1 #include "hb-fuzzer.hh"
2
3 #include <hb-ot.h>
4 #include <string.h>
5
6 #include <stdlib.h>
7
8 #define TEST_OT_FACE_NO_MAIN 1
9 #include "../api/test-ot-face.c"
10 #undef TEST_OT_FACE_NO_MAIN
11
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)12 extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
13 {
14 alloc_state = size; /* see src/failing-alloc.c */
15
16 hb_blob_t *blob = hb_blob_create ((const char *)data, size,
17 HB_MEMORY_MODE_READONLY, nullptr, nullptr);
18 hb_face_t *face = hb_face_create (blob, 0);
19 hb_font_t *font = hb_font_create (face);
20 hb_ot_font_set_funcs (font);
21 hb_font_set_scale (font, 12, 12);
22
23 unsigned num_coords = 0;
24 if (size) num_coords = data[size - 1];
25 num_coords = hb_ot_var_get_axis_count (face) > num_coords ? num_coords : hb_ot_var_get_axis_count (face);
26 int *coords = (int *) calloc (num_coords, sizeof (int));
27 if (size > num_coords + 1)
28 for (unsigned i = 0; i < num_coords; ++i)
29 coords[i] = ((int) data[size - num_coords + i - 1] - 128) * 10;
30 hb_font_set_var_coords_normalized (font, coords, num_coords);
31 free (coords);
32
33 {
34 const char text[] = "ABCDEXYZ123@_%&)*$!";
35 hb_buffer_t *buffer = hb_buffer_create ();
36 hb_buffer_add_utf8 (buffer, text, -1, 0, -1);
37 hb_buffer_guess_segment_properties (buffer);
38 hb_shape (font, buffer, nullptr, 0);
39 hb_buffer_destroy (buffer);
40 }
41
42 uint32_t text32[16] = {0};
43 unsigned int len = sizeof (text32);
44 if (size < len)
45 len = size;
46 if (len)
47 memcpy (text32, data + size - len, len);
48
49 /* Misc calls on font. */
50 text32[10] = test_font (font, text32[15]) % 256;
51
52 hb_buffer_t *buffer = hb_buffer_create ();
53 hb_buffer_add_utf32 (buffer, text32, sizeof (text32) / sizeof (text32[0]), 0, -1);
54 hb_buffer_guess_segment_properties (buffer);
55 hb_shape (font, buffer, nullptr, 0);
56 hb_buffer_destroy (buffer);
57
58 hb_font_destroy (font);
59 hb_face_destroy (face);
60 hb_blob_destroy (blob);
61 return 0;
62 }
63