This was broken in July refactoring of the buffer, and exposed to ReverseChainSingleSubstFormat1 in 3807061d634b60bd6235d6e1d8c47a034377f924 Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38800 https://bugs.chromium.org/p/chromium/issues/detail?id=1303552

151f2058

2022-02-10T16:27:18

[draw] Emit move_to immediately, like other operators

f1a9a9cc

2022-02-03T14:10:40

[draw-state] Pass state down to callbacks

1740916e

2022-02-03T12:50:47

[draw] Remove check for no-op This is unnecessary overhead. Up to rasterizers to handle this. Plus, this throws off point-numbers in uses that rely on it. Disabled one test that broke with this.

8b4f4290

2022-02-03T01:14:47

[draw] Virtualize hb_font_draw_glyph() into hb_font_get_glyph_shape() To be implemented in hb-ft.

2bed4f46

2022-02-02T21:42:48

[draw] Fix draw signatures

08e10966

2022-02-02T19:01:42

[draw-fuzzer] Fix signatures

e0ac6c58

2022-02-02T18:57:12

Remove remaining traces of HB_EXPERIMENTAL_API

b263371b

2022-02-12T15:06:47

Merge pull request #3398 from harfbuzz/buffer-verify Add HB_BUFFER_FLAG_VERIFY

af407dd2

2022-02-12T13:53:16

Add a fuzzer font

4e2f409b

2022-01-31T12:20:32

[subset] Don't hold references to members of the active_glyph_stack. These references may get invalidated after the vector for the stack is resized. Fixes: https://oss-fuzz.com/testcase-detail/5422577634377728

61856359

2022-01-28T14:07:29

[fuzz] Disable verification for now.

6596e42d

2022-01-28T13:55:24

[fuzz] Verify shape results

e2e30506

2022-01-16T07:00:53

Fix various typos Found via `codespell -q 3 -S ./perf/texts -L actualy,ba,beng,fo,gir,inout,nd,ot,pres,ro,te,teh,timne`

87496bf6

2022-01-13T11:03:45

[subset] fix fuzzer timeout if visisted_paint goes into error.

067f90a8

2021-12-14T16:24:38

[subset] Fix for fuzzer timeout. Fixes https://oss-fuzz.com/testcase-detail/5549945449480192 In prune_langsys: move LangSys visited check up before any work is done for a LangSys. In this particular case the compare() method is responsible for the majority of the time spent and wasn't being guarded with a visisted check.

c4573c2e

2021-12-14T14:49:15

[repacker] don't infinite loop if visited or roots is in error. Fixes https://oss-fuzz.com/testcase-detail/5205038086094848

69d8f27c

2021-11-20T17:09:15

[meson] Require 0.55.0 We implicitly require it for building ragel subproject. This new version requirement should satisfied in both Fedora 33 and Debian bullseye, and not be too cutting edge for us.

ace98cc6

2021-11-08T15:47:56

[subset] Only sanitize recursion depth in COLR.

f51b48c8

2021-11-02T16:16:52

[subset] Fix fuzzer found memory leak. Happens because an insert into a map with an invalid key reports successful, but this causes the set being inserted to be lost.

0a7563a5

2021-11-01T14:56:14

[subset] fuzzer fix: https://oss-fuzz.com/testcase?key=6254792024915968 Make sure input is valid, each gid has a corresponding offset value in the map

85deddb1

2021-10-27T14:36:02

[subset] fuzzer fix: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40406

794b00db

2021-09-27T17:21:16

[subset] fuzzer fix: https://oss-fuzz.com/testcase-detail/6616166961905664

74f96d9d

2021-09-17T13:46:07

[repacker] fix heap use after free in repacker. Don't store a reference to the link in overflow records as the link object may be freed if the sorted graph vector is resized.

fb07f8f8

2021-08-23T15:33:57

During subset input creation check for set alloc failures and fail if encountered.

dc31920b

2021-08-18T14:20:14

Don't serialize null offsets in CPAL. Fixes https://oss-fuzz.com/testcase-detail/5443213648330752

c0f3af91

2021-08-11T16:20:05

[subset] speed up add_gid_and_children and adjust op limit. Fix for fuzzer timeout: https://oss-fuzz.com/testcase-detail/5001604901240832. - Operation limit is per glyph, so 100,000 should still be far more than needed. - Switches from for(...) to while(...) loop for iteration. for(...) calls it.end() which in this case triggers a complete iteration. - Cache CompositeGlyph size in the iterator to avoid needing to recalculate it.

c08f1b89

2021-08-10T12:29:32

[map] fix incorrect population count in hash map. If the same key was set twice the population was being incorrectly incremented.

8c0c217b

2021-08-06T10:45:38

[subset] fail reference blob in face builder if allocation for table sorting fails. Fixes https://oss-fuzz.com/testcase-detail/5041767803125760

5086e105

2021-07-29T17:03:55

[test] Add failing fuzzer test case From https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36236 https://oss-fuzz.com/testcase-detail/5061207689134080

f9d8e4a9

2021-07-29T15:25:41

[subset] switch ..._set_flags to not take a mask.

3d534b14

2021-07-29T11:52:14

[subset] convert subset input flags into bit flags. Store the flags in a bit set. Updates the public api to work with the bit set directly.

0ded6a70

2021-07-28T11:28:38

[subset] Fix another fuzzer issue Addition could overflow on 32bit arch. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36636 Fixes https://oss-fuzz.com/testcase-detail/5072358514753536

09474d8d

2021-06-29T16:07:14

[subset] Fix fuzzer timeout in add_gid_and_children. The composite glyph graph isn't check for max operations by sanitize so track an operations count during the graph traversal.

c68a00b9

2021-07-27T13:25:22

[subset] Fix possible overflows in VarRegionList serialize Fixes https://oss-fuzz.com/testcase-detail/5362189182566400

9ab751ac

2021-06-23T13:38:47

[subset] Remove hb_subset(). Leaving just hb_subset_or_fail().

942636ae

2021-06-09T16:18:39

[subset] Remove hb_subset_input_get/set_retain_gids.

8bf5d4d4

2021-06-09T14:05:17

[subset] Remove hb_subset_input_get/set_drop_hints.

7416face

2021-07-07T11:27:49

[subset] fuzzer fix: https://oss-fuzz.com/testcase-detail/5715464591376384

bc06af97

2021-06-16T15:49:14

[subset] speed up feature collection when tags are specified. Precompute a feature index filter to avoid needing to iterate the feature tag list for each encountered feature index. For this particular fuzzer case speeds up feature collection from 50s to 2s.

675ebbeb

2021-06-16T10:40:46

[subset] don't alloc zero bytes. It will be leaked later since hb_blob_create() won't set up the blob to cleanup since it has length zero.

bdfed8f1

2021-06-14T15:46:04

[blob] Add failing versions of create API Fixes https://github.com/harfbuzz/harfbuzz/issues/2567 New API: +hb_blob_create_or_fail() +hb_blob_create_from_file_or_fail() Use these in util/ to distinguish empty file from not-found file. Only err on the latter.

35d6af69

2021-06-04T10:04:27

[subset] fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5965777994907648

1b6008ca

2021-06-02T15:07:18

fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5417934246772736

7ab0f4ed

2021-05-27T11:40:34

fuzzer fix

425ba1f4

2021-04-19T18:01:24

[subset] fixes infinite loop in hb_set_get_max(). Fixes https://oss-fuzz.com/testcase-detail/5363902507515904

ec432106

2021-04-19T17:18:05

[subset] fix infinite loop caused by alloc failure in repacker. Fixes: https://oss-fuzz.com/testcase-detail/5609112151916544.

0e845d97

2021-04-19T16:09:37

[subset] fix memory leak in repacker caused by failed alloc. Fixes: https://oss-fuzz.com/testcase-detail/5616763250278400.

3fb62cdc

2021-04-05T15:48:34

[subset] fail on offset overflow in tables that we don't repack. Fixes: https://oss-fuzz.com/testcase-detail/5229304507138048

9dc9f038

2021-04-08T11:00:17

[subset] fix for fuzzer testcase: https://oss-fuzz.com/testcase-detail/5858518134554624

4af5dace

2021-04-07T10:56:49

[subset] add fuzzer testcase

64122b5a

2021-04-05T12:53:08

[subset] don't visit lookup if covered glyph set has failed. If covered glyph set is in error then the same lookup can be recursed into repeatedly potentially causing a fuzzer timeout. Fixes: https://oss-fuzz.com/testcase-detail/5416421032067072.

71d6d156

2021-04-05T12:03:17

[subset] clamp distance to prevent shifting outside of the limits of int64. Fixes https://oss-fuzz.com/testcase-detail/4961171477233664.

c5c13006

2021-03-31T11:23:46

[subset] fix memory leaks found in https://oss-fuzz.com/testcase-detail/5179935334465536

adca4ce0

2021-03-30T13:20:50

[subset] fixes https://oss-fuzz.com/testcase-detail/6173520787800064. Caused by incorrect bounds check in glyph closure for context lookups.

752e393a

2021-03-29T17:23:33

[subset] avoid calling clear on null pool set.

8741914a

2021-03-29T16:39:44

[subset] fix memory leak when map insert fails.

5b6da6d2

2021-03-29T16:19:17

[subset] add fuzzer test case.

a804a0c9

2021-03-29T14:25:20

[subset] add fuzzer test case.

f2d08578

2021-03-16T00:19:40

[tests] Increase shape-fuzzer timeout

5ca353a2

2021-02-12T15:16:59

[subset] fix heap buffer overflow found by fuzzer.

33a0f0b6

2021-02-09T12:55:45

[test] Remove fuzzed test font that triggers virus alert Fixes https://github.com/harfbuzz/harfbuzz/issues/2750

f94bf9f0

2021-01-25T15:57:42

[set fuzzer] limit the total number of set members in a fuzzing input. Currently the fuzzer can create arbitarily long inputs which once big enough will trigger a timeout.

a4c3732f

2020-09-16T12:35:09

[ENOMEM] fix set clear() causing corruption if the set is in_error().

84dd65a8

2020-10-13T20:21:28

[test] Remove timeout from test runners See https://github.com/harfbuzz/harfbuzz/issues/2707#issuecomment-707744079 This wasn’t inconsistent as well, HB_TEST_SUBSET_FUZZER_TIMEOUT defaulted to 12 in the test runner, but it was overridden to 50 in meson.build, and then meson has its own test timeout.

bbbcad0d

2020-09-16T11:19:40

Revert "[ENOMEM] don't perform set process operations if the other set is in an error state." This reverts commit f3929abafe3b64f15d0dc2d21ad7b493eeb92dfe.

f3929aba

2020-09-15T13:06:36

[ENOMEM] don't perform set process operations if the other set is in an error state. Running a process while the other set is in an error state can potentially corrupt this sets map map (for example by overwritting all of the major values with 0).

8c3d4de7

2020-09-09T12:38:34

[subset] Fix integer underflow in ContextFormat2.

9825e3dd

2020-08-26T17:31:50

[ENOMEM] fix access to unitialized memory. If the serialize() call fails to write the object then we can't safely read varstore_prime fields. Fixes https://oss-fuzz.com/testcase-detail/5137462782066688.

1e48225c

2020-08-13T23:22:14

[ENOMEM] Check whether serialize context isn't in error

6e32145d

2020-08-13T00:13:06

[meson] Make compatbile with 0.47.0

9562239f

2020-08-12T13:01:22

[ENOMEM] check for error in lookup visited set.

6f754852

2020-08-11T15:40:47

[ENOMEM] skip asserts in to_bias if serializer is in an error state.

057769b1

2020-08-12T02:30:33

[fuzzer] minor

04179380

2020-08-12T02:19:06

[fuzzer] Mark alloc_state as unused It is really unused when failing-alloc isn't on.

51933578

2020-08-11T23:51:59

Revert "Remove autotools build support" This reverts commit 01ac32aab2109681abc58bb2f96a4ef4a7f0c6df.

ffe06c8f

2020-08-08T13:17:34

[glyf] Guard all the public APIs against null pool runs Fixes https://crbug.com/oss-fuzz/24575 and https://crbug.com/oss-fuzz/24737

01ac32aa

2020-08-02T11:35:55

Remove autotools build support

679fac87

2020-07-30T15:29:43

Skip hb_shape if buffer object is immutable

18ab8029

2020-07-31T14:40:49

[ENOMEM] check vector status in cmap subsetting.

06dbb6ac

2020-07-31T15:56:14

[ENOMEM] in GSUB ChainContext subsetting check maps for allocation errors.

fb147779

2020-07-31T14:00:38

[ENOMEM] Check result of vector resize in CBDT subsetting.

efd716de

2020-07-31T08:58:53

[cff] Check for scalars array resize result Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24504

040ed094

2020-07-30T15:14:02

[ENOMEM] popragate packed/packed_map errors to the serializer. Will disable further modifications based on a bad state.

7f358a55

2020-07-30T13:57:30

[ENOMEM] unchecked resize in CFF2.

32f052b0

2020-07-30T13:45:04

[ENOMEM] Fix several instances of not checking resize in CFF.

15644ee6

2020-07-29T16:37:39

[ENOMEM] fix memory leak if allocation fails during pop_pack().

42237adf

2020-07-29T15:18:25

[ENOMEM] make serializer modification operations no-ops if it's in an error state.

4ba8e3c6

2020-07-29T12:33:42

[ENOMEM] Fix failure to check calloc return. Fixes https://oss-fuzz.com/testcase-detail/6246465148813312.

d307c24a

2020-07-29T12:23:37

[ENOMEM] check resize() return. Fixes https://oss-fuzz.com/testcase-detail/5641892164009984.

48ad7459

2020-07-29T08:09:08

[ENOMEM] Fix buffer's content check logic So now rest of shape fuzzer also can be enabled. Fixes #2571

c33e8006

2020-07-14T19:29:58

[fuzz] Implement failing allocator

5c46683a

2020-07-22T17:23:22

[fuzz] increase shape fuzzer timeout as https://circleci.com/gh/harfbuzz/harfbuzz/149203

kc3-lang/harfbuzz/test/fuzzing

test/fuzzing

Log