• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #include "hb-fuzzer.hh"
2 
3 #include <stdlib.h>
4 #include <stdio.h>
5 #include <string.h>
6 #include <assert.h>
7 
8 #include "hb-subset.h"
9 
10 static void
trySubset(hb_face_t * face,const hb_codepoint_t text[],int text_length,bool drop_hints,bool drop_layout,bool retain_gids)11 trySubset (hb_face_t *face,
12 	   const hb_codepoint_t text[],
13 	   int text_length,
14 	   bool drop_hints,
15 	   bool drop_layout,
16 	   bool retain_gids)
17 {
18   hb_subset_input_t *input = hb_subset_input_create_or_fail ();
19   hb_subset_input_set_drop_hints (input, drop_hints);
20   hb_subset_input_set_retain_gids (input, retain_gids);
21   hb_set_t *codepoints = hb_subset_input_unicode_set (input);
22 
23   if (!drop_layout)
24   {
25     hb_set_del (hb_subset_input_drop_tables_set (input), HB_TAG ('G', 'S', 'U', 'B'));
26     hb_set_del (hb_subset_input_drop_tables_set (input), HB_TAG ('G', 'P', 'O', 'S'));
27     hb_set_del (hb_subset_input_drop_tables_set (input), HB_TAG ('G', 'D', 'E', 'F'));
28   }
29 
30   for (int i = 0; i < text_length; i++)
31   {
32     hb_set_add (codepoints, text[i]);
33   }
34 
35   hb_face_t *result = hb_subset (face, input);
36   {
37     hb_blob_t *blob = hb_face_reference_blob (result);
38     unsigned int length;
39     const char *data = hb_blob_get_data (blob, &length);
40 
41     // Something not optimizable just to access all the blob data
42     unsigned int bytes_count = 0;
43     for (unsigned int i = 0; i < length; ++i)
44       if (data[i]) ++bytes_count;
45     assert (bytes_count || !length);
46 
47     hb_blob_destroy (blob);
48   }
49   hb_face_destroy (result);
50 
51   hb_subset_input_destroy (input);
52 }
53 
54 static void
trySubset(hb_face_t * face,const hb_codepoint_t text[],int text_length,const uint8_t flags[1])55 trySubset (hb_face_t *face,
56 	   const hb_codepoint_t text[],
57 	   int text_length,
58 	   const uint8_t flags[1])
59 {
60   bool drop_hints =  flags[0] & (1 << 0);
61   bool drop_layout = flags[0] & (1 << 1);
62   bool retain_gids = flags[0] & (1 << 2);
63   trySubset (face, text, text_length,
64 	     drop_hints, drop_layout, retain_gids);
65 }
66 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)67 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
68 {
69   hb_blob_t *blob = hb_blob_create ((const char *)data, size,
70 				    HB_MEMORY_MODE_READONLY, nullptr, nullptr);
71   hb_face_t *face = hb_face_create (blob, 0);
72 
73   /* Just test this API here quickly. */
74   hb_set_t *output = hb_set_create();
75   hb_face_collect_unicodes (face, output);
76   hb_set_destroy (output);
77 
78   uint8_t flags[1] = {0};
79   const hb_codepoint_t text[] =
80       {
81 	'A', 'B', 'C', 'D', 'E', 'X', 'Y', 'Z', '1', '2',
82 	'3', '@', '_', '%', '&', ')', '*', '$', '!'
83       };
84 
85   trySubset (face, text, sizeof (text) / sizeof (hb_codepoint_t), flags);
86 
87   hb_codepoint_t text_from_data[16];
88   if (size > sizeof(text_from_data) + sizeof(flags)) {
89     memcpy (text_from_data,
90 	    data + size - sizeof(text_from_data),
91 	    sizeof(text_from_data));
92 
93     memcpy (flags,
94 	    data + size - sizeof(text_from_data) - sizeof(flags),
95 	    sizeof(flags));
96     unsigned int text_size = sizeof (text_from_data) / sizeof (hb_codepoint_t);
97 
98     trySubset (face, text_from_data, text_size, flags);
99   }
100 
101   hb_face_destroy (face);
102   hb_blob_destroy (blob);
103 
104   return 0;
105 }
106