src/Makefile.am
| 2 -
src/hb-aat-layout-kerx-table.hh
| 6 ++---
test/fuzzing/Makefile.am
| 12 +++++-----
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5629524117553152
|binary
4 files changed, 11 insertions(+), 9 deletions(-)
New commits:
commit 752bd8a192af209f44dacaf1d3510d0bfc6354b8
Author: Behdad Esfahbod <[email protected]>
Date: Sat Nov 10 21:13:13 2018 -0500
[kerx] Fix Format1 tupleKern sanitization
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11312
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11305
diff --git a/src/hb-aat-layout-kerx-table.hh b/src/hb-aat-layout-kerx-table.hh
index 3cd80acf..6b61186a 100644
--- a/src/hb-aat-layout-kerx-table.hh
+++ b/src/hb-aat-layout-kerx-table.hh
@@ -262,10 +262,12 @@ struct KerxSubTableFormat1
if (Format1EntryT::performAction (entry))
{
+ unsigned int tuple_count = MAX (1u, table->header.tuple_count ());
+
unsigned int kern_idx = Format1EntryT::kernActionIndex (entry);
kern_idx = Types::offsetToIndex (kern_idx, &table->machine,
kernAction.arrayZ);
const FWORD *actions = &kernAction[kern_idx];
- if (!c->sanitizer.check_array (actions, depth))
+ if (!c->sanitizer.check_array (actions, depth * tuple_count))
{
depth = 0;
return false;
@@ -276,8 +278,6 @@ struct KerxSubTableFormat1
/* From Apple 'kern' spec:
* "Each pops one glyph from the kerning stack and applies the kerning
value to it.
* The end of the list is marked by an odd value... */
- unsigned int tuple_count = table->header.tuple_count ();
- tuple_count = tuple_count ? tuple_count : 1;
bool last = false;
while (!last && depth--)
{
diff --git
a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5629524117553152
b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5629524117553152
new file mode 100644
index 00000000..01ca5173
Binary files /dev/null and
b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5629524117553152
differ
commit f9e0552debc45afedd86c848484bcd169af62dc2
Author: Behdad Esfahbod <[email protected]>
Date: Sat Nov 10 21:01:49 2018 -0500
[fuzzing] Make "make lib" faster and more usable
diff --git a/src/Makefile.am b/src/Makefile.am
index fbd8f602..9632b4df 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -195,7 +195,7 @@ libharfbuzz_subset_fuzzing_la_LINK = $(chosen_linker)
$(libharfbuzz_subset_fuzzi
libharfbuzz_subset_fuzzing_la_SOURCES = $(libharfbuzz_subset_la_SOURCES)
libharfbuzz_subset_fuzzing_la_CPPFLAGS = $(HBCFLAGS) $(FUZZING_CPPFLAGS)
libharfbuzz_subset_fuzzing_la_LDFLAGS = $(AM_LDFLAGS)
-libharfbuzz_subset_fuzzing_la_LIBADD = $(libharfbuzz_subset_la_LIBADD)
+libharfbuzz_subset_fuzzing_la_LIBADD = libharfbuzz-fuzzing.la
EXTRA_libharfbuzz_subset_fuzzing_la_DEPENDENCIES =
$(EXTRA_libharfbuzz_subset_la_DEPENDENCIES)
CLEANFILES += libharfbuzz-subset-fuzzing.la
diff --git a/test/fuzzing/Makefile.am b/test/fuzzing/Makefile.am
index 54178ff4..ed67eee8 100644
--- a/test/fuzzing/Makefile.am
+++ b/test/fuzzing/Makefile.am
@@ -7,11 +7,13 @@ DISTCLEANFILES =
MAINTAINERCLEANFILES =
# Convenience targets:
-lib:
+lib-only:
@$(MAKE) $(AM_MAKEFLAGS) -C $(top_builddir)/src fuzzing
+lib: lib-only
+ @$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-$(top_builddir)/src/libharfbuzz-fuzzing.la: lib
-$(top_builddir)/src/libharfbuzz-subset-fuzzing.la: lib
+$(top_builddir)/src/libharfbuzz-fuzzing.la: lib-only
+$(top_builddir)/src/libharfbuzz-subset-fuzzing.la: lib-only
EXTRA_DIST += \
README \
@@ -47,7 +49,7 @@ hb_shape_fuzzer_CPPFLAGS = \
$(AM_CPPFLAGS) \
$(NULL)
hb_shape_fuzzer_DEPENDENCIES = \
- lib \
+ $(top_builddir)/src/libharfbuzz-fuzzing.la
$(NULL)
hb_subset_fuzzer_SOURCES = \
@@ -62,7 +64,7 @@ hb_subset_fuzzer_CPPFLAGS = \
$(AM_CPPFLAGS) \
$(NULL)
hb_subset_fuzzer_DEPENDENCIES = \
- lib \
+ $(top_builddir)/src/libharfbuzz-subset-fuzzing.la
$(NULL)
check:
_______________________________________________
HarfBuzz mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/harfbuzz
