1 #include "hb-fuzzer.hh"
2
3 #include <stdlib.h>
4 #include <stdio.h>
5 #include <string.h>
6 #include <assert.h>
7
8 #include "hb-subset.h"
9
10 static void
trySubset(hb_face_t * face,const hb_codepoint_t text[],int text_length,bool drop_hints,bool drop_layout,bool retain_gids)11 trySubset (hb_face_t *face,
12 const hb_codepoint_t text[],
13 int text_length,
14 bool drop_hints,
15 bool drop_layout,
16 bool retain_gids)
17 {
18 hb_subset_input_t *input = hb_subset_input_create_or_fail ();
19 if (!input) return;
20 hb_subset_input_set_drop_hints (input, drop_hints);
21 hb_subset_input_set_retain_gids (input, retain_gids);
22 hb_set_t *codepoints = hb_subset_input_unicode_set (input);
23
24 if (!drop_layout)
25 {
26 hb_set_del (hb_subset_input_drop_tables_set (input), HB_TAG ('G', 'S', 'U', 'B'));
27 hb_set_del (hb_subset_input_drop_tables_set (input), HB_TAG ('G', 'P', 'O', 'S'));
28 hb_set_del (hb_subset_input_drop_tables_set (input), HB_TAG ('G', 'D', 'E', 'F'));
29 }
30
31 for (int i = 0; i < text_length; i++)
32 hb_set_add (codepoints, text[i]);
33
34 hb_face_t *result = hb_subset (face, input);
35 {
36 hb_blob_t *blob = hb_face_reference_blob (result);
37 unsigned int length;
38 const char *data = hb_blob_get_data (blob, &length);
39
40 // Something not optimizable just to access all the blob data
41 unsigned int bytes_count = 0;
42 for (unsigned int i = 0; i < length; ++i)
43 if (data[i]) ++bytes_count;
44 assert (bytes_count || !length);
45
46 hb_blob_destroy (blob);
47 }
48 hb_face_destroy (result);
49
50 hb_subset_input_destroy (input);
51 }
52
53 static void
trySubset(hb_face_t * face,const hb_codepoint_t text[],int text_length,const uint8_t flags[1])54 trySubset (hb_face_t *face,
55 const hb_codepoint_t text[],
56 int text_length,
57 const uint8_t flags[1])
58 {
59 bool drop_hints = flags[0] & (1 << 0);
60 bool drop_layout = flags[0] & (1 << 1);
61 bool retain_gids = flags[0] & (1 << 2);
62 trySubset (face, text, text_length,
63 drop_hints, drop_layout, retain_gids);
64 }
65
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)66 extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
67 {
68 alloc_state = size; /* see src/failing-alloc.c */
69
70 hb_blob_t *blob = hb_blob_create ((const char *) data, size,
71 HB_MEMORY_MODE_READONLY, nullptr, nullptr);
72 hb_face_t *face = hb_face_create (blob, 0);
73
74 /* Just test this API here quickly. */
75 hb_set_t *output = hb_set_create ();
76 hb_face_collect_unicodes (face, output);
77 hb_set_destroy (output);
78
79 uint8_t flags[1] = {0};
80 const hb_codepoint_t text[] =
81 {
82 'A', 'B', 'C', 'D', 'E', 'X', 'Y', 'Z', '1', '2',
83 '3', '@', '_', '%', '&', ')', '*', '$', '!'
84 };
85
86 trySubset (face, text, sizeof (text) / sizeof (hb_codepoint_t), flags);
87
88 hb_codepoint_t text_from_data[16];
89 if (size > sizeof (text_from_data) + sizeof (flags)) {
90 memcpy (text_from_data,
91 data + size - sizeof (text_from_data),
92 sizeof (text_from_data));
93
94 memcpy (flags,
95 data + size - sizeof (text_from_data) - sizeof (flags),
96 sizeof (flags));
97 unsigned int text_size = sizeof (text_from_data) / sizeof (hb_codepoint_t);
98
99 trySubset (face, text_from_data, text_size, flags);
100 }
101
102 hb_face_destroy (face);
103 hb_blob_destroy (blob);
104
105 return 0;
106 }
107