|
875985cd
|
2019-08-29T14:51:22
|
|
[subset] Don't allow malicious fonts to insert unlimited table headers
Fixes https://crbug.com/oss-fuzz/16810
|
|
|
269a120f
|
2019-08-25T20:37:00
|
|
[subset] Raise the bar in new vs old table size
https://crbug.com/oss-fuzz/16740
This is actually an interesting thing that {h,v}mtx allocates as
much as a font pretends to have glyphs but the solution is not
that obvious as regular fonts can have less than actually containing
metrics in their {h,v}mtx. This change raises the bar to consider this
hmtx 4 byte for every glyph case.
Initially we wanted to just find things allocating crazy amount of
memory but having the assert has led to interesting findings also
so let's don't remove the assert and see what we can find elsewhere.
|
|
|
28aba780
|
2019-08-23T16:47:15
|
|
[subset] Fix blob leak of _subset2 when returns early
Fixes https://crbug.com/oss-fuzz/16639
|
|
|
b31d627f
|
2019-08-11T23:34:48
|
|
Increase subset fuzzer timeout to 16s
To satisfy -valgrind and -tsan bots, very ugly
|
|
|
e21bdf50
|
2019-07-28T22:59:09
|
|
Increase subset fuzzer timeout to 8s
Probably we should just remove timeout when running tsan and vaglrind here, the flaky bots
|
|
|
bdfdac0f
|
2019-07-19T10:33:00
|
|
[ci][fuzzer] print valgrind failure if an error happened
|
|
|
f8242b61
|
2019-07-11T15:10:36
|
|
[fuzz] Increase subset runner timeout for tsan bot
Now is flaky let's just increase and maybe investigate later
|
|
|
b65bad18
|
2019-07-11T14:31:55
|
|
[fuzz] Don't fail when blob is empty
And enable more tests able to trig the issue.
|
|
|
c85f624b
|
2019-07-10T14:28:06
|
|
Force blob generation and memory check in hb-subset-fuzzer
|
|
8341c0b3
|
2019-06-27T08:43:31
|
|
add test case file
|
|
90872a29
|
2019-06-11T12:28:30
|
|
change assert(false) to failure
|
|
|
65e66a2d
|
2019-06-03T16:31:41
|
|
added test data
|
|
5846884f
|
2019-06-03T15:00:25
|
|
test: Use nullptr in C++ code. (#1744)
|
|
e1a5ce6a
|
2019-05-24T10:58:52
|
|
Fix fuzzer crash testcase
Add a check for stringOffSet(uint16) overflow,
return early if overflow happens
|
|
0ff3618c
|
2019-05-17T15:30:01
|
|
[subset] Use hb_subset_input_t inside of subset_options_t so that input defaults are shared between the library and cli.
|
|
9ef241cd
|
2019-05-20T11:38:02
|
|
[test] Add one more
|
|
|
3efb7af7
|
2019-05-20T11:37:16
|
|
[STAT] Fix sanitize condition
Oops!
Fixes https://oss-fuzz.com/testcase-detail/5696825891225600
|
|
|
30c059a9
|
2019-05-11T18:48:41
|
|
[test] minor, fix -Weverything bot
|
|
|
25531a30
|
2019-05-11T19:50:42
|
|
[test] minor
style fix and add return statement
|
|
|
25a5b287
|
2019-05-10T16:01:39
|
|
Fix sanitize fail of extension sublookups
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=960331
|
|
|
df237d2f
|
2019-05-08T14:17:14
|
|
[test] Add https://crbug.com/oss-fuzz/14641 testcase
As 503748d fix
|
|
|
6d6edc8b
|
2019-04-28T11:54:07
|
|
[valgrind] Use libtool and support run-subset-fuzzer-tests (#1668)
|
|
|
62c6e170
|
2019-04-28T10:55:07
|
|
[test] Add crbug.com/oss-fuzz/14474 testcase
Fixed at 6977a95f
|
|
|
ba038606
|
2019-04-18T14:53:35
|
|
fix oss-fuzz issue 14345
|
|
|
b7384c89
|
2019-04-15T16:53:10
|
|
[fuzzing] Run valgrind with --leak-check=full
|
|
|
3ff66c00
|
2019-04-15T16:52:21
|
|
[fuzzing] Fail if valgrind is requested but not found
|
|
ec2a5dc8
|
2019-03-26T16:18:03
|
|
Use class templates for Null objects
This allows partial-instantiating custom Null object for template Lookup<T>.
Before, this had to be handcoded per instantiation. Apparently I missed
adding one for AAT::ankr.lookupTable, so it was getting the wrong (generic)
null for Lookup object, which is wrong and unsafe.
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=944346
|
|
|
bcb4e505
|
2019-03-15T13:46:25
|
|
cff2 subset fuzzer issues (#1619)
* add check to FDArray::serialize
* add test files
* fix off by one
|
|
|
dc04261a
|
2019-01-30T15:23:19
|
|
[subset] Update the subset fuzzer to determine which options to use based on data in the fuzzing test case.
Add support for toggling retain_gids.
|
|
|
6879efc2
|
2019-01-17T14:06:37
|
|
[AAT] Fix anchor bound checking, again
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12532
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=922303
|
|
|
91d77471
|
2019-01-14T15:31:31
|
|
[test] Add test for previous commit
|
|
|
7a6686a5
|
2019-01-14T15:09:14
|
|
[AAT] Fix mort ContextualSubtable offset access
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12312
|
|
|
a3fa7d33
|
2019-01-14T14:37:36
|
|
[AAT] Fix ankr table access
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=918340
|
|
|
798e98c4
|
2018-12-12T18:08:15
|
|
[CFF] bad offset in Index (#1476)
* Update hb-ot-cff-common.hh
* fix bug
* bummer fix wasn't hit. refix
* additional sanity check
* Added test cases for oss-fuzz issues 11805, 11806
|
|
|
bcb4ecaf
|
2018-12-12T17:36:01
|
|
[CFF] check out of range FD index (#1477)
* add fd index checks to subr subsetter
also added oss-fuzz test case
* undid SubrSubsetParam::is_valid
because already validated by SubrClosures.valid
|
|
|
2941208f
|
2018-12-11T12:21:24
|
|
[CFF] oss-fuzz issue 11690 ASSERT: substr.offset >= opStart (#1461)
* fix oss-fuzz 11690: substr.offset >= opStart
detect recursive subroutine call & handle as error
* fix build failure
* add minimized test case for oss-fuzz 11690
* removed asserts
|
|
|
ae087d10
|
2018-12-05T21:47:34
|
|
add minimized test case for oss-fuzz issue 11714
|
|
|
f95324a3
|
2018-12-06T08:33:44
|
|
Merge pull request #1457 from harfbuzz/cff-varstore-sanitize
[CFF] oss-fuzz issue 11713 (CFF2VariationStore::serialize)
|
|
|
9d8f3b0d
|
2018-12-05T17:14:51
|
|
add minimized test case for oss-fuzz issue 11713
|
|
|
34e3ef8f
|
2018-12-05T15:50:05
|
|
Merge branch 'master' into cff-subr-sanitize
|
|
|
72d8f763
|
2018-12-05T15:49:11
|
|
add minimized test case for oss-fuzz issue 11691
|
|
|
d9dabc00
|
2018-12-05T15:39:34
|
|
Merge pull request #1454 from harfbuzz/cff-fixbcd
[CFF] fix oss-fuzz issue 11674: parse_bcd
|
|
|
6708c559
|
2018-12-05T12:51:18
|
|
fix oss-fuzz issue 11675 (ASSERT: count <= str.len)
Also added an additional error check to avail ()
|
|
|
010e2ddb
|
2018-12-05T12:23:58
|
|
minimized test case for oss-fuzz issue 11674
|
|
|
79e7e344
|
2018-12-05T13:25:18
|
|
Merge pull request #1449 from harfbuzz/cff-fixcharset
[CFF] fix for oss-fuzz 11657: Charset overrun
|
|
|
cf4b7db6
|
2018-12-05T13:23:23
|
|
Merge pull request #1448 from harfbuzz/cff-leak
[CFF] fix leak: oss-fuzz 11662
|
|
|
32cc46c7
|
2018-12-04T21:32:34
|
|
[CFF] fix oss-fuzz issue 11670: NULL dereference (#1450)
* guard against no subr access
* code tweak
* add minimized testcase for oss-fuzz 11670 (Null deference)
|
|
|
78f639b8
|
2018-12-04T14:17:03
|
|
added minimized testcase for oss-fuzz issue 11657
|
|
|
b61f74f6
|
2018-12-04T10:30:35
|
|
added minimized test case for oss-fuzz issue 11662
|
|
|
9424e805
|
2018-12-03T16:18:10
|
|
added minimized test cases
|
|
|
84efe043
|
2018-12-02T12:38:53
|
|
[aat] Fix division sign fallout
Happened after 11d2f49af8f53340134c844173f4d8655b00dea3
since now nClasses is unsigned int...
|
|
|
1204a247
|
2018-11-24T09:49:21
|
|
[fuzzing] Add tests for previous commit
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11526
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11522
|
|
|
2c8188bf
|
2018-11-22T22:02:19
|
|
[kerx] Make sure subtables are non-zero-length
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11400
|
|
|
8982830d
|
2018-11-19T13:00:24
|
|
[subset] add fuzzer testcase.
|
|
|
5212cd8a
|
2018-11-12T14:25:18
|
|
[fuzzing] Add new test
|
|
|
d6666b38
|
2018-11-12T13:21:14
|
|
[fuzzing] Remove limited-edition build of libraries
Use normal, production, shared libraries.
Fixes https://github.com/harfbuzz/harfbuzz/issues/1237
|
|
|
a549aa14
|
2018-11-12T13:01:22
|
|
[kerx] Protect against stack underflow
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11367
|
|
|
752bd8a1
|
2018-11-10T21:13:13
|
|
[kerx] Fix Format1 tupleKern sanitization
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11312
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11305
|
|
|
f9e0552d
|
2018-11-10T21:01:49
|
|
[fuzzing] Make "make lib" faster and more usable
|
|
|
3a9fa8c0
|
2018-11-10T01:56:37
|
|
[qsort] Fix O(N^2) behavior if all array elements are the same
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11327
Reported as https://github.com/noporpoise/sort_r/issues/7
|
|
|
0bf76154
|
2018-11-07T19:11:43
|
|
[fuzzing] Take whatever text we can
|
|
|
8790b274
|
2018-11-06T10:24:54
|
|
[fuzzing] Fix test
|
|
|
3af0a7ed
|
2018-11-06T10:20:57
|
|
[fuzzing] Add make check-valgrind
|
|
|
6482fda5
|
2018-11-05T15:03:18
|
|
[fuzzing] Fuzz glyph-id etc in test-ot-face
|
|
|
bce437cf
|
2018-11-04T02:47:34
|
|
[test] Call test-ot-face.c test from hb-shape-fuzzer
Should increase coverage...
|
|
|
c560ca92
|
2018-11-03T13:03:36
|
|
[fuzz] A new testcase
|
|
|
69297bb2
|
2018-10-30T19:06:21
|
|
[fuzzing] Call hb-ot-color API
|
|
0af3d176
|
2018-10-30T17:05:28
|
|
[sbix] Fix memory leak in early return
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11210
|
|
|
ad3ceded
|
2018-10-29T22:53:16
|
|
[fuzzing] Make test runners less verbose
|
|
|
12058e44
|
2018-10-26T16:23:50
|
|
[fuzzing] Add more test
|
|
|
0229eaea
|
2018-10-22T10:51:37
|
|
[fuzz] Add a found hb-subset testcase
|
|
|
9b346157
|
2018-10-21T11:37:38
|
|
[fuzz] Add more testcases
Fixed already but better to have anyway.
One didn't have minimized but it was only 164 B, so
|
|
|
217a3728
|
2018-10-20T20:39:56
|
|
[fuzzing] Add more font
|
|
|
d39acc5a
|
2018-10-20T12:20:30
|
|
[fuzzing] Add new testcases
|
|
|
964ae32a
|
2018-10-20T07:39:18
|
|
Run valgrind on run-shape-fuzzer only when RUN_VALGRIND is set (#1285)
|
|
|
b7cef8cb
|
2018-10-19T09:24:21
|
|
Enable valgrind and dedicate a bot to it
|
|
|
bccd09d6
|
2018-10-19T09:06:42
|
|
Minor, tweak spaces on hb-shape-fuzzer.cc
|
|
|
fbf665b3
|
2018-10-19T08:09:53
|
|
[fuzz] Add more found cases (#1275)
|
|
|
b9478e28
|
2018-10-17T21:52:14
|
|
Revert "[test] Remove not-fixed yet testcases (#1268)"
This reverts commit 191eef823fe95355425621f8e002dfe7fe632383.
|
|
|
191eef82
|
2018-10-18T08:04:18
|
|
[test] Remove not-fixed yet testcases (#1268)
I added them but now that I think, it is a bad idea to have them as
fuzzing bots will find good seeds to tweak in order to find easy new
testcases which causes duplicated issues.
|
|
|
392e1f4d
|
2018-10-18T07:42:20
|
|
[test/shape-fuzzer] fail on timeout and ubsan errors (#1267)
|
|
|
751c10e5
|
2018-10-18T06:36:48
|
|
[fuzz] Add more new testcases
|
|
|
fd282eb3
|
2018-10-18T06:33:39
|
|
[fuzz] Add a new testcase
|
|
|
3341c7fb
|
2018-10-17T15:04:35
|
|
[fuzzing] Move fuzzing fonts from api/ here
|
|
|
5842756b
|
2018-10-16T18:28:55
|
|
[fuzzing] Delete blink fuzzed data
These are text, not font.
|
|
|
ba426516
|
2018-10-16T17:35:46
|
|
Fix indent
|
|
|
c0c190c1
|
2018-10-16T16:39:29
|
|
[fuzzing] Run tests against fuzzing fonts
Some disable.
|
|
|
7b37705f
|
2018-10-16T16:33:06
|
|
[fuzzing] Rename
|
|
|
3676c685
|
2018-10-16T16:32:26
|
|
[fuzzing] Move rest of fuzzing tests here
|
|
|
49c041f7
|
2018-10-16T16:25:24
|
|
Minor
|
|
|
1147ce23
|
2018-10-16T16:18:32
|
|
[fuzzing] Add more tests
|
|
|
98d4ad02
|
2018-10-16T15:17:31
|
|
[fuzzing] One more
|
|
|
e6f267c3
|
2018-10-16T15:16:20
|
|
[fuzzing] Add more clusterfuzz tests I had lying around
|
|
|
e5320627
|
2018-10-17T01:42:04
|
|
Add all the fonts found by fuzzers to the repo (#1258)
|
|
|
211cd369
|
2018-10-11T17:31:29
|
|
Remove remains of get-codepoint-fuzzer
|
|
|
120ed027
|
2018-10-11T17:08:12
|
|
[fuzzing] Fold get-codepoints-fuzzer into subset-fuzzer
|
|
|
1d995a34
|
2018-10-11T15:42:54
|
|
Minor
|
|
|
4146c00c
|
2018-10-03T21:26:58
|
|
[test] Use an in-repo font for test-multithread (#1218)
As Khaled's suggestion, hard-coded font paths was only for my own testing.
|
|
|
6353cc1f
|
2018-10-02T21:39:19
|
|
[circleci] Fix some of warnings from clang-everything bot (#1211)
* -Wshift-sign-overflow
* -Wmissing-prototypes
|
|
|
f72b7483
|
2018-10-02T00:16:08
|
|
[circleci] Fix "msan" and "everything" bots (#1205)
|