• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #include "hb-fuzzer.hh"
2 
3 #include <stdlib.h>
4 #include <stdio.h>
5 #include <string.h>
6 #include <assert.h>
7 
8 #include "hb-subset.h"
9 
10 static void
trySubset(hb_face_t * face,const hb_codepoint_t text[],int text_length,unsigned flag_bits)11 trySubset (hb_face_t *face,
12 	   const hb_codepoint_t text[],
13 	   int text_length,
14            unsigned flag_bits)
15 {
16   hb_subset_input_t *input = hb_subset_input_create_or_fail ();
17   if (!input) return;
18 
19   hb_subset_input_set_flags (input, (hb_subset_flags_t) flag_bits);
20 
21   hb_set_t *codepoints = hb_subset_input_unicode_set (input);
22 
23   for (int i = 0; i < text_length; i++)
24     hb_set_add (codepoints, text[i]);
25 
26   hb_face_t *result = hb_subset_or_fail (face, input);
27   if (result)
28   {
29     hb_blob_t *blob = hb_face_reference_blob (result);
30     unsigned int length;
31     const char *data = hb_blob_get_data (blob, &length);
32 
33     // Something not optimizable just to access all the blob data
34     unsigned int bytes_count = 0;
35     for (unsigned int i = 0; i < length; ++i)
36       if (data[i]) ++bytes_count;
37     assert (bytes_count || !length);
38 
39     hb_blob_destroy (blob);
40   }
41   hb_face_destroy (result);
42 
43   hb_subset_input_destroy (input);
44 }
45 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)46 extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
47 {
48   alloc_state = size; /* see src/failing-alloc.c */
49 
50   hb_blob_t *blob = hb_blob_create ((const char *) data, size,
51 				    HB_MEMORY_MODE_READONLY, nullptr, nullptr);
52   hb_face_t *face = hb_face_create (blob, 0);
53 
54   /* Just test this API here quickly. */
55   hb_set_t *output = hb_set_create ();
56   hb_face_collect_unicodes (face, output);
57   hb_set_destroy (output);
58 
59   unsigned flags = HB_SUBSET_FLAGS_DEFAULT;
60   const hb_codepoint_t text[] =
61       {
62 	'A', 'B', 'C', 'D', 'E', 'X', 'Y', 'Z', '1', '2',
63 	'3', '@', '_', '%', '&', ')', '*', '$', '!'
64       };
65 
66   trySubset (face, text, sizeof (text) / sizeof (hb_codepoint_t), flags);
67 
68   hb_codepoint_t text_from_data[16];
69   if (size > sizeof (text_from_data) + sizeof (flags)) {
70     memcpy (text_from_data,
71 	    data + size - sizeof (text_from_data),
72 	    sizeof (text_from_data));
73 
74     memcpy (&flags,
75 	    data + size - sizeof (text_from_data) - sizeof (flags),
76 	    sizeof (flags));
77     unsigned int text_size = sizeof (text_from_data) / sizeof (hb_codepoint_t);
78 
79     trySubset (face, text_from_data, text_size, flags);
80   }
81 
82   hb_face_destroy (face);
83   hb_blob_destroy (blob);
84 
85   return 0;
86 }
87