/src/harfbuzz/test/fuzzing/hb-fuzzer.hh
Line | Count | Source |
1 | | #include <hb-config.hh> |
2 | | |
3 | | #include <hb.h> |
4 | | #include <stddef.h> |
5 | | #include <string.h> |
6 | | |
7 | | extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size); |
8 | | |
9 | | #if defined(__GNUC__) && (__GNUC__ >= 4) || (__clang__) |
10 | | #define HB_UNUSED __attribute__((unused)) |
11 | | #else |
12 | | #define HB_UNUSED |
13 | | #endif |
14 | | |
15 | | #ifdef HB_IS_IN_FUZZER |
16 | | |
17 | | /* See src/failing-alloc.c */ |
18 | | extern "C" int alloc_state; |
19 | | |
20 | | #else |
21 | | |
22 | | /* Just a dummy global variable */ |
23 | | static int HB_UNUSED alloc_state = 0; |
24 | | |
25 | | #endif |
26 | | |
27 | | static inline int |
28 | | _fuzzing_alloc_state (const uint8_t *data, size_t size) |
29 | 90.0k | { |
30 | | /* https://github.com/harfbuzz/harfbuzz/pull/2764#issuecomment-1172589849 */ |
31 | | |
32 | | /* In 50% of the runs, don't fail the allocator. */ |
33 | 90.0k | if (size && data[size - 1] < 0x80) |
34 | 67.6k | return 0; |
35 | | |
36 | 22.3k | return size; |
37 | 90.0k | } hb-shape-fuzzer.cc:_fuzzing_alloc_state(unsigned char const*, unsigned long) Line | Count | Source | 29 | 34.0k | { | 30 | | /* https://github.com/harfbuzz/harfbuzz/pull/2764#issuecomment-1172589849 */ | 31 | | | 32 | | /* In 50% of the runs, don't fail the allocator. */ | 33 | 34.0k | if (size && data[size - 1] < 0x80) | 34 | 27.1k | return 0; | 35 | | | 36 | 6.88k | return size; | 37 | 34.0k | } |
hb-raster-fuzzer.cc:_fuzzing_alloc_state(unsigned char const*, unsigned long) Line | Count | Source | 29 | 793 | { | 30 | | /* https://github.com/harfbuzz/harfbuzz/pull/2764#issuecomment-1172589849 */ | 31 | | | 32 | | /* In 50% of the runs, don't fail the allocator. */ | 33 | 793 | if (size && data[size - 1] < 0x80) | 34 | 580 | return 0; | 35 | | | 36 | 213 | return size; | 37 | 793 | } |
hb-repacker-fuzzer.cc:_fuzzing_alloc_state(unsigned char const*, unsigned long) Line | Count | Source | 29 | 3.72k | { | 30 | | /* https://github.com/harfbuzz/harfbuzz/pull/2764#issuecomment-1172589849 */ | 31 | | | 32 | | /* In 50% of the runs, don't fail the allocator. */ | 33 | 3.72k | if (size && data[size - 1] < 0x80) | 34 | 2.37k | return 0; | 35 | | | 36 | 1.35k | return size; | 37 | 3.72k | } |
hb-subset-fuzzer.cc:_fuzzing_alloc_state(unsigned char const*, unsigned long) Line | Count | Source | 29 | 23.0k | { | 30 | | /* https://github.com/harfbuzz/harfbuzz/pull/2764#issuecomment-1172589849 */ | 31 | | | 32 | | /* In 50% of the runs, don't fail the allocator. */ | 33 | 23.0k | if (size && data[size - 1] < 0x80) | 34 | 18.6k | return 0; | 35 | | | 36 | 4.38k | return size; | 37 | 23.0k | } |
hb-vector-fuzzer.cc:_fuzzing_alloc_state(unsigned char const*, unsigned long) Line | Count | Source | 29 | 28.4k | { | 30 | | /* https://github.com/harfbuzz/harfbuzz/pull/2764#issuecomment-1172589849 */ | 31 | | | 32 | | /* In 50% of the runs, don't fail the allocator. */ | 33 | 28.4k | if (size && data[size - 1] < 0x80) | 34 | 18.8k | return 0; | 35 | | | 36 | 9.55k | return size; | 37 | 28.4k | } |
|
38 | | |
39 | | static const uint8_t _fuzzing_extended_magic[] = {'H', 'B', 'S', 'U', 'B', 'F', 'Z', '2'}; |
40 | | |
41 | | enum _fuzzing_extended_op_t |
42 | | { |
43 | | HB_FUZZING_OP_SET_FLAGS = 1, |
44 | | HB_FUZZING_OP_KEEP_EVERYTHING = 2, |
45 | | HB_FUZZING_OP_SET_CLEAR = 3, |
46 | | HB_FUZZING_OP_SET_INVERT = 4, |
47 | | HB_FUZZING_OP_SET_ADD_RANGES = 5, |
48 | | HB_FUZZING_OP_SET_DEL_RANGES = 6, |
49 | | HB_FUZZING_OP_TEXT_ADD = 7, |
50 | | HB_FUZZING_OP_TEXT_DEL = 8, |
51 | | HB_FUZZING_OP_AXIS_PIN_ALL_TO_DEFAULT = 9, |
52 | | HB_FUZZING_OP_AXIS_SET = 10, |
53 | | }; |
54 | | |
55 | | enum _fuzzing_extended_axis_mode_t |
56 | | { |
57 | | HB_FUZZING_AXIS_PIN_TO_DEFAULT = 0, |
58 | | HB_FUZZING_AXIS_SET_RANGE = 1, |
59 | | }; |
60 | | |
61 | | static inline uint32_t |
62 | | _fuzzing_read_u32_le (const uint8_t *p) |
63 | 41.7k | { |
64 | 41.7k | return (uint32_t) p[0] | |
65 | 41.7k | ((uint32_t) p[1] << 8) | |
66 | 41.7k | ((uint32_t) p[2] << 16) | |
67 | 41.7k | ((uint32_t) p[3] << 24); |
68 | 41.7k | } hb-shape-fuzzer.cc:_fuzzing_read_u32_le(unsigned char const*) Line | Count | Source | 63 | 17.1k | { | 64 | 17.1k | return (uint32_t) p[0] | | 65 | 17.1k | ((uint32_t) p[1] << 8) | | 66 | 17.1k | ((uint32_t) p[2] << 16) | | 67 | 17.1k | ((uint32_t) p[3] << 24); | 68 | 17.1k | } |
hb-raster-fuzzer.cc:_fuzzing_read_u32_le(unsigned char const*) Line | Count | Source | 63 | 11 | { | 64 | 11 | return (uint32_t) p[0] | | 65 | 11 | ((uint32_t) p[1] << 8) | | 66 | 11 | ((uint32_t) p[2] << 16) | | 67 | 11 | ((uint32_t) p[3] << 24); | 68 | 11 | } |
Unexecuted instantiation: hb-repacker-fuzzer.cc:_fuzzing_read_u32_le(unsigned char const*) hb-subset-fuzzer.cc:_fuzzing_read_u32_le(unsigned char const*) Line | Count | Source | 63 | 18.8k | { | 64 | 18.8k | return (uint32_t) p[0] | | 65 | 18.8k | ((uint32_t) p[1] << 8) | | 66 | 18.8k | ((uint32_t) p[2] << 16) | | 67 | 18.8k | ((uint32_t) p[3] << 24); | 68 | 18.8k | } |
hb-vector-fuzzer.cc:_fuzzing_read_u32_le(unsigned char const*) Line | Count | Source | 63 | 5.67k | { | 64 | 5.67k | return (uint32_t) p[0] | | 65 | 5.67k | ((uint32_t) p[1] << 8) | | 66 | 5.67k | ((uint32_t) p[2] << 16) | | 67 | 5.67k | ((uint32_t) p[3] << 24); | 68 | 5.67k | } |
|
69 | | |
70 | | static inline float |
71 | | _fuzzing_read_f32_le (const uint8_t *p) |
72 | 9.66k | { |
73 | 9.66k | uint32_t bits = _fuzzing_read_u32_le (p); |
74 | 9.66k | float value; |
75 | 9.66k | memcpy (&value, &bits, sizeof (value)); |
76 | 9.66k | return value; |
77 | 9.66k | } hb-shape-fuzzer.cc:_fuzzing_read_f32_le(unsigned char const*) Line | Count | Source | 72 | 8.71k | { | 73 | 8.71k | uint32_t bits = _fuzzing_read_u32_le (p); | 74 | 8.71k | float value; | 75 | 8.71k | memcpy (&value, &bits, sizeof (value)); | 76 | 8.71k | return value; | 77 | 8.71k | } |
Unexecuted instantiation: hb-raster-fuzzer.cc:_fuzzing_read_f32_le(unsigned char const*) Unexecuted instantiation: hb-repacker-fuzzer.cc:_fuzzing_read_f32_le(unsigned char const*) hb-subset-fuzzer.cc:_fuzzing_read_f32_le(unsigned char const*) Line | Count | Source | 72 | 36 | { | 73 | 36 | uint32_t bits = _fuzzing_read_u32_le (p); | 74 | 36 | float value; | 75 | 36 | memcpy (&value, &bits, sizeof (value)); | 76 | 36 | return value; | 77 | 36 | } |
hb-vector-fuzzer.cc:_fuzzing_read_f32_le(unsigned char const*) Line | Count | Source | 72 | 916 | { | 73 | 916 | uint32_t bits = _fuzzing_read_u32_le (p); | 74 | 916 | float value; | 75 | 916 | memcpy (&value, &bits, sizeof (value)); | 76 | 916 | return value; | 77 | 916 | } |
|
78 | | |
79 | | template <typename T> |
80 | | static inline bool |
81 | | _fuzzing_read_value (const uint8_t *&p, |
82 | | const uint8_t *end, |
83 | | T *out) |
84 | 15.7k | { |
85 | 15.7k | if ((size_t) (end - p) < sizeof (T)) |
86 | 7 | return false; |
87 | | |
88 | 15.7k | memcpy (out, p, sizeof (T)); |
89 | 15.7k | p += sizeof (T); |
90 | 15.7k | return true; |
91 | 15.7k | } hb-shape-fuzzer.cc:bool _fuzzing_read_value<unsigned char>(unsigned char const*&, unsigned char const*, unsigned char*) Line | Count | Source | 84 | 7.19k | { | 85 | 7.19k | if ((size_t) (end - p) < sizeof (T)) | 86 | 4 | return false; | 87 | | | 88 | 7.19k | memcpy (out, p, sizeof (T)); | 89 | 7.19k | p += sizeof (T); | 90 | 7.19k | return true; | 91 | 7.19k | } |
hb-raster-fuzzer.cc:bool _fuzzing_read_value<unsigned char>(unsigned char const*&, unsigned char const*, unsigned char*) Line | Count | Source | 84 | 3 | { | 85 | 3 | if ((size_t) (end - p) < sizeof (T)) | 86 | 0 | return false; | 87 | | | 88 | 3 | memcpy (out, p, sizeof (T)); | 89 | 3 | p += sizeof (T); | 90 | 3 | return true; | 91 | 3 | } |
hb-subset-fuzzer.cc:bool _fuzzing_read_value<unsigned char>(unsigned char const*&, unsigned char const*, unsigned char*) Line | Count | Source | 84 | 3.38k | { | 85 | 3.38k | if ((size_t) (end - p) < sizeof (T)) | 86 | 0 | return false; | 87 | | | 88 | 3.38k | memcpy (out, p, sizeof (T)); | 89 | 3.38k | p += sizeof (T); | 90 | 3.38k | return true; | 91 | 3.38k | } |
hb-vector-fuzzer.cc:bool _fuzzing_read_value<unsigned char>(unsigned char const*&, unsigned char const*, unsigned char*) Line | Count | Source | 84 | 5.13k | { | 85 | 5.13k | if ((size_t) (end - p) < sizeof (T)) | 86 | 3 | return false; | 87 | | | 88 | 5.12k | memcpy (out, p, sizeof (T)); | 89 | 5.12k | p += sizeof (T); | 90 | 5.12k | return true; | 91 | 5.13k | } |
|
92 | | |
93 | | static inline bool |
94 | | _fuzzing_read_u32_value (const uint8_t *&p, |
95 | | const uint8_t *end, |
96 | | uint32_t *out) |
97 | 31.3k | { |
98 | 31.3k | if ((size_t) (end - p) < 4) |
99 | 141 | return false; |
100 | 31.1k | *out = _fuzzing_read_u32_le (p); |
101 | 31.1k | p += 4; |
102 | 31.1k | return true; |
103 | 31.3k | } hb-shape-fuzzer.cc:_fuzzing_read_u32_value(unsigned char const*&, unsigned char const*, unsigned int*) Line | Count | Source | 97 | 8.24k | { | 98 | 8.24k | if ((size_t) (end - p) < 4) | 99 | 71 | return false; | 100 | 8.17k | *out = _fuzzing_read_u32_le (p); | 101 | 8.17k | p += 4; | 102 | 8.17k | return true; | 103 | 8.24k | } |
hb-raster-fuzzer.cc:_fuzzing_read_u32_value(unsigned char const*&, unsigned char const*, unsigned int*) Line | Count | Source | 97 | 6 | { | 98 | 6 | if ((size_t) (end - p) < 4) | 99 | 0 | return false; | 100 | 6 | *out = _fuzzing_read_u32_le (p); | 101 | 6 | p += 4; | 102 | 6 | return true; | 103 | 6 | } |
Unexecuted instantiation: hb-repacker-fuzzer.cc:_fuzzing_read_u32_value(unsigned char const*&, unsigned char const*, unsigned int*) hb-subset-fuzzer.cc:_fuzzing_read_u32_value(unsigned char const*&, unsigned char const*, unsigned int*) Line | Count | Source | 97 | 18.7k | { | 98 | 18.7k | if ((size_t) (end - p) < 4) | 99 | 14 | return false; | 100 | 18.7k | *out = _fuzzing_read_u32_le (p); | 101 | 18.7k | p += 4; | 102 | 18.7k | return true; | 103 | 18.7k | } |
hb-vector-fuzzer.cc:_fuzzing_read_u32_value(unsigned char const*&, unsigned char const*, unsigned int*) Line | Count | Source | 97 | 4.28k | { | 98 | 4.28k | if ((size_t) (end - p) < 4) | 99 | 56 | return false; | 100 | 4.23k | *out = _fuzzing_read_u32_le (p); | 101 | 4.23k | p += 4; | 102 | 4.23k | return true; | 103 | 4.28k | } |
|
104 | | |
105 | | static inline bool |
106 | | _fuzzing_read_f32_value (const uint8_t *&p, |
107 | | const uint8_t *end, |
108 | | float *out) |
109 | 9.68k | { |
110 | 9.68k | if ((size_t) (end - p) < 4) |
111 | 23 | return false; |
112 | 9.66k | *out = _fuzzing_read_f32_le (p); |
113 | 9.66k | p += 4; |
114 | 9.66k | return true; |
115 | 9.68k | } hb-shape-fuzzer.cc:_fuzzing_read_f32_value(unsigned char const*&, unsigned char const*, float*) Line | Count | Source | 109 | 8.72k | { | 110 | 8.72k | if ((size_t) (end - p) < 4) | 111 | 13 | return false; | 112 | 8.71k | *out = _fuzzing_read_f32_le (p); | 113 | 8.71k | p += 4; | 114 | 8.71k | return true; | 115 | 8.72k | } |
Unexecuted instantiation: hb-raster-fuzzer.cc:_fuzzing_read_f32_value(unsigned char const*&, unsigned char const*, float*) Unexecuted instantiation: hb-repacker-fuzzer.cc:_fuzzing_read_f32_value(unsigned char const*&, unsigned char const*, float*) hb-subset-fuzzer.cc:_fuzzing_read_f32_value(unsigned char const*&, unsigned char const*, float*) Line | Count | Source | 109 | 36 | { | 110 | 36 | if ((size_t) (end - p) < 4) | 111 | 0 | return false; | 112 | 36 | *out = _fuzzing_read_f32_le (p); | 113 | 36 | p += 4; | 114 | 36 | return true; | 115 | 36 | } |
hb-vector-fuzzer.cc:_fuzzing_read_f32_value(unsigned char const*&, unsigned char const*, float*) Line | Count | Source | 109 | 926 | { | 110 | 926 | if ((size_t) (end - p) < 4) | 111 | 10 | return false; | 112 | 916 | *out = _fuzzing_read_f32_le (p); | 113 | 916 | p += 4; | 114 | 916 | return true; | 115 | 926 | } |
|