/src/harfbuzz/test/fuzzing/hb-shape-fuzzer.cc
Line | Count | Source |
1 | | #include "hb-fuzzer.hh" |
2 | | |
3 | | #include <hb-ot.h> |
4 | | #include <string.h> |
5 | | |
6 | | #include <stdlib.h> |
7 | | |
8 | | #define TEST_OT_FACE_NO_MAIN 1 |
9 | | #include "../api/test-ot-face.c" |
10 | | #undef TEST_OT_FACE_NO_MAIN |
11 | | |
12 | | extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size) |
13 | 222k | { |
14 | 222k | alloc_state = _fuzzing_alloc_state (data, size); |
15 | | |
16 | 222k | hb_blob_t *blob = hb_blob_create ((const char *)data, size, |
17 | 222k | HB_MEMORY_MODE_READONLY, nullptr, nullptr); |
18 | 222k | hb_face_t *face = hb_face_create (blob, 0); |
19 | 222k | hb_font_t *font = hb_font_create (face); |
20 | 222k | hb_ot_font_set_funcs (font); |
21 | 222k | hb_font_set_scale (font, 12, 12); |
22 | | |
23 | 222k | unsigned num_coords = 0; |
24 | 222k | if (size) num_coords = data[size - 1]; |
25 | 222k | num_coords = hb_ot_var_get_axis_count (face) > num_coords ? num_coords : hb_ot_var_get_axis_count (face); |
26 | 222k | int *coords = (int *) calloc (num_coords, sizeof (int)); |
27 | 222k | if (size > num_coords + 1) |
28 | 246k | for (unsigned i = 0; i < num_coords; ++i) |
29 | 23.9k | coords[i] = ((int) data[size - num_coords + i - 1] - 128) * 10; |
30 | 222k | hb_font_set_var_coords_normalized (font, coords, num_coords); |
31 | 222k | free (coords); |
32 | | |
33 | 222k | { |
34 | 222k | const char text[] = "ABCDEXYZ123@_%&)*$!"; |
35 | 222k | hb_buffer_t *buffer = hb_buffer_create (); |
36 | 222k | hb_buffer_set_flags (buffer, (hb_buffer_flags_t) (HB_BUFFER_FLAG_VERIFY /* | HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT */)); |
37 | 222k | hb_buffer_add_utf8 (buffer, text, -1, 0, -1); |
38 | 222k | hb_buffer_guess_segment_properties (buffer); |
39 | 222k | hb_shape (font, buffer, nullptr, 0); |
40 | 222k | hb_buffer_destroy (buffer); |
41 | 222k | } |
42 | | |
43 | 222k | uint32_t text32[16] = {0}; |
44 | 222k | unsigned int len = sizeof (text32); |
45 | 222k | if (size < len) |
46 | 8.09k | len = size; |
47 | 222k | if (len) |
48 | 222k | memcpy (text32, data + size - len, len); |
49 | | |
50 | | /* Misc calls on font. */ |
51 | 222k | text32[10] = test_font (font, text32[15]) % 256; |
52 | | |
53 | 222k | hb_buffer_t *buffer = hb_buffer_create (); |
54 | | // hb_buffer_set_flags (buffer, (hb_buffer_flags_t) (HB_BUFFER_FLAG_VERIFY | HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT)); |
55 | 222k | hb_buffer_add_utf32 (buffer, text32, sizeof (text32) / sizeof (text32[0]), 0, -1); |
56 | 222k | hb_buffer_guess_segment_properties (buffer); |
57 | 222k | hb_shape (font, buffer, nullptr, 0); |
58 | 222k | hb_buffer_destroy (buffer); |
59 | | |
60 | 222k | hb_font_destroy (font); |
61 | 222k | hb_face_destroy (face); |
62 | 222k | hb_blob_destroy (blob); |
63 | 222k | return 0; |
64 | 222k | } |