|
25297408
|
2023-07-03T10:34:26
|
|
[COLR] Fix PaintComposite sanitize timeout
Was timing out after recent sanitize() change.
Fixes https://oss-fuzz.com/testcase-detail/5692635449524224
|
|
|
0cf759b0
|
2023-07-02T12:15:43
|
|
[Glyph] Don't shift anchored Composite if phantom_only
Fixes https://oss-fuzz.com/testcase-detail/5114131137822720
|
|
|
cc44b3bc
|
2023-06-29T16:12:10
|
|
[subset/cff1] Handle an error condition
Fixes https://oss-fuzz.com/testcase-detail/5191907895279616
|
|
|
62f5ed46
|
2023-06-28T12:02:52
|
|
[subset/cff] Fix an infinite loop
Fixes https://oss-fuzz.com/testcase-detail/5419002026131456
|
|
|
347b9448
|
2023-06-26T18:09:40
|
|
[null] Fix getting Crap(hb_bytes_t)
Fixes https://oss-fuzz.com/testcase-detail/6187272924692480
|
|
|
6c4f975d
|
2023-06-25T23:37:08
|
|
Add a fuzzer font
|
|
db700b56
|
2023-06-12T23:38:26
|
|
[subset] fix fuzzer timeout.
Fixes: https://oss-fuzz.com/testcase-detail/6681253479579648. Limits iteration of coverage table during MATH subset to valid glyphs.
|
|
|
2e6919d5
|
2023-06-10T10:08:56
|
|
[subset/cff2] Error handling
Fixes https://oss-fuzz.com/testcase-detail/4916785942757376
|
|
|
d08aee5a
|
2023-06-08T13:20:28
|
|
Add fuzzing test
|
|
|
ada1e9a9
|
2023-06-06T14:46:06
|
|
[graph/serialize] Handle empty blob
Fixes https://oss-fuzz.com/testcase-detail/4877513265119232
|
|
|
a92b288e
|
2023-06-06T14:32:25
|
|
[serializer] Handle snapshotting when current is nullptr
Happens with memory failure / fuzzing.
Fixes https://oss-fuzz.com/testcase-detail/6292420615340032
|
|
|
c2eaedd2
|
2023-06-04T09:25:07
|
|
[fuzzing] Add a test font
From https://oss-fuzz.com/testcase-detail/5855710991482880
|
|
|
f3b4d35f
|
2023-05-29T22:38:40
|
|
[subset] Fix fuzzer crash.
https://oss-fuzz.com/testcase-detail/6608005089853440
|
|
|
20c564bc
|
2023-05-26T23:04:25
|
|
[repacker] Fix fuzzer memory leak.
https://oss-fuzz.com/testcase-detail/6419865171525632
|
|
|
a652281e
|
2023-05-26T19:47:50
|
|
[subset] Fix fuzzer timeout.
Fixes https://oss-fuzz.com/testcase-detail/5979721620652032. Timeout was caused by degenerate map insert behaviour due to poor integer hash function. Presize the map to avoid it. Also fixes collect_mapping() for cmap format 13.
|
|
|
db23be64
|
2023-05-02T00:06:08
|
|
[subset] clamp head *Min/*Max values to fit within 16 bit signed int.
Fixes fuzzer https://oss-fuzz.com/testcase-detail/4549472192692224.
|
|
|
b3fed4fa
|
2023-04-27T22:13:30
|
|
[repacker] fix fuzzer found memory leak.
Fixes https://oss-fuzz.com/testcase-detail/5196242811748352
|
|
|
2175f5d0
|
2023-04-24T21:13:18
|
|
[subset] Fix inefficient ItemVariationStore subsetting w/ retain_gids.
ItemVariationStore is relying on the assumption that the inner_map is populated for all output glyphs, this is not true for subsetting operations with retain gids enabled. Fixes fuzzer timeout: https://oss-fuzz.com/testcase-detail/4575222591520768.
|
|
|
647b0247
|
2023-04-17T22:47:47
|
|
[subset] Fix fuzzer issue https://oss-fuzz.com/testcase-detail/6521393809588224
|
|
|
2cd81fdf
|
2023-03-30T22:11:43
|
|
[subset] fix memory leak.
Fixes fuzzer issue https://oss-fuzz.com/testcase-detail/6169920089227264
|
|
|
be872001
|
2023-03-24T17:30:53
|
|
[subset] fix buffer overflow fuzzer reported issue.
|
|
|
79ae6b65
|
2023-03-24T17:14:55
|
|
[subset] Fix fuzzer found memory leaks.
|
|
|
f0f7f225
|
2023-03-20T18:39:49
|
|
[subset] fix fuzzer found null deref.
https://oss-fuzz.com/testcase-detail/5844352760152064
|
|
|
3d05b961
|
2023-03-13T21:34:26
|
|
[subset] track which glyphs have allocated memory so we can clean up correctly.
Fixes https://oss-fuzz.com/testcase-detail/5388270411579392
|
|
|
7a87b177
|
2023-03-13T19:50:28
|
|
Check for failed subset input creation in the fuzzer.
|
|
|
28b05e1c
|
2023-03-08T23:59:04
|
|
[subset] Fix memory leak in glyf subset.
Fixes fuzzer issue: https://oss-fuzz.com/testcase-detail/6525813890875392.
|
|
|
9286e125
|
2023-03-08T20:02:26
|
|
Don't subset a glyf table with an unknown format.
Fixes fuzzer issue: https://oss-fuzz.com/testcase-detail/4875306193518592
|
|
|
2d33a6b4
|
2023-02-28T15:31:45
|
|
[subset-fuzzer] Protect against overflow
Fixes
https://github.com/harfbuzz/harfbuzz/issues/4137#issuecomment-1448994447
|
|
|
c0fac016
|
2023-02-22T20:54:20
|
|
[subset] update the subset fuzzer to be able to reach instancing code.
|
|
|
918193eb
|
2023-02-22T23:11:29
|
|
[subset] fix a class of fuzzer timeouts caused by large shared coverage tables.
More acurately estimates the op count for CoverageFormat2 tables as the population size instead of the size in bytes.
|
|
|
64fa5cd4
|
2023-02-07T15:50:36
|
|
[GPOS] Fix assert fail introduced recently
Was introduced in 8708b9e081192786c027bb7f5f23d76dbe5c19e8.
If these lookups are recursed to from (Chain)Context out-of-order,
it was possible that last_base > buffer->idx, in which case we
were attaching marks to a base after them... and an assertion
was failing fortunately.
Fixes https://oss-fuzz.com/testcase-detail/6377756666757120
|
|
|
e4fff64c
|
2023-01-24T00:52:26
|
|
[repacker] check duplicate() for success.
Fixes fuzzer testcase https://oss-fuzz.com/testcase-detail/5475787333828608.
|
|
|
b63159e8
|
2023-01-21T15:50:48
|
|
[PairPosFormat1] Fix stride
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55287
and generally the lookup with MediumTypes.
|
|
|
3c972867
|
2022-12-22T11:40:06
|
|
More s/hb_font_get_glyph_shape/hb_font_draw_glyph/
|
|
4622be7f
|
2022-12-22T12:05:11
|
|
test/fuzzing: Fix dist
We need to dist the repacker fuzzer test items into the tarball, along
with the items in graphs/ and sets/.
|
|
|
40342c94
|
2022-12-21T21:52:28
|
|
[subset] check for addition overflow in hdmx size calculation.
Fixes https://oss-fuzz.com/testcase-detail/4877336988483584.
|
|
|
b5acde43
|
2022-12-13T22:04:19
|
|
[subset] check pending/subsetted tag sets for alloc failure.
|
|
|
35233d25
|
2022-12-07T00:47:28
|
|
[repacker] fix fuzzer reported stack overflow.
Fixes https://oss-fuzz.com/testcase-detail/6014493291577344.
|
|
|
b17fbc20
|
2022-12-05T20:34:51
|
|
[repacker] use memcpy to avoid alignment issues.
|
|
|
f1d34893
|
2022-12-05T19:33:15
|
|
[repacker] bail on failure to alloc assigned_bytes set.
Fixes fuzzer issue https://oss-fuzz.com/testcase-detail/5390364397928448.
|
|
|
239a5aca
|
2022-12-05T19:15:36
|
|
[repacker] don't allow references to the null object in graph.
Fixes fuzzer issue https://oss-fuzz.com/testcase-detail/6714085985353728
|
|
|
16f61a1c
|
2022-12-01T23:57:30
|
|
[repacker] only build repacker fuzzer when experimental api is enabled.
|
|
|
de5a6213
|
2022-12-01T23:37:16
|
|
[repacker] enforce root node having no incoming edges.
|
|
|
30e405e4
|
2022-12-01T22:12:59
|
|
[repacker] ensure link obj indices are valid.
|
|
|
554ed06f
|
2022-12-01T21:51:17
|
|
[repacker] add cycle detection to the graph sort.
This allows us to bail early if the graph is not acyclic.
|
|
|
9e99d084
|
2022-09-08T23:19:02
|
|
[repacker] validate link widths during repacker setup.
|
|
|
edf7a295
|
2022-09-08T22:59:34
|
|
[repacker] Validate link positions before running the repacker.
|
|
|
88d43752
|
2022-09-08T21:19:25
|
|
[repacker] add test for repacker fuzzer.
|
|
|
6627a1ab
|
2022-09-08T21:11:39
|
|
[repacker] Add a initial seed for the fuzzer repacker.
|
|
|
deca30b2
|
2022-09-08T21:10:06
|
|
[repacker] get repacker fuzzer working.
Additionally add helper method that allows a graph to be saved as a fuzzer seed.
|
|
|
261a605f
|
2022-09-07T22:43:06
|
|
[repacker] verify graph is a dag before using the fuzzer input.
|
|
|
985b19f6
|
2022-09-07T22:21:16
|
|
[repacker] begin implementing a fuzzer for the repacker api.
|
|
|
dd1ba328
|
2022-11-21T23:20:59
|
|
[repacker] fix fuzzer timeout.
For https://oss-fuzz.com/testcase-detail/5845846876356608. Only process the set of unique overflows.
|
|
|
e854739b
|
2022-10-26T13:12:56
|
|
[fuzzing] Add test font for previous commit
|
|
7fde6ab0
|
2022-08-05T13:33:22
|
|
fuzzer fix: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49790
|
|
afe6629b
|
2022-08-03T19:56:29
|
|
Fix make dist
|
|
|
e68e874d
|
2022-08-03T11:31:04
|
|
Update test/fuzzing/README
|
|
|
bdbb8c29
|
2022-07-29T12:04:28
|
|
Add test for previous commit
|
|
|
e2cc34e1
|
2022-07-26T12:31:15
|
|
[subset/GPOS] Fix a fuzzer timeout test
Fixes https://oss-fuzz.com/testcase-detail/5234369031176192
|
|
|
4cb83967
|
2022-07-23T10:59:42
|
|
[subset/ClassDefFormat2] Fix timeout
Fixes https://oss-fuzz.com/testcase-detail/5417800474165248
|
|
|
32c85b8c
|
2022-07-23T10:50:26
|
|
[avar2] Fix mapping when coords length don't match
Ouch.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49407
|
|
|
9eab3ac7
|
2022-07-21T12:35:19
|
|
[CoverageFormat2] Remove hand-written loop
While on a fuzzer-found test case (added) that loop was faster,
on real fonts, including NotoNastaliq in our benchmark, it was
actually slower, which intuitively I would have expected.
Still no idea why on that fuzzer case it's faster though. :(
|
|
|
3c84aa84
|
2022-07-18T13:57:59
|
|
[cff] Add a max work counter
Set to 10,000 per interpretation right now.
Fixes https://github.com/harfbuzz/harfbuzz/issues/3700
Fixes https://oss-fuzz.com/testcase-detail/5667125715927040
|
|
|
b8c7c0a0
|
2022-07-01T12:11:15
|
|
[fuzzer] In 50% of runs don't fail the allocator
|
|
|
311413f1
|
2022-06-11T01:05:57
|
|
[subset] Fix fuzzer issue.
Fixes https://oss-fuzz.com/testcase-detail/5693568490012672. new_index should be set from new_index2 when the entry is present in the map.
|
|
|
62e803b3
|
2022-06-01T07:38:21
|
|
[sbix] Limit glyph extents
Fixes https://github.com/harfbuzz/harfbuzz/issues/3557
|
|
|
5a058ba1
|
2022-05-31T05:35:17
|
|
[shape-fuzzer] Add commented out more buffer-verify option
Those currently fail and I've been unable to debug them.
I tried two, passing them to hb-shape doesn't reproduce the failure. :(
|
|
|
189f6534
|
2022-02-13T13:22:08
|
|
[fuzz-shape] Verify shape output
Let the fuzzers loose on shape verify.
|
|
|
8f9f0c49
|
2022-05-10T17:47:08
|
|
[subset] Enforce cmap12 group ordering constraints in collect_mapping.
Fixes fuzzer issue: https://oss-fuzz.com/testcase-detail/6365271012540416
|
|
|
b051f3fa
|
2022-05-05T23:27:34
|
|
[subset] Fix cpal subsetting when there are partial palette overlaps.
The existing code doesn't correctly handle the case where palettes partially overlap in the color record array. This changes the subsetting to only share entries in the color record array when palettes have the same first color index. Partially overlapping palettes will be converted to disjoint segments in the color record array.
Updates one of the color tests to use multiple palettes.
Also fixes fuzzer: https://oss-fuzz.com/testcase-detail/5568200165687296.
|
|
|
ca8a0f3e
|
2022-05-06T11:54:38
|
|
[gvar] Protect against out-of-range access
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47281
Fixes https://oss-fuzz.com/testcase-detail/5508865908670464
|
|
|
a665e29e
|
2022-03-23T17:30:25
|
|
[use] Avoid O(n^2) in the machine
Fixes https://github.com/harfbuzz/harfbuzz/issues/3502
|
|
|
03085132
|
2022-03-21T18:06:33
|
|
[buffer] Fix out-buffer under memory-alloc failure
This was broken in July refactoring of the buffer, and exposed to
ReverseChainSingleSubstFormat1 in 3807061d634b60bd6235d6e1d8c47a034377f924
Fixes:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38800
https://bugs.chromium.org/p/chromium/issues/detail?id=1303552
|
|
|
151f2058
|
2022-02-10T16:27:18
|
|
[draw] Emit move_to immediately, like other operators
|
|
|
f1a9a9cc
|
2022-02-03T14:10:40
|
|
[draw-state] Pass state down to callbacks
|
|
|
1740916e
|
2022-02-03T12:50:47
|
|
[draw] Remove check for no-op
This is unnecessary overhead. Up to rasterizers to handle this. Plus,
this throws off point-numbers in uses that rely on it.
Disabled one test that broke with this.
|
|
|
8b4f4290
|
2022-02-03T01:14:47
|
|
[draw] Virtualize hb_font_draw_glyph() into hb_font_get_glyph_shape()
To be implemented in hb-ft.
|
|
|
2bed4f46
|
2022-02-02T21:42:48
|
|
[draw] Fix draw signatures
|
|
|
08e10966
|
2022-02-02T19:01:42
|
|
[draw-fuzzer] Fix signatures
|
|
|
e0ac6c58
|
2022-02-02T18:57:12
|
|
Remove remaining traces of HB_EXPERIMENTAL_API
|
|
|
b263371b
|
2022-02-12T15:06:47
|
|
Merge pull request #3398 from harfbuzz/buffer-verify
Add HB_BUFFER_FLAG_VERIFY
|
|
|
af407dd2
|
2022-02-12T13:53:16
|
|
Add a fuzzer font
|
|
|
4e2f409b
|
2022-01-31T12:20:32
|
|
[subset] Don't hold references to members of the active_glyph_stack.
These references may get invalidated after the vector for the stack is resized. Fixes: https://oss-fuzz.com/testcase-detail/5422577634377728
|
|
|
61856359
|
2022-01-28T14:07:29
|
|
[fuzz] Disable verification for now.
|
|
|
6596e42d
|
2022-01-28T13:55:24
|
|
[fuzz] Verify shape results
|
|
e2e30506
|
2022-01-16T07:00:53
|
|
Fix various typos
Found via `codespell -q 3 -S ./perf/texts -L actualy,ba,beng,fo,gir,inout,nd,ot,pres,ro,te,teh,timne`
|
|
|
87496bf6
|
2022-01-13T11:03:45
|
|
[subset] fix fuzzer timeout if visisted_paint goes into error.
|
|
|
067f90a8
|
2021-12-14T16:24:38
|
|
[subset] Fix for fuzzer timeout.
Fixes https://oss-fuzz.com/testcase-detail/5549945449480192
In prune_langsys: move LangSys visited check up before any work is done for a LangSys. In this particular case the compare() method is responsible for the majority of the time spent and wasn't being guarded with a visisted check.
|
|
|
c4573c2e
|
2021-12-14T14:49:15
|
|
[repacker] don't infinite loop if visited or roots is in error.
Fixes https://oss-fuzz.com/testcase-detail/5205038086094848
|
|
|
69d8f27c
|
2021-11-20T17:09:15
|
|
[meson] Require 0.55.0
We implicitly require it for building ragel subproject. This new version
requirement should satisfied in both Fedora 33 and Debian bullseye, and
not be too cutting edge for us.
|
|
|
ace98cc6
|
2021-11-08T15:47:56
|
|
[subset] Only sanitize recursion depth in COLR.
|
|
|
f51b48c8
|
2021-11-02T16:16:52
|
|
[subset] Fix fuzzer found memory leak.
Happens because an insert into a map with an invalid key reports successful, but this causes the set being inserted to be lost.
|
|
|
0a7563a5
|
2021-11-01T14:56:14
|
|
[subset] fuzzer fix: https://oss-fuzz.com/testcase?key=6254792024915968
Make sure input is valid, each gid has a corresponding offset value in
the map
|
|
|
85deddb1
|
2021-10-27T14:36:02
|
|
[subset] fuzzer fix: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40406
|
|
|
794b00db
|
2021-09-27T17:21:16
|
|
[subset] fuzzer fix: https://oss-fuzz.com/testcase-detail/6616166961905664
|
|
|
74f96d9d
|
2021-09-17T13:46:07
|
|
[repacker] fix heap use after free in repacker.
Don't store a reference to the link in overflow records as the link object may be freed if the sorted graph vector is resized.
|
|
|
fb07f8f8
|
2021-08-23T15:33:57
|
|
During subset input creation check for set alloc failures and fail if encountered.
|
|
|
dc31920b
|
2021-08-18T14:20:14
|
|
Don't serialize null offsets in CPAL.
Fixes https://oss-fuzz.com/testcase-detail/5443213648330752
|
|
|
c0f3af91
|
2021-08-11T16:20:05
|
|
[subset] speed up add_gid_and_children and adjust op limit.
Fix for fuzzer timeout: https://oss-fuzz.com/testcase-detail/5001604901240832.
- Operation limit is per glyph, so 100,000 should still be far more than needed.
- Switches from for(...) to while(...) loop for iteration. for(...) calls it.end() which in this case triggers a complete iteration.
- Cache CompositeGlyph size in the iterator to avoid needing to recalculate it.
|
|
|
c08f1b89
|
2021-08-10T12:29:32
|
|
[map] fix incorrect population count in hash map.
If the same key was set twice the population was being incorrectly incremented.
|