kc3-lang/harfbuzz/test/fuzzing

---

test/fuzzing

---

Log

Author	Commit	Date	CI	Message
	3c972867	2022-12-22T11:40:06		More s/hb_font_get_glyph_shape/hb_font_draw_glyph/
	4622be7f	2022-12-22T12:05:11		test/fuzzing: Fix dist We need to dist the repacker fuzzer test items into the tarball, along with the items in graphs/ and sets/.
	40342c94	2022-12-21T21:52:28		[subset] check for addition overflow in hdmx size calculation. Fixes https://oss-fuzz.com/testcase-detail/4877336988483584.
	b5acde43	2022-12-13T22:04:19		[subset] check pending/subsetted tag sets for alloc failure.
	35233d25	2022-12-07T00:47:28		[repacker] fix fuzzer reported stack overflow. Fixes https://oss-fuzz.com/testcase-detail/6014493291577344.
	b17fbc20	2022-12-05T20:34:51		[repacker] use memcpy to avoid alignment issues.
	f1d34893	2022-12-05T19:33:15		[repacker] bail on failure to alloc assigned_bytes set. Fixes fuzzer issue https://oss-fuzz.com/testcase-detail/5390364397928448.
	239a5aca	2022-12-05T19:15:36		[repacker] don't allow references to the null object in graph. Fixes fuzzer issue https://oss-fuzz.com/testcase-detail/6714085985353728
	16f61a1c	2022-12-01T23:57:30		[repacker] only build repacker fuzzer when experimental api is enabled.
	de5a6213	2022-12-01T23:37:16		[repacker] enforce root node having no incoming edges.
	30e405e4	2022-12-01T22:12:59		[repacker] ensure link obj indices are valid.
	554ed06f	2022-12-01T21:51:17		[repacker] add cycle detection to the graph sort. This allows us to bail early if the graph is not acyclic.
	9e99d084	2022-09-08T23:19:02		[repacker] validate link widths during repacker setup.
	edf7a295	2022-09-08T22:59:34		[repacker] Validate link positions before running the repacker.
	88d43752	2022-09-08T21:19:25		[repacker] add test for repacker fuzzer.
	6627a1ab	2022-09-08T21:11:39		[repacker] Add a initial seed for the fuzzer repacker.
	deca30b2	2022-09-08T21:10:06		[repacker] get repacker fuzzer working. Additionally add helper method that allows a graph to be saved as a fuzzer seed.
	261a605f	2022-09-07T22:43:06		[repacker] verify graph is a dag before using the fuzzer input.
	985b19f6	2022-09-07T22:21:16		[repacker] begin implementing a fuzzer for the repacker api.
	dd1ba328	2022-11-21T23:20:59		[repacker] fix fuzzer timeout. For https://oss-fuzz.com/testcase-detail/5845846876356608. Only process the set of unique overflows.
	e854739b	2022-10-26T13:12:56		[fuzzing] Add test font for previous commit
	7fde6ab0	2022-08-05T13:33:22		fuzzer fix: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49790
	afe6629b	2022-08-03T19:56:29		Fix make dist
	e68e874d	2022-08-03T11:31:04		Update test/fuzzing/README
	bdbb8c29	2022-07-29T12:04:28		Add test for previous commit
	e2cc34e1	2022-07-26T12:31:15		[subset/GPOS] Fix a fuzzer timeout test Fixes https://oss-fuzz.com/testcase-detail/5234369031176192
	4cb83967	2022-07-23T10:59:42		[subset/ClassDefFormat2] Fix timeout Fixes https://oss-fuzz.com/testcase-detail/5417800474165248
	32c85b8c	2022-07-23T10:50:26		[avar2] Fix mapping when coords length don't match Ouch. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49407
	9eab3ac7	2022-07-21T12:35:19		[CoverageFormat2] Remove hand-written loop While on a fuzzer-found test case (added) that loop was faster, on real fonts, including NotoNastaliq in our benchmark, it was actually slower, which intuitively I would have expected. Still no idea why on that fuzzer case it's faster though. :(
	3c84aa84	2022-07-18T13:57:59		[cff] Add a max work counter Set to 10,000 per interpretation right now. Fixes https://github.com/harfbuzz/harfbuzz/issues/3700 Fixes https://oss-fuzz.com/testcase-detail/5667125715927040
	b8c7c0a0	2022-07-01T12:11:15		[fuzzer] In 50% of runs don't fail the allocator
	311413f1	2022-06-11T01:05:57		[subset] Fix fuzzer issue. Fixes https://oss-fuzz.com/testcase-detail/5693568490012672. new_index should be set from new_index2 when the entry is present in the map.
	62e803b3	2022-06-01T07:38:21		[sbix] Limit glyph extents Fixes https://github.com/harfbuzz/harfbuzz/issues/3557
	5a058ba1	2022-05-31T05:35:17		[shape-fuzzer] Add commented out more buffer-verify option Those currently fail and I've been unable to debug them. I tried two, passing them to hb-shape doesn't reproduce the failure. :(
	189f6534	2022-02-13T13:22:08		[fuzz-shape] Verify shape output Let the fuzzers loose on shape verify.
	8f9f0c49	2022-05-10T17:47:08		[subset] Enforce cmap12 group ordering constraints in collect_mapping. Fixes fuzzer issue: https://oss-fuzz.com/testcase-detail/6365271012540416
	b051f3fa	2022-05-05T23:27:34		[subset] Fix cpal subsetting when there are partial palette overlaps. The existing code doesn't correctly handle the case where palettes partially overlap in the color record array. This changes the subsetting to only share entries in the color record array when palettes have the same first color index. Partially overlapping palettes will be converted to disjoint segments in the color record array. Updates one of the color tests to use multiple palettes. Also fixes fuzzer: https://oss-fuzz.com/testcase-detail/5568200165687296.
	ca8a0f3e	2022-05-06T11:54:38		[gvar] Protect against out-of-range access Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47281 Fixes https://oss-fuzz.com/testcase-detail/5508865908670464
	a665e29e	2022-03-23T17:30:25		[use] Avoid O(n^2) in the machine Fixes https://github.com/harfbuzz/harfbuzz/issues/3502
	03085132	2022-03-21T18:06:33		[buffer] Fix out-buffer under memory-alloc failure This was broken in July refactoring of the buffer, and exposed to ReverseChainSingleSubstFormat1 in 3807061d634b60bd6235d6e1d8c47a034377f924 Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38800 https://bugs.chromium.org/p/chromium/issues/detail?id=1303552
	151f2058	2022-02-10T16:27:18		[draw] Emit move_to immediately, like other operators
	f1a9a9cc	2022-02-03T14:10:40		[draw-state] Pass state down to callbacks
	1740916e	2022-02-03T12:50:47		[draw] Remove check for no-op This is unnecessary overhead. Up to rasterizers to handle this. Plus, this throws off point-numbers in uses that rely on it. Disabled one test that broke with this.
	8b4f4290	2022-02-03T01:14:47		[draw] Virtualize hb_font_draw_glyph() into hb_font_get_glyph_shape() To be implemented in hb-ft.
	2bed4f46	2022-02-02T21:42:48		[draw] Fix draw signatures
	08e10966	2022-02-02T19:01:42		[draw-fuzzer] Fix signatures
	e0ac6c58	2022-02-02T18:57:12		Remove remaining traces of HB_EXPERIMENTAL_API
	b263371b	2022-02-12T15:06:47		Merge pull request #3398 from harfbuzz/buffer-verify Add HB_BUFFER_FLAG_VERIFY
	af407dd2	2022-02-12T13:53:16		Add a fuzzer font
	4e2f409b	2022-01-31T12:20:32		[subset] Don't hold references to members of the active_glyph_stack. These references may get invalidated after the vector for the stack is resized. Fixes: https://oss-fuzz.com/testcase-detail/5422577634377728
	61856359	2022-01-28T14:07:29		[fuzz] Disable verification for now.
	6596e42d	2022-01-28T13:55:24		[fuzz] Verify shape results
	e2e30506	2022-01-16T07:00:53		Fix various typos Found via `codespell -q 3 -S ./perf/texts -L actualy,ba,beng,fo,gir,inout,nd,ot,pres,ro,te,teh,timne`
	87496bf6	2022-01-13T11:03:45		[subset] fix fuzzer timeout if visisted_paint goes into error.
	067f90a8	2021-12-14T16:24:38		[subset] Fix for fuzzer timeout. Fixes https://oss-fuzz.com/testcase-detail/5549945449480192 In prune_langsys: move LangSys visited check up before any work is done for a LangSys. In this particular case the compare() method is responsible for the majority of the time spent and wasn't being guarded with a visisted check.
	c4573c2e	2021-12-14T14:49:15		[repacker] don't infinite loop if visited or roots is in error. Fixes https://oss-fuzz.com/testcase-detail/5205038086094848
	69d8f27c	2021-11-20T17:09:15		[meson] Require 0.55.0 We implicitly require it for building ragel subproject. This new version requirement should satisfied in both Fedora 33 and Debian bullseye, and not be too cutting edge for us.
	ace98cc6	2021-11-08T15:47:56		[subset] Only sanitize recursion depth in COLR.
	f51b48c8	2021-11-02T16:16:52		[subset] Fix fuzzer found memory leak. Happens because an insert into a map with an invalid key reports successful, but this causes the set being inserted to be lost.
	0a7563a5	2021-11-01T14:56:14		[subset] fuzzer fix: https://oss-fuzz.com/testcase?key=6254792024915968 Make sure input is valid, each gid has a corresponding offset value in the map
	85deddb1	2021-10-27T14:36:02		[subset] fuzzer fix: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40406
	794b00db	2021-09-27T17:21:16		[subset] fuzzer fix: https://oss-fuzz.com/testcase-detail/6616166961905664
	74f96d9d	2021-09-17T13:46:07		[repacker] fix heap use after free in repacker. Don't store a reference to the link in overflow records as the link object may be freed if the sorted graph vector is resized.
	fb07f8f8	2021-08-23T15:33:57		During subset input creation check for set alloc failures and fail if encountered.
	dc31920b	2021-08-18T14:20:14		Don't serialize null offsets in CPAL. Fixes https://oss-fuzz.com/testcase-detail/5443213648330752
	c0f3af91	2021-08-11T16:20:05		[subset] speed up add_gid_and_children and adjust op limit. Fix for fuzzer timeout: https://oss-fuzz.com/testcase-detail/5001604901240832. - Operation limit is per glyph, so 100,000 should still be far more than needed. - Switches from for(...) to while(...) loop for iteration. for(...) calls it.end() which in this case triggers a complete iteration. - Cache CompositeGlyph size in the iterator to avoid needing to recalculate it.
	c08f1b89	2021-08-10T12:29:32		[map] fix incorrect population count in hash map. If the same key was set twice the population was being incorrectly incremented.
	8c0c217b	2021-08-06T10:45:38		[subset] fail reference blob in face builder if allocation for table sorting fails. Fixes https://oss-fuzz.com/testcase-detail/5041767803125760
	5086e105	2021-07-29T17:03:55		[test] Add failing fuzzer test case From https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36236 https://oss-fuzz.com/testcase-detail/5061207689134080
	f9d8e4a9	2021-07-29T15:25:41		[subset] switch ..._set_flags to not take a mask.
	3d534b14	2021-07-29T11:52:14		[subset] convert subset input flags into bit flags. Store the flags in a bit set. Updates the public api to work with the bit set directly.
	0ded6a70	2021-07-28T11:28:38		[subset] Fix another fuzzer issue Addition could overflow on 32bit arch. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36636 Fixes https://oss-fuzz.com/testcase-detail/5072358514753536
	09474d8d	2021-06-29T16:07:14		[subset] Fix fuzzer timeout in add_gid_and_children. The composite glyph graph isn't check for max operations by sanitize so track an operations count during the graph traversal.
	c68a00b9	2021-07-27T13:25:22		[subset] Fix possible overflows in VarRegionList serialize Fixes https://oss-fuzz.com/testcase-detail/5362189182566400
	9ab751ac	2021-06-23T13:38:47		[subset] Remove hb_subset(). Leaving just hb_subset_or_fail().
	942636ae	2021-06-09T16:18:39		[subset] Remove hb_subset_input_get/set_retain_gids.
	8bf5d4d4	2021-06-09T14:05:17		[subset] Remove hb_subset_input_get/set_drop_hints.
	7416face	2021-07-07T11:27:49		[subset] fuzzer fix: https://oss-fuzz.com/testcase-detail/5715464591376384
	bc06af97	2021-06-16T15:49:14		[subset] speed up feature collection when tags are specified. Precompute a feature index filter to avoid needing to iterate the feature tag list for each encountered feature index. For this particular fuzzer case speeds up feature collection from 50s to 2s.
	675ebbeb	2021-06-16T10:40:46		[subset] don't alloc zero bytes. It will be leaked later since hb_blob_create() won't set up the blob to cleanup since it has length zero.
	bdfed8f1	2021-06-14T15:46:04		[blob] Add failing versions of create API Fixes https://github.com/harfbuzz/harfbuzz/issues/2567 New API: +hb_blob_create_or_fail() +hb_blob_create_from_file_or_fail() Use these in util/ to distinguish empty file from not-found file. Only err on the latter.
	35d6af69	2021-06-04T10:04:27		[subset] fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5965777994907648
	1b6008ca	2021-06-02T15:07:18		fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5417934246772736
	7ab0f4ed	2021-05-27T11:40:34		fuzzer fix
	425ba1f4	2021-04-19T18:01:24		[subset] fixes infinite loop in hb_set_get_max(). Fixes https://oss-fuzz.com/testcase-detail/5363902507515904
	ec432106	2021-04-19T17:18:05		[subset] fix infinite loop caused by alloc failure in repacker. Fixes: https://oss-fuzz.com/testcase-detail/5609112151916544.
	0e845d97	2021-04-19T16:09:37		[subset] fix memory leak in repacker caused by failed alloc. Fixes: https://oss-fuzz.com/testcase-detail/5616763250278400.
	3fb62cdc	2021-04-05T15:48:34		[subset] fail on offset overflow in tables that we don't repack. Fixes: https://oss-fuzz.com/testcase-detail/5229304507138048
	9dc9f038	2021-04-08T11:00:17		[subset] fix for fuzzer testcase: https://oss-fuzz.com/testcase-detail/5858518134554624
	4af5dace	2021-04-07T10:56:49		[subset] add fuzzer testcase
	64122b5a	2021-04-05T12:53:08		[subset] don't visit lookup if covered glyph set has failed. If covered glyph set is in error then the same lookup can be recursed into repeatedly potentially causing a fuzzer timeout. Fixes: https://oss-fuzz.com/testcase-detail/5416421032067072.
	71d6d156	2021-04-05T12:03:17		[subset] clamp distance to prevent shifting outside of the limits of int64. Fixes https://oss-fuzz.com/testcase-detail/4961171477233664.
	c5c13006	2021-03-31T11:23:46		[subset] fix memory leaks found in https://oss-fuzz.com/testcase-detail/5179935334465536
	adca4ce0	2021-03-30T13:20:50		[subset] fixes https://oss-fuzz.com/testcase-detail/6173520787800064. Caused by incorrect bounds check in glyph closure for context lookups.
	752e393a	2021-03-29T17:23:33		[subset] avoid calling clear on null pool set.
	8741914a	2021-03-29T16:39:44		[subset] fix memory leak when map insert fails.
	5b6da6d2	2021-03-29T16:19:17		[subset] add fuzzer test case.
	a804a0c9	2021-03-29T14:25:20		[subset] add fuzzer test case.
	f2d08578	2021-03-16T00:19:40		[tests] Increase shape-fuzzer timeout
	5ca353a2	2021-02-12T15:16:59		[subset] fix heap buffer overflow found by fuzzer.