kmx git

Commit	Date	Message
c5c13006	2021-03-31T11:23:46	[subset] fix memory leaks found in https://oss-fuzz.com/testcase-detail/5179935334465536
adca4ce0	2021-03-30T13:20:50	[subset] fixes https://oss-fuzz.com/testcase-detail/6173520787800064. Caused by incorrect bounds check in glyph closure for context lookups.
752e393a	2021-03-29T17:23:33	[subset] avoid calling clear on null pool set.
8741914a	2021-03-29T16:39:44	[subset] fix memory leak when map insert fails.
5b6da6d2	2021-03-29T16:19:17	[subset] add fuzzer test case.
a804a0c9	2021-03-29T14:25:20	[subset] add fuzzer test case.
f2d08578	2021-03-16T00:19:40	[tests] Increase shape-fuzzer timeout
5ca353a2	2021-02-12T15:16:59	[subset] fix heap buffer overflow found by fuzzer.
33a0f0b6	2021-02-09T12:55:45	[test] Remove fuzzed test font that triggers virus alert Fixes https://github.com/harfbuzz/harfbuzz/issues/2750
f94bf9f0	2021-01-25T15:57:42	[set fuzzer] limit the total number of set members in a fuzzing input. Currently the fuzzer can create arbitarily long inputs which once big enough will trigger a timeout.
a4c3732f	2020-09-16T12:35:09	[ENOMEM] fix set clear() causing corruption if the set is in_error().
84dd65a8	2020-10-13T20:21:28	[test] Remove timeout from test runners See https://github.com/harfbuzz/harfbuzz/issues/2707#issuecomment-707744079 This wasn’t inconsistent as well, HB_TEST_SUBSET_FUZZER_TIMEOUT defaulted to 12 in the test runner, but it was overridden to 50 in meson.build, and then meson has its own test timeout.
bbbcad0d	2020-09-16T11:19:40	Revert "[ENOMEM] don't perform set process operations if the other set is in an error state." This reverts commit f3929abafe3b64f15d0dc2d21ad7b493eeb92dfe.
f3929aba	2020-09-15T13:06:36	[ENOMEM] don't perform set process operations if the other set is in an error state. Running a process while the other set is in an error state can potentially corrupt this sets map map (for example by overwritting all of the major values with 0).
8c3d4de7	2020-09-09T12:38:34	[subset] Fix integer underflow in ContextFormat2.
9825e3dd	2020-08-26T17:31:50	[ENOMEM] fix access to unitialized memory. If the serialize() call fails to write the object then we can't safely read varstore_prime fields. Fixes https://oss-fuzz.com/testcase-detail/5137462782066688.
1e48225c	2020-08-13T23:22:14	[ENOMEM] Check whether serialize context isn't in error
6e32145d	2020-08-13T00:13:06	[meson] Make compatbile with 0.47.0
9562239f	2020-08-12T13:01:22	[ENOMEM] check for error in lookup visited set.
6f754852	2020-08-11T15:40:47	[ENOMEM] skip asserts in to_bias if serializer is in an error state.
057769b1	2020-08-12T02:30:33	[fuzzer] minor
04179380	2020-08-12T02:19:06	[fuzzer] Mark alloc_state as unused It is really unused when failing-alloc isn't on.
51933578	2020-08-11T23:51:59	Revert "Remove autotools build support" This reverts commit 01ac32aab2109681abc58bb2f96a4ef4a7f0c6df.
ffe06c8f	2020-08-08T13:17:34	[glyf] Guard all the public APIs against null pool runs Fixes https://crbug.com/oss-fuzz/24575 and https://crbug.com/oss-fuzz/24737
01ac32aa	2020-08-02T11:35:55	Remove autotools build support
679fac87	2020-07-30T15:29:43	Skip hb_shape if buffer object is immutable
18ab8029	2020-07-31T14:40:49	[ENOMEM] check vector status in cmap subsetting.
06dbb6ac	2020-07-31T15:56:14	[ENOMEM] in GSUB ChainContext subsetting check maps for allocation errors.
fb147779	2020-07-31T14:00:38	[ENOMEM] Check result of vector resize in CBDT subsetting.
efd716de	2020-07-31T08:58:53	[cff] Check for scalars array resize result Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24504
040ed094	2020-07-30T15:14:02	[ENOMEM] popragate packed/packed_map errors to the serializer. Will disable further modifications based on a bad state.
7f358a55	2020-07-30T13:57:30	[ENOMEM] unchecked resize in CFF2.
32f052b0	2020-07-30T13:45:04	[ENOMEM] Fix several instances of not checking resize in CFF.
15644ee6	2020-07-29T16:37:39	[ENOMEM] fix memory leak if allocation fails during pop_pack().
42237adf	2020-07-29T15:18:25	[ENOMEM] make serializer modification operations no-ops if it's in an error state.
4ba8e3c6	2020-07-29T12:33:42	[ENOMEM] Fix failure to check calloc return. Fixes https://oss-fuzz.com/testcase-detail/6246465148813312.
d307c24a	2020-07-29T12:23:37	[ENOMEM] check resize() return. Fixes https://oss-fuzz.com/testcase-detail/5641892164009984.
48ad7459	2020-07-29T08:09:08	[ENOMEM] Fix buffer's content check logic So now rest of shape fuzzer also can be enabled. Fixes #2571
c33e8006	2020-07-14T19:29:58	[fuzz] Implement failing allocator
5c46683a	2020-07-22T17:23:22	[fuzz] increase shape fuzzer timeout as https://circleci.com/gh/harfbuzz/harfbuzz/149203
945bcd72	2020-07-15T09:54:32	minor
fa0436dd	2020-07-15T09:52:40	[ENOMEM][fuzzer/subset] early return if the result is null I don't see _or_fail APIs idiomatic for the project but since it is there, let's have this
11d583a9	2020-07-14T06:23:06	[aat] Consume glyph insertion from buffer's max_ops (#2223) Glyph insertion is an expensive operation and we like to have it limited based on buffer's input size which is handled by buffer's max_ops. clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5754958982021120: Before the change: 0.67s user 0.00s system 99% cpu 0.674 total After the change: 0.02s user 0.00s system 98% cpu 0.024 total Which takes much longer on valgrind and tsan bots.
cd6f62d9	2020-07-12T23:05:11	[meson] Raise timeout value of subset fuzzer testcases happens when tsan is enabled
e4f99691	2020-07-08T15:10:25	[ci] migrate to meson two bots, one bot here (distcheck) and one in travis still run autotools and won't be removed till we decide about autotools
e04050e3	2020-07-08T01:06:30	[meson] split fuzzer_ldflags before use
c5def347	2020-07-06T23:29:56	[meson] don't underscorify fuzzers names
d608f2ac	2020-07-06T22:40:51	[meson] Add fuzzer_ldflags As ots, https://github.com/khaledhosny/ots/commit/4d37b9b
a470b0b2	2020-07-04T23:56:10	Minor, disable strict-aliasing warning in set fuzzer ../test/fuzzing/hb-set-fuzzer.cc: In function ‘int LLVMFuzzerTestOneInput(const uint8_t*, size_t)’: ../test/fuzzing/hb-set-fuzzer.cc:38:82: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] 38 \| const instructions_t &instructions = reinterpret_cast<const instructions_t &> (data); \| And it is already disabled at project level so let's disable it here also.
a07672d3	2020-07-04T14:12:55	[py] minor, replace os.environ.get with os.getenv
47a0fbec	2020-06-21T02:34:59	[meson] Mark longer tests with slow So one can skip them easily by `meson test -Cbuild --no-suite slow`
08816117	2020-06-20T01:02:50	[fuzzer] Make some use for test_font API calls Making some use for result of some of the test_font calls to make sure compilers in fuzzers aren't just optimizing the calls.
03bd6ead	2020-06-03T23:52:10	[meson] Only pass required dependencies to everything Instead of passing dependencies as required we used one giant shared dependency list containing all dependencies for every library/executable. While this kinda works, the specified deps are also used for generating the pkg-config files and this leads to lots of Requires.private and Libs.private entries which aren't really needed. This removes the "deps" array and replaces it with a few smaller ones and makes sure the public libraries only get passed the dependencies actually needed. Fixes #2441
a9d13463	2020-05-30T14:17:56	[meson] Categorize tests using `suite: [...]` So one can run a category of interested tests like meson test -Cbuild --suite aots --suite src --print-errorlogs Intead issuing particular tests which also is possible like meson test -Cbuild test-shape --print-errorlogs
7554f618	2020-05-28T22:51:29	minor, use sys.exit print shorthand
f7562672	2020-05-21T17:01:04	[meson] Use / instead join_paths We need some of the very recent features of meson, let's use the new features also
b8d1760b	2020-05-21T14:45:41	[meson/ci] Increase cmap fuzzer timeout even more
4b12b846	2020-05-21T14:23:36	[meson] Increase timeout in hope to resolve Actions' bot timeout
1c4dd79c	2020-05-21T08:49:14	[ci] Increase timeout as gh bot issue isn't resolved by serial test
8667df55	2020-05-21T07:19:37	[meson] Unbreak the build, oops
791debdc	2020-05-21T07:15:09	[meson][ci] Don't run subset fuzzer test in parallel resolves https://github.com/harfbuzz/harfbuzz/runs/695051808#step:6:595 failure
8a5368e2	2020-05-21T07:00:40	[tests] Enable more gid misc calls on draw fuzzer
c68ab4b5	2020-05-21T00:25:17	Fix _get_ligature_caret's oob read issue AAT::Lookup has no other way to detect whether it is returned from a real and sanitized font data or from a null pool, this checks if the table has been recognized valid by sanitizer by checking table's major version which is zero if returned from a null pool and non-zero if is from a sanitized font data, it is expected the other calls of the table (unlikely to have more calls however) also do a similar version check before calling the lookups used on the table.
b22f61d8	2020-04-21T11:49:05	Fix bug
22f7c61a	2020-04-17T23:49:51	implement SID to glyph ID mapping with predefined Charset Also fixes oss-fuzz 21769
0d569598	2020-04-05T18:44:26	[subset] fixes dangling object_t issue in FeatureVariationRecord Fixes https://crbug.com/oss-fuzz/21560 revert () does not clean up useless object_t. Adjust the order of subsetting substitutions and conditions to avoid dangling object_t.
57b7de03	2020-04-05T17:07:48	[subset] Fail ClassDefFormat1 serialization if no space available Fixes https://crbug.com/oss-fuzz/21580
014e038b	2020-03-31T16:29:29	[subset] Bail out of context lookup expansion once the lookup limit is encountered.
5d345d0c	2020-03-31T17:46:19	[subset] Limit the number of lookup indices processed subsetting Feature. > Also, remove two unnessecary full iterations of the lookup index iterator during serialization of the index array. Fixes fuzzer found timeout.
96d792ae	2020-03-24T14:05:47	[avar] Prevent mul overflow Fixes https://crbug.com/oss-fuzz/21350
4ad686b9	2020-03-25T23:32:28	[subset] fix fuzzer timeout in layout closure Bail out of chain context lookup expansion once the lookup limit is encountered.
7054b122	2020-03-24T22:35:41	[meson] Mark rest of non-install executables explicitly
600bf21f	2020-03-24T20:08:40	[meson] Add draw-fuzzer runner
28deb6b7	2020-03-24T19:41:53	[meson] test/fuzzing simplify
78622231	2020-03-24T19:39:42	[meson] More comment on tests are causing timeout failure
d57fc627	2020-03-24T16:03:04	[meson] raise timeout value of subset fuzzer
76169526	2020-03-19T11:43:37	[tests] Remove py2 workaround for lack of timeout in subprocess
b5526a09	2020-03-18T23:58:20	[tools] Remove in-house 'which' now that we have py3
430bf696	2020-03-13T11:20:34	Add potentially crashing font as a fuzzer seed.
755a77d6	2020-01-29T22:26:04	Move outline draw API behind HB_EXPERIMENTAL_API directive
834a224a	2020-03-12T03:02:36	[subset] Put a limit on the number of lookup indices that can be visited during closures Fixes https://crbug.com/oss-fuzz/21025
c494d7ab	2020-03-11T19:44:13	Remove cmake testing and add meson build bot CMake tests are broken anyway as py3 changes so let's get rid of them
1c3f80ba	2020-03-11T19:29:47	[meson] Minor updates
04438554	2018-11-15T00:25:41	meson: Update build files after rebase
618584e9	2018-11-14T20:19:36	meson: rename incbase to incconfig Makes it clearer what it's for: config.h. See #4.
d4a72373	2018-05-17T16:25:22	meson: all tests passing on Windows / MSVC
7ee650b1	2018-05-17T23:52:36	meson: refactor fuzzing test
920efc0e	2018-05-17T01:28:53	Add Meson build definitions Fixes #490 http://mesonbuild.com
0d729b4b	2020-03-07T11:53:12	[avar] Fix out-of-bound read when input is bigger than all the coords 'i' shouldn't become equal to array's length which as the increament is happened at end of the loop, if the input is bigger than all the table coords, it will be equal to array's length. Fixes https://crbug.com/oss-fuzz/21092
446d1e3b	2020-03-04T23:32:50	[fuzz] Add more of fixed cases
99b5b3f1	2020-03-04T11:15:46	[gvar] Make sure TupleVarHeader has the needed size Fixes https://crbug.com/oss-fuzz/21026
558f9227	2020-03-03T20:27:19	[fuzz] Avoid empty memcpy and ubsan complain by length checking before memcpy
6543d166	2020-03-03T20:26:46	[fuzz] Remove the not yet fixed timeout, going to investigate
2bbf1c86	2020-03-03T19:42:38	[fuzz] Add more of supposed to already be fixed cases from Chromium bug tracker
f253f06c	2020-03-03T18:57:13	[fuzz] Add another fixed case https://crbug.com/oss-fuzz/14626 another numerous subtables count which is fixed by d38360397
d3836039	2020-03-02T22:41:08	Limit OT::Lookup subtables (#2219) Fixes https://crbug.com/oss-fuzz/13943
29efd964	2020-03-02T14:22:29	[fuzz] Add cases that marked as wontfix Let's see if they were really false alarms, if so, let's just have them.
cb65150f	2020-02-29T16:12:54	[draw] minor
86c40b3a	2020-02-29T14:11:46	[fuzz/draw] Call _get_glyph_extents Other render related APIs also may be added also later such as ot-color and future rendering things.
5ab50eeb	2020-02-29T01:32:29	collect_unicodes() with clamp, calling add_range() Use add_range instead an inner loop, clamp its input number by number of glyphs a face has. Even the face cmap12 and 13 have 32-bit hb_codepoint_t, which is here used to make timeout, face's maxp has 16-bit gid limitation at least for now, using that makes sure we both fix and the timeout and don't need to change much things here also in order to support 32-bit gids also someday. Fixes #2204

c5c13006

2021-03-31T11:23:46

[subset] fix memory leaks found in https://oss-fuzz.com/testcase-detail/5179935334465536

adca4ce0

2021-03-30T13:20:50

[subset] fixes https://oss-fuzz.com/testcase-detail/6173520787800064. Caused by incorrect bounds check in glyph closure for context lookups.

752e393a

2021-03-29T17:23:33

[subset] avoid calling clear on null pool set.

8741914a

2021-03-29T16:39:44

[subset] fix memory leak when map insert fails.

5b6da6d2

2021-03-29T16:19:17

[subset] add fuzzer test case.

a804a0c9

2021-03-29T14:25:20

[subset] add fuzzer test case.

f2d08578

2021-03-16T00:19:40

[tests] Increase shape-fuzzer timeout

5ca353a2

2021-02-12T15:16:59

[subset] fix heap buffer overflow found by fuzzer.

33a0f0b6

2021-02-09T12:55:45

[test] Remove fuzzed test font that triggers virus alert Fixes https://github.com/harfbuzz/harfbuzz/issues/2750

f94bf9f0

2021-01-25T15:57:42

[set fuzzer] limit the total number of set members in a fuzzing input. Currently the fuzzer can create arbitarily long inputs which once big enough will trigger a timeout.

a4c3732f

2020-09-16T12:35:09

[ENOMEM] fix set clear() causing corruption if the set is in_error().

84dd65a8

2020-10-13T20:21:28

[test] Remove timeout from test runners See https://github.com/harfbuzz/harfbuzz/issues/2707#issuecomment-707744079 This wasn’t inconsistent as well, HB_TEST_SUBSET_FUZZER_TIMEOUT defaulted to 12 in the test runner, but it was overridden to 50 in meson.build, and then meson has its own test timeout.

bbbcad0d

2020-09-16T11:19:40

Revert "[ENOMEM] don't perform set process operations if the other set is in an error state." This reverts commit f3929abafe3b64f15d0dc2d21ad7b493eeb92dfe.

f3929aba

2020-09-15T13:06:36

[ENOMEM] don't perform set process operations if the other set is in an error state. Running a process while the other set is in an error state can potentially corrupt this sets map map (for example by overwritting all of the major values with 0).

8c3d4de7

2020-09-09T12:38:34

[subset] Fix integer underflow in ContextFormat2.

9825e3dd

2020-08-26T17:31:50

[ENOMEM] fix access to unitialized memory. If the serialize() call fails to write the object then we can't safely read varstore_prime fields. Fixes https://oss-fuzz.com/testcase-detail/5137462782066688.

1e48225c

2020-08-13T23:22:14

[ENOMEM] Check whether serialize context isn't in error

6e32145d

2020-08-13T00:13:06

[meson] Make compatbile with 0.47.0

9562239f

2020-08-12T13:01:22

[ENOMEM] check for error in lookup visited set.

6f754852

2020-08-11T15:40:47

[ENOMEM] skip asserts in to_bias if serializer is in an error state.

057769b1

2020-08-12T02:30:33

[fuzzer] minor

04179380

2020-08-12T02:19:06

[fuzzer] Mark alloc_state as unused It is really unused when failing-alloc isn't on.

51933578

2020-08-11T23:51:59

Revert "Remove autotools build support" This reverts commit 01ac32aab2109681abc58bb2f96a4ef4a7f0c6df.

ffe06c8f

2020-08-08T13:17:34

[glyf] Guard all the public APIs against null pool runs Fixes https://crbug.com/oss-fuzz/24575 and https://crbug.com/oss-fuzz/24737

01ac32aa

2020-08-02T11:35:55

Remove autotools build support

679fac87

2020-07-30T15:29:43

Skip hb_shape if buffer object is immutable

18ab8029

2020-07-31T14:40:49

[ENOMEM] check vector status in cmap subsetting.

06dbb6ac

2020-07-31T15:56:14

[ENOMEM] in GSUB ChainContext subsetting check maps for allocation errors.

fb147779

2020-07-31T14:00:38

[ENOMEM] Check result of vector resize in CBDT subsetting.

efd716de

2020-07-31T08:58:53

[cff] Check for scalars array resize result Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24504

040ed094

2020-07-30T15:14:02

[ENOMEM] popragate packed/packed_map errors to the serializer. Will disable further modifications based on a bad state.

7f358a55

2020-07-30T13:57:30

[ENOMEM] unchecked resize in CFF2.

32f052b0

2020-07-30T13:45:04

[ENOMEM] Fix several instances of not checking resize in CFF.

15644ee6

2020-07-29T16:37:39

[ENOMEM] fix memory leak if allocation fails during pop_pack().

42237adf

2020-07-29T15:18:25

[ENOMEM] make serializer modification operations no-ops if it's in an error state.

4ba8e3c6

2020-07-29T12:33:42

[ENOMEM] Fix failure to check calloc return. Fixes https://oss-fuzz.com/testcase-detail/6246465148813312.

d307c24a

2020-07-29T12:23:37

[ENOMEM] check resize() return. Fixes https://oss-fuzz.com/testcase-detail/5641892164009984.

48ad7459

2020-07-29T08:09:08

[ENOMEM] Fix buffer's content check logic So now rest of shape fuzzer also can be enabled. Fixes #2571

c33e8006

2020-07-14T19:29:58

[fuzz] Implement failing allocator

5c46683a

2020-07-22T17:23:22

[fuzz] increase shape fuzzer timeout as https://circleci.com/gh/harfbuzz/harfbuzz/149203

945bcd72

2020-07-15T09:54:32

minor

fa0436dd

2020-07-15T09:52:40

[ENOMEM][fuzzer/subset] early return if the result is null I don't see _or_fail APIs idiomatic for the project but since it is there, let's have this

11d583a9

2020-07-14T06:23:06

[aat] Consume glyph insertion from buffer's max_ops (#2223) Glyph insertion is an expensive operation and we like to have it limited based on buffer's input size which is handled by buffer's max_ops. clusterfuzz-testcase-minimized-harfbuzz_fuzzer-5754958982021120: Before the change: 0.67s user 0.00s system 99% cpu 0.674 total After the change: 0.02s user 0.00s system 98% cpu 0.024 total Which takes much longer on valgrind and tsan bots.

cd6f62d9

2020-07-12T23:05:11

[meson] Raise timeout value of subset fuzzer testcases happens when tsan is enabled

e4f99691

2020-07-08T15:10:25

[ci] migrate to meson two bots, one bot here (distcheck) and one in travis still run autotools and won't be removed till we decide about autotools

e04050e3

2020-07-08T01:06:30

[meson] split fuzzer_ldflags before use

c5def347

2020-07-06T23:29:56

[meson] don't underscorify fuzzers names

d608f2ac

2020-07-06T22:40:51

[meson] Add fuzzer_ldflags As ots, https://github.com/khaledhosny/ots/commit/4d37b9b

a470b0b2

2020-07-04T23:56:10

Minor, disable strict-aliasing warning in set fuzzer ../test/fuzzing/hb-set-fuzzer.cc: In function ‘int LLVMFuzzerTestOneInput(const uint8_t*, size_t)’: ../test/fuzzing/hb-set-fuzzer.cc:38:82: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] 38 | const instructions_t &instructions = reinterpret_cast<const instructions_t &> (data); | And it is already disabled at project level so let's disable it here also.

a07672d3

2020-07-04T14:12:55

[py] minor, replace os.environ.get with os.getenv

47a0fbec

2020-06-21T02:34:59

[meson] Mark longer tests with slow So one can skip them easily by `meson test -Cbuild --no-suite slow`

08816117

2020-06-20T01:02:50

[fuzzer] Make some use for test_font API calls Making some use for result of some of the test_font calls to make sure compilers in fuzzers aren't just optimizing the calls.

03bd6ead

2020-06-03T23:52:10

[meson] Only pass required dependencies to everything Instead of passing dependencies as required we used one giant shared dependency list containing all dependencies for every library/executable. While this kinda works, the specified deps are also used for generating the pkg-config files and this leads to lots of Requires.private and Libs.private entries which aren't really needed. This removes the "deps" array and replaces it with a few smaller ones and makes sure the public libraries only get passed the dependencies actually needed. Fixes #2441

a9d13463

2020-05-30T14:17:56

[meson] Categorize tests using `suite: [...]` So one can run a category of interested tests like meson test -Cbuild --suite aots --suite src --print-errorlogs Intead issuing particular tests which also is possible like meson test -Cbuild test-shape --print-errorlogs

7554f618

2020-05-28T22:51:29

minor, use sys.exit print shorthand

f7562672

2020-05-21T17:01:04

[meson] Use / instead join_paths We need some of the very recent features of meson, let's use the new features also

b8d1760b

2020-05-21T14:45:41

[meson/ci] Increase cmap fuzzer timeout even more

4b12b846

2020-05-21T14:23:36

[meson] Increase timeout in hope to resolve Actions' bot timeout

1c4dd79c

2020-05-21T08:49:14

[ci] Increase timeout as gh bot issue isn't resolved by serial test

8667df55

2020-05-21T07:19:37

[meson] Unbreak the build, oops

791debdc

2020-05-21T07:15:09

[meson][ci] Don't run subset fuzzer test in parallel resolves https://github.com/harfbuzz/harfbuzz/runs/695051808#step:6:595 failure

8a5368e2

2020-05-21T07:00:40

[tests] Enable more gid misc calls on draw fuzzer

c68ab4b5

2020-05-21T00:25:17

Fix _get_ligature_caret's oob read issue AAT::Lookup has no other way to detect whether it is returned from a real and sanitized font data or from a null pool, this checks if the table has been recognized valid by sanitizer by checking table's major version which is zero if returned from a null pool and non-zero if is from a sanitized font data, it is expected the other calls of the table (unlikely to have more calls however) also do a similar version check before calling the lookups used on the table.

b22f61d8

2020-04-21T11:49:05

Fix bug

22f7c61a

2020-04-17T23:49:51

implement SID to glyph ID mapping with predefined Charset Also fixes oss-fuzz 21769

0d569598

2020-04-05T18:44:26

[subset] fixes dangling object_t issue in FeatureVariationRecord Fixes https://crbug.com/oss-fuzz/21560 revert () does not clean up useless object_t. Adjust the order of subsetting substitutions and conditions to avoid dangling object_t.

57b7de03

2020-04-05T17:07:48

[subset] Fail ClassDefFormat1 serialization if no space available Fixes https://crbug.com/oss-fuzz/21580

014e038b

2020-03-31T16:29:29

[subset] Bail out of context lookup expansion once the lookup limit is encountered.

5d345d0c

2020-03-31T17:46:19

[subset] Limit the number of lookup indices processed subsetting Feature. > Also, remove two unnessecary full iterations of the lookup index iterator during serialization of the index array. Fixes fuzzer found timeout.

96d792ae

2020-03-24T14:05:47

[avar] Prevent mul overflow Fixes https://crbug.com/oss-fuzz/21350

4ad686b9

2020-03-25T23:32:28

[subset] fix fuzzer timeout in layout closure Bail out of chain context lookup expansion once the lookup limit is encountered.

7054b122

2020-03-24T22:35:41

[meson] Mark rest of non-install executables explicitly

600bf21f

2020-03-24T20:08:40

[meson] Add draw-fuzzer runner

28deb6b7

2020-03-24T19:41:53

[meson] test/fuzzing simplify

78622231

2020-03-24T19:39:42

[meson] More comment on tests are causing timeout failure

d57fc627

2020-03-24T16:03:04

[meson] raise timeout value of subset fuzzer

76169526

2020-03-19T11:43:37

[tests] Remove py2 workaround for lack of timeout in subprocess

b5526a09

2020-03-18T23:58:20

[tools] Remove in-house 'which' now that we have py3

430bf696

2020-03-13T11:20:34

Add potentially crashing font as a fuzzer seed.

755a77d6

2020-01-29T22:26:04

Move outline draw API behind HB_EXPERIMENTAL_API directive

834a224a

2020-03-12T03:02:36

[subset] Put a limit on the number of lookup indices that can be visited during closures Fixes https://crbug.com/oss-fuzz/21025

c494d7ab

2020-03-11T19:44:13

Remove cmake testing and add meson build bot CMake tests are broken anyway as py3 changes so let's get rid of them

1c3f80ba

2020-03-11T19:29:47

[meson] Minor updates

04438554

2018-11-15T00:25:41

meson: Update build files after rebase

618584e9

2018-11-14T20:19:36

meson: rename incbase to incconfig Makes it clearer what it's for: config.h. See #4.

d4a72373

2018-05-17T16:25:22

meson: all tests passing on Windows / MSVC

7ee650b1

2018-05-17T23:52:36

meson: refactor fuzzing test

920efc0e

2018-05-17T01:28:53

Add Meson build definitions Fixes #490 http://mesonbuild.com

0d729b4b

2020-03-07T11:53:12

[avar] Fix out-of-bound read when input is bigger than all the coords 'i' shouldn't become equal to array's length which as the increament is happened at end of the loop, if the input is bigger than all the table coords, it will be equal to array's length. Fixes https://crbug.com/oss-fuzz/21092

446d1e3b

2020-03-04T23:32:50

[fuzz] Add more of fixed cases

99b5b3f1

2020-03-04T11:15:46

[gvar] Make sure TupleVarHeader has the needed size Fixes https://crbug.com/oss-fuzz/21026

558f9227

2020-03-03T20:27:19

[fuzz] Avoid empty memcpy and ubsan complain by length checking before memcpy

6543d166

2020-03-03T20:26:46

[fuzz] Remove the not yet fixed timeout, going to investigate

2bbf1c86

2020-03-03T19:42:38

[fuzz] Add more of supposed to already be fixed cases from Chromium bug tracker

f253f06c

2020-03-03T18:57:13

[fuzz] Add another fixed case https://crbug.com/oss-fuzz/14626 another numerous subtables count which is fixed by d38360397

d3836039

2020-03-02T22:41:08

Limit OT::Lookup subtables (#2219) Fixes https://crbug.com/oss-fuzz/13943

29efd964

2020-03-02T14:22:29

[fuzz] Add cases that marked as wontfix Let's see if they were really false alarms, if so, let's just have them.

cb65150f

2020-02-29T16:12:54

[draw] minor

86c40b3a

2020-02-29T14:11:46

[fuzz/draw] Call _get_glyph_extents Other render related APIs also may be added also later such as ot-color and future rendering things.

5ab50eeb

2020-02-29T01:32:29

collect_unicodes() with clamp, calling add_range() Use add_range instead an inner loop, clamp its input number by number of glyphs a face has. Even the face cmap12 and 13 have 32-bit hb_codepoint_t, which is here used to make timeout, face's maxp has 16-bit gid limitation at least for now, using that makes sure we both fix and the timeout and don't need to change much things here also in order to support 32-bit gids also someday. Fixes #2204

kc3-lang/harfbuzz/test/fuzzing

test/fuzzing

Log