kc3-lang/harfbuzz/test/fuzzing/fonts

---

test/fuzzing/fonts

Branch - branch -main

---

Log

Author	Commit	Date	CI	Message
	f159600c	2025-10-17T21:49:40		Fix a draw fuzzer uninitialized-memory issue (#5615) Fixes https://oss-fuzz.com/testcase-detail/5714890590584832
	a89c36e0	2025-09-02T13:05:11		[GPOS/kerx] Support attaching marks to bases after them (#5520) See comments. Fuzzer found. I'm surprised this was not discovered before though. I hope I have not missed anything. Fixes https://oss-fuzz.com/testcase-detail/6399443634290688
	04d60de6	2025-07-23T18:55:56		[CFF2] Fix fuzzer failure in CFF2. Fixes https://oss-fuzz.com/testcase-detail/5291661985120256
	0660a4d4	2024-05-13T19:28:57		[subset] fix fuzzer found heap use after free in BASE subsetting.
	ba1f194a	2024-05-02T12:18:11		[gsubgpos] Reduce stack use in recursion
	d07d70ae	2024-03-22T11:43:37		[varc] Add test
	1121d80b	2024-03-22T10:45:36		[varc] Add a conditional test font
	7c874354	2024-03-20T15:34:24		[varc] Implement conditionSets
	3ffd92f0	2024-03-17T12:38:30		[varc] Add a couple of seeds for the fuzzer
	c84acc8e	2024-04-08T23:46:14		[subset] Fix fuzzer found memory leak. Fixes https://oss-fuzz.com/testcase-detail/6159925345583104.
	ef1f5c4e	2024-01-08T22:17:55		[subset] Re-use common Coverage subsetting function in PairPosFormat2. Was using an identical but less efficient version. Fixes fuzzer test case: https://oss-fuzz.com/testcase-detail/6151390002806784
	333946b0	2023-09-28T19:02:37		[subset] Fix fuzzer timeout. Fixes https://oss-fuzz.com/testcase-detail/5458896606855168. Limit iteration over coverage in MarkLigPosFormat1 subsetting to the number of glyphs in the liga array.
	9ceb800a	2023-09-28T10:37:48		fuzzer fix https://oss-fuzz.com/testcase-detail/5842152921628672 Access TupleVariationData through blob, because we don't sanitize var_data
	fd3eb2c6	2023-08-24T08:59:18		fuzzer fix: https://oss-fuzz.com/testcase-detail/6032126569742336
	a1f034ea	2023-08-28T21:10:16		[repacker] fix fuzzer failure. Fixes: https://oss-fuzz.com/testcase-detail/6490945267564544
	ca906e87	2023-08-16T23:37:03		[repacker] fix fuzzer timeout. Corrects some mistakes in the handling of incoming_edges_ when memory allocation failures happen.
	94d4283b	2023-08-01T15:05:17		[graph] Handle a malloc fail Fixes https://oss-fuzz.com/testcase-detail/4579249263345664
	997986ab	2023-07-09T15:15:33		[subset/hvar] Error handling Fixes https://oss-fuzz.com/testcase-detail/5029952234586112
	f60dbd90	2023-07-08T16:21:24		Fix thinko Fixes https://oss-fuzz.com/testcase-detail/4787105656864768
	25297408	2023-07-03T10:34:26		[COLR] Fix PaintComposite sanitize timeout Was timing out after recent sanitize() change. Fixes https://oss-fuzz.com/testcase-detail/5692635449524224
	0cf759b0	2023-07-02T12:15:43		[Glyph] Don't shift anchored Composite if phantom_only Fixes https://oss-fuzz.com/testcase-detail/5114131137822720
	cc44b3bc	2023-06-29T16:12:10		[subset/cff1] Handle an error condition Fixes https://oss-fuzz.com/testcase-detail/5191907895279616
	62f5ed46	2023-06-28T12:02:52		[subset/cff] Fix an infinite loop Fixes https://oss-fuzz.com/testcase-detail/5419002026131456
	347b9448	2023-06-26T18:09:40		[null] Fix getting Crap(hb_bytes_t) Fixes https://oss-fuzz.com/testcase-detail/6187272924692480
	6c4f975d	2023-06-25T23:37:08		Add a fuzzer font
	db700b56	2023-06-12T23:38:26		[subset] fix fuzzer timeout. Fixes: https://oss-fuzz.com/testcase-detail/6681253479579648. Limits iteration of coverage table during MATH subset to valid glyphs.
	2e6919d5	2023-06-10T10:08:56		[subset/cff2] Error handling Fixes https://oss-fuzz.com/testcase-detail/4916785942757376
	d08aee5a	2023-06-08T13:20:28		Add fuzzing test
	ada1e9a9	2023-06-06T14:46:06		[graph/serialize] Handle empty blob Fixes https://oss-fuzz.com/testcase-detail/4877513265119232
	a92b288e	2023-06-06T14:32:25		[serializer] Handle snapshotting when current is nullptr Happens with memory failure / fuzzing. Fixes https://oss-fuzz.com/testcase-detail/6292420615340032
	c2eaedd2	2023-06-04T09:25:07		[fuzzing] Add a test font From https://oss-fuzz.com/testcase-detail/5855710991482880
	f3b4d35f	2023-05-29T22:38:40		[subset] Fix fuzzer crash. https://oss-fuzz.com/testcase-detail/6608005089853440
	a652281e	2023-05-26T19:47:50		[subset] Fix fuzzer timeout. Fixes https://oss-fuzz.com/testcase-detail/5979721620652032. Timeout was caused by degenerate map insert behaviour due to poor integer hash function. Presize the map to avoid it. Also fixes collect_mapping() for cmap format 13.
	db23be64	2023-05-02T00:06:08		[subset] clamp head *Min/*Max values to fit within 16 bit signed int. Fixes fuzzer https://oss-fuzz.com/testcase-detail/4549472192692224.
	2175f5d0	2023-04-24T21:13:18		[subset] Fix inefficient ItemVariationStore subsetting w/ retain_gids. ItemVariationStore is relying on the assumption that the inner_map is populated for all output glyphs, this is not true for subsetting operations with retain gids enabled. Fixes fuzzer timeout: https://oss-fuzz.com/testcase-detail/4575222591520768.
	647b0247	2023-04-17T22:47:47		[subset] Fix fuzzer issue https://oss-fuzz.com/testcase-detail/6521393809588224
	2cd81fdf	2023-03-30T22:11:43		[subset] fix memory leak. Fixes fuzzer issue https://oss-fuzz.com/testcase-detail/6169920089227264
	be872001	2023-03-24T17:30:53		[subset] fix buffer overflow fuzzer reported issue.
	79ae6b65	2023-03-24T17:14:55		[subset] Fix fuzzer found memory leaks.
	f0f7f225	2023-03-20T18:39:49		[subset] fix fuzzer found null deref. https://oss-fuzz.com/testcase-detail/5844352760152064
	3d05b961	2023-03-13T21:34:26		[subset] track which glyphs have allocated memory so we can clean up correctly. Fixes https://oss-fuzz.com/testcase-detail/5388270411579392
	7a87b177	2023-03-13T19:50:28		Check for failed subset input creation in the fuzzer.
	28b05e1c	2023-03-08T23:59:04		[subset] Fix memory leak in glyf subset. Fixes fuzzer issue: https://oss-fuzz.com/testcase-detail/6525813890875392.
	9286e125	2023-03-08T20:02:26		Don't subset a glyf table with an unknown format. Fixes fuzzer issue: https://oss-fuzz.com/testcase-detail/4875306193518592
	c0fac016	2023-02-22T20:54:20		[subset] update the subset fuzzer to be able to reach instancing code.
	918193eb	2023-02-22T23:11:29		[subset] fix a class of fuzzer timeouts caused by large shared coverage tables. More acurately estimates the op count for CoverageFormat2 tables as the population size instead of the size in bytes.
	64fa5cd4	2023-02-07T15:50:36		[GPOS] Fix assert fail introduced recently Was introduced in 8708b9e081192786c027bb7f5f23d76dbe5c19e8. If these lookups are recursed to from (Chain)Context out-of-order, it was possible that last_base > buffer->idx, in which case we were attaching marks to a base after them... and an assertion was failing fortunately. Fixes https://oss-fuzz.com/testcase-detail/6377756666757120
	b63159e8	2023-01-21T15:50:48		[PairPosFormat1] Fix stride Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55287 and generally the lookup with MediumTypes.
	40342c94	2022-12-21T21:52:28		[subset] check for addition overflow in hdmx size calculation. Fixes https://oss-fuzz.com/testcase-detail/4877336988483584.
	b5acde43	2022-12-13T22:04:19		[subset] check pending/subsetted tag sets for alloc failure.
	dd1ba328	2022-11-21T23:20:59		[repacker] fix fuzzer timeout. For https://oss-fuzz.com/testcase-detail/5845846876356608. Only process the set of unique overflows.
	e854739b	2022-10-26T13:12:56		[fuzzing] Add test font for previous commit
	7fde6ab0	2022-08-05T13:33:22		fuzzer fix: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49790
	bdbb8c29	2022-07-29T12:04:28		Add test for previous commit
	e2cc34e1	2022-07-26T12:31:15		[subset/GPOS] Fix a fuzzer timeout test Fixes https://oss-fuzz.com/testcase-detail/5234369031176192
	4cb83967	2022-07-23T10:59:42		[subset/ClassDefFormat2] Fix timeout Fixes https://oss-fuzz.com/testcase-detail/5417800474165248
	32c85b8c	2022-07-23T10:50:26		[avar2] Fix mapping when coords length don't match Ouch. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49407
	9eab3ac7	2022-07-21T12:35:19		[CoverageFormat2] Remove hand-written loop While on a fuzzer-found test case (added) that loop was faster, on real fonts, including NotoNastaliq in our benchmark, it was actually slower, which intuitively I would have expected. Still no idea why on that fuzzer case it's faster though. :(
	3c84aa84	2022-07-18T13:57:59		[cff] Add a max work counter Set to 10,000 per interpretation right now. Fixes https://github.com/harfbuzz/harfbuzz/issues/3700 Fixes https://oss-fuzz.com/testcase-detail/5667125715927040
	311413f1	2022-06-11T01:05:57		[subset] Fix fuzzer issue. Fixes https://oss-fuzz.com/testcase-detail/5693568490012672. new_index should be set from new_index2 when the entry is present in the map.
	62e803b3	2022-06-01T07:38:21		[sbix] Limit glyph extents Fixes https://github.com/harfbuzz/harfbuzz/issues/3557
	8f9f0c49	2022-05-10T17:47:08		[subset] Enforce cmap12 group ordering constraints in collect_mapping. Fixes fuzzer issue: https://oss-fuzz.com/testcase-detail/6365271012540416
	b051f3fa	2022-05-05T23:27:34		[subset] Fix cpal subsetting when there are partial palette overlaps. The existing code doesn't correctly handle the case where palettes partially overlap in the color record array. This changes the subsetting to only share entries in the color record array when palettes have the same first color index. Partially overlapping palettes will be converted to disjoint segments in the color record array. Updates one of the color tests to use multiple palettes. Also fixes fuzzer: https://oss-fuzz.com/testcase-detail/5568200165687296.
	ca8a0f3e	2022-05-06T11:54:38		[gvar] Protect against out-of-range access Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47281 Fixes https://oss-fuzz.com/testcase-detail/5508865908670464
	a665e29e	2022-03-23T17:30:25		[use] Avoid O(n^2) in the machine Fixes https://github.com/harfbuzz/harfbuzz/issues/3502
	03085132	2022-03-21T18:06:33		[buffer] Fix out-buffer under memory-alloc failure This was broken in July refactoring of the buffer, and exposed to ReverseChainSingleSubstFormat1 in 3807061d634b60bd6235d6e1d8c47a034377f924 Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38800 https://bugs.chromium.org/p/chromium/issues/detail?id=1303552
	af407dd2	2022-02-12T13:53:16		Add a fuzzer font
	4e2f409b	2022-01-31T12:20:32		[subset] Don't hold references to members of the active_glyph_stack. These references may get invalidated after the vector for the stack is resized. Fixes: https://oss-fuzz.com/testcase-detail/5422577634377728
	87496bf6	2022-01-13T11:03:45		[subset] fix fuzzer timeout if visisted_paint goes into error.
	067f90a8	2021-12-14T16:24:38		[subset] Fix for fuzzer timeout. Fixes https://oss-fuzz.com/testcase-detail/5549945449480192 In prune_langsys: move LangSys visited check up before any work is done for a LangSys. In this particular case the compare() method is responsible for the majority of the time spent and wasn't being guarded with a visisted check.
	c4573c2e	2021-12-14T14:49:15		[repacker] don't infinite loop if visited or roots is in error. Fixes https://oss-fuzz.com/testcase-detail/5205038086094848
	ace98cc6	2021-11-08T15:47:56		[subset] Only sanitize recursion depth in COLR.
	f51b48c8	2021-11-02T16:16:52		[subset] Fix fuzzer found memory leak. Happens because an insert into a map with an invalid key reports successful, but this causes the set being inserted to be lost.
	0a7563a5	2021-11-01T14:56:14		[subset] fuzzer fix: https://oss-fuzz.com/testcase?key=6254792024915968 Make sure input is valid, each gid has a corresponding offset value in the map
	85deddb1	2021-10-27T14:36:02		[subset] fuzzer fix: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40406
	794b00db	2021-09-27T17:21:16		[subset] fuzzer fix: https://oss-fuzz.com/testcase-detail/6616166961905664
	74f96d9d	2021-09-17T13:46:07		[repacker] fix heap use after free in repacker. Don't store a reference to the link in overflow records as the link object may be freed if the sorted graph vector is resized.
	fb07f8f8	2021-08-23T15:33:57		During subset input creation check for set alloc failures and fail if encountered.
	dc31920b	2021-08-18T14:20:14		Don't serialize null offsets in CPAL. Fixes https://oss-fuzz.com/testcase-detail/5443213648330752
	c0f3af91	2021-08-11T16:20:05		[subset] speed up add_gid_and_children and adjust op limit. Fix for fuzzer timeout: https://oss-fuzz.com/testcase-detail/5001604901240832. - Operation limit is per glyph, so 100,000 should still be far more than needed. - Switches from for(...) to while(...) loop for iteration. for(...) calls it.end() which in this case triggers a complete iteration. - Cache CompositeGlyph size in the iterator to avoid needing to recalculate it.
	c08f1b89	2021-08-10T12:29:32		[map] fix incorrect population count in hash map. If the same key was set twice the population was being incorrectly incremented.
	8c0c217b	2021-08-06T10:45:38		[subset] fail reference blob in face builder if allocation for table sorting fails. Fixes https://oss-fuzz.com/testcase-detail/5041767803125760
	5086e105	2021-07-29T17:03:55		[test] Add failing fuzzer test case From https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36236 https://oss-fuzz.com/testcase-detail/5061207689134080
	0ded6a70	2021-07-28T11:28:38		[subset] Fix another fuzzer issue Addition could overflow on 32bit arch. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36636 Fixes https://oss-fuzz.com/testcase-detail/5072358514753536
	09474d8d	2021-06-29T16:07:14		[subset] Fix fuzzer timeout in add_gid_and_children. The composite glyph graph isn't check for max operations by sanitize so track an operations count during the graph traversal.
	c68a00b9	2021-07-27T13:25:22		[subset] Fix possible overflows in VarRegionList serialize Fixes https://oss-fuzz.com/testcase-detail/5362189182566400
	7416face	2021-07-07T11:27:49		[subset] fuzzer fix: https://oss-fuzz.com/testcase-detail/5715464591376384
	bc06af97	2021-06-16T15:49:14		[subset] speed up feature collection when tags are specified. Precompute a feature index filter to avoid needing to iterate the feature tag list for each encountered feature index. For this particular fuzzer case speeds up feature collection from 50s to 2s.
	675ebbeb	2021-06-16T10:40:46		[subset] don't alloc zero bytes. It will be leaked later since hb_blob_create() won't set up the blob to cleanup since it has length zero.
	35d6af69	2021-06-04T10:04:27		[subset] fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5965777994907648
	1b6008ca	2021-06-02T15:07:18		fix fuzzer testcase: https://oss-fuzz.com/testcase-detail/5417934246772736
	7ab0f4ed	2021-05-27T11:40:34		fuzzer fix
	425ba1f4	2021-04-19T18:01:24		[subset] fixes infinite loop in hb_set_get_max(). Fixes https://oss-fuzz.com/testcase-detail/5363902507515904
	ec432106	2021-04-19T17:18:05		[subset] fix infinite loop caused by alloc failure in repacker. Fixes: https://oss-fuzz.com/testcase-detail/5609112151916544.
	0e845d97	2021-04-19T16:09:37		[subset] fix memory leak in repacker caused by failed alloc. Fixes: https://oss-fuzz.com/testcase-detail/5616763250278400.
	3fb62cdc	2021-04-05T15:48:34		[subset] fail on offset overflow in tables that we don't repack. Fixes: https://oss-fuzz.com/testcase-detail/5229304507138048
	9dc9f038	2021-04-08T11:00:17		[subset] fix for fuzzer testcase: https://oss-fuzz.com/testcase-detail/5858518134554624
	4af5dace	2021-04-07T10:56:49		[subset] add fuzzer testcase
	64122b5a	2021-04-05T12:53:08		[subset] don't visit lookup if covered glyph set has failed. If covered glyph set is in error then the same lookup can be recursed into repeatedly potentially causing a fuzzer timeout. Fixes: https://oss-fuzz.com/testcase-detail/5416421032067072.
	71d6d156	2021-04-05T12:03:17		[subset] clamp distance to prevent shifting outside of the limits of int64. Fixes https://oss-fuzz.com/testcase-detail/4961171477233664.