758fda728b
This specially becomes concerning on sub-components where a gvar table that is sanitized using maxp's glyphs number overflows when a high gid accepted here goes to it, maybe an additional check can be put there also, this however feels to be enough. Fixes https://crbug.com/oss-fuzz/20944 |
||
---|---|---|
.. | ||
fonts | ||
sets | ||
CMakeLists.txt | ||
hb-draw-fuzzer.cc | ||
hb-fuzzer.hh | ||
hb-set-fuzzer.cc | ||
hb-shape-fuzzer.cc | ||
hb-subset-fuzzer.cc | ||
main.cc | ||
Makefile.am | ||
README | ||
run-draw-fuzzer-tests.py | ||
run-shape-fuzzer-tests.py | ||
run-subset-fuzzer-tests.py |
In order to build the fuzzer one needs to build HarfBuzz and harfbuzz/test/fuzzing/hb-fuzzer.cc with: - Using the most recent Clang - With -fsanitize=address (or =undefined, or a combination) - With -fsanitize-coverage=edge[,8bit-counters,trace-cmp] - With various defines that limit worst case exponential behavior. See FUZZING_CPPFLAGS in harfbuzz/src/Makefile.am for the list. - link against libFuzzer To run the fuzzer one needs to first obtain a test corpus as a directory containing interesting fonts. A good starting point is inside harfbuzz/test/shaping/fonts/fonts/. Then, run the fuzzer like this: ./hb-fuzzer -max_len=2048 CORPUS_DIR Where max_len specifies the maximal length of font files to handle. The smaller the faster. For more details consult the following locations: - http://llvm.org/docs/LibFuzzer.html or - https://github.com/google/libfuzzer-bot/tree/master/harfbuzz - https://github.com/harfbuzz/harfbuzz/issues/139