• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #include "hb-fuzzer.hh"
2 
3 #include <stdlib.h>
4 #include <stdio.h>
5 #include <string.h>
6 
7 #include "hb-subset.h"
8 
9 static void
trySubset(hb_face_t * face,const hb_codepoint_t text[],int text_length,bool drop_hints,bool drop_layout,bool retain_gids)10 trySubset (hb_face_t *face,
11 	   const hb_codepoint_t text[],
12 	   int text_length,
13 	   bool drop_hints,
14 	   bool drop_layout,
15 	   bool retain_gids)
16 {
17   hb_subset_input_t *input = hb_subset_input_create_or_fail ();
18   hb_subset_input_set_drop_hints (input, drop_hints);
19   hb_subset_input_set_retain_gids (input, retain_gids);
20   hb_set_t *codepoints = hb_subset_input_unicode_set (input);
21 
22   if (!drop_layout)
23   {
24     hb_set_del (hb_subset_input_drop_tables_set (input), HB_TAG ('G', 'S', 'U', 'B'));
25     hb_set_del (hb_subset_input_drop_tables_set (input), HB_TAG ('G', 'P', 'O', 'S'));
26     hb_set_del (hb_subset_input_drop_tables_set (input), HB_TAG ('G', 'D', 'E', 'F'));
27   }
28 
29   for (int i = 0; i < text_length; i++)
30   {
31     hb_set_add (codepoints, text[i]);
32   }
33 
34   hb_face_t *result = hb_subset (face, input);
35   hb_face_destroy (result);
36 
37   hb_subset_input_destroy (input);
38 }
39 
40 static void
trySubset(hb_face_t * face,const hb_codepoint_t text[],int text_length,const uint8_t flags[1])41 trySubset (hb_face_t *face,
42 	   const hb_codepoint_t text[],
43 	   int text_length,
44 	   const uint8_t flags[1])
45 {
46   bool drop_hints =  flags[0] & (1 << 0);
47   bool drop_layout = flags[0] & (1 << 1);
48   bool retain_gids = flags[0] & (1 << 2);
49   trySubset (face, text, text_length,
50 	     drop_hints, drop_layout, retain_gids);
51 }
52 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)53 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
54 {
55   hb_blob_t *blob = hb_blob_create ((const char *)data, size,
56 				    HB_MEMORY_MODE_READONLY, nullptr, nullptr);
57   hb_face_t *face = hb_face_create (blob, 0);
58 
59   /* Just test this API here quickly. */
60   hb_set_t *output = hb_set_create();
61   hb_face_collect_unicodes (face, output);
62   hb_set_destroy (output);
63 
64   uint8_t flags[1] = {0};
65   const hb_codepoint_t text[] =
66       {
67 	'A', 'B', 'C', 'D', 'E', 'X', 'Y', 'Z', '1', '2',
68 	'3', '@', '_', '%', '&', ')', '*', '$', '!'
69       };
70 
71   trySubset (face, text, sizeof (text) / sizeof (hb_codepoint_t), flags);
72 
73   hb_codepoint_t text_from_data[16];
74   if (size > sizeof(text_from_data) + sizeof(flags)) {
75     memcpy (text_from_data,
76 	    data + size - sizeof(text_from_data),
77 	    sizeof(text_from_data));
78 
79     memcpy (flags,
80 	    data + size - sizeof(text_from_data) - sizeof(flags),
81 	    sizeof(flags));
82     unsigned int text_size = sizeof (text_from_data) / sizeof (hb_codepoint_t);
83 
84     trySubset (face, text_from_data, text_size, flags);
85   }
86 
87   hb_face_destroy (face);
88   hb_blob_destroy (blob);
89 
90   return 0;
91 }
92