/src/harfbuzz/test/fuzzing/hb-shape-fuzzer.cc
Line | Count | Source |
1 | | #include "hb-fuzzer.hh" |
2 | | |
3 | | #include <hb-ot.h> |
4 | | #include <string.h> |
5 | | |
6 | | #include <stdlib.h> |
7 | | |
8 | | #define TEST_OT_FACE_NO_MAIN 1 |
9 | | #include "../api/test-ot-face.c" |
10 | | #undef TEST_OT_FACE_NO_MAIN |
11 | | |
12 | | extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size) |
13 | 32.7k | { |
14 | 32.7k | alloc_state = _fuzzing_alloc_state (data, size); |
15 | | |
16 | 32.7k | hb_blob_t *blob = hb_blob_create ((const char *)data, size, |
17 | 32.7k | HB_MEMORY_MODE_READONLY, nullptr, nullptr); |
18 | 32.7k | hb_face_t *face = hb_face_create (blob, 0); |
19 | 32.7k | hb_font_t *font = hb_font_create (face); |
20 | 32.7k | hb_font_set_scale (font, 12, 12); |
21 | | |
22 | 32.7k | unsigned num_coords = 0; |
23 | 32.7k | if (size) num_coords = data[size - 1]; |
24 | 32.7k | num_coords = hb_ot_var_get_axis_count (face) > num_coords ? num_coords : hb_ot_var_get_axis_count (face); |
25 | 32.7k | int *coords = (int *) calloc (num_coords, sizeof (int)); |
26 | 32.7k | if (size > num_coords + 1) |
27 | 38.7k | for (unsigned i = 0; i < num_coords; ++i) |
28 | 6.08k | coords[i] = ((int) data[size - num_coords + i - 1] - 128) * 10; |
29 | 32.7k | hb_font_set_var_coords_normalized (font, coords, num_coords); |
30 | 32.7k | free (coords); |
31 | | |
32 | 32.7k | { |
33 | 32.7k | const char text[] = "ABCDEXYZ123@_%&)*$!"; |
34 | 32.7k | hb_buffer_t *buffer = hb_buffer_create (); |
35 | 32.7k | hb_buffer_set_flags (buffer, (hb_buffer_flags_t) (HB_BUFFER_FLAG_VERIFY /* | HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT */)); |
36 | 32.7k | hb_buffer_add_utf8 (buffer, text, -1, 0, -1); |
37 | 32.7k | hb_buffer_guess_segment_properties (buffer); |
38 | 32.7k | hb_shape (font, buffer, nullptr, 0); |
39 | 32.7k | hb_buffer_destroy (buffer); |
40 | 32.7k | } |
41 | | |
42 | 32.7k | uint32_t text32[16] = {0}; |
43 | 32.7k | unsigned int len = sizeof (text32); |
44 | 32.7k | if (size < len) |
45 | 6.21k | len = size; |
46 | 32.7k | if (len) |
47 | 32.7k | memcpy (text32, data + size - len, len); |
48 | | |
49 | | /* Misc calls on font. */ |
50 | 32.7k | text32[10] = test_font (font, text32[15]) % 256; |
51 | | |
52 | 32.7k | hb_buffer_t *buffer = hb_buffer_create (); |
53 | | // hb_buffer_set_flags (buffer, (hb_buffer_flags_t) (HB_BUFFER_FLAG_VERIFY | HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT)); |
54 | 32.7k | hb_buffer_add_utf32 (buffer, text32, sizeof (text32) / sizeof (text32[0]), 0, -1); |
55 | 32.7k | hb_buffer_guess_segment_properties (buffer); |
56 | 32.7k | hb_shape (font, buffer, nullptr, 0); |
57 | 32.7k | hb_buffer_destroy (buffer); |
58 | | |
59 | 32.7k | hb_font_destroy (font); |
60 | 32.7k | hb_face_destroy (face); |
61 | 32.7k | hb_blob_destroy (blob); |
62 | 32.7k | return 0; |
63 | 32.7k | } |