diff options
Diffstat (limited to 'modules/freetype2/src/tools/ftfuzzer')
-rw-r--r-- | modules/freetype2/src/tools/ftfuzzer/README | 12 | ||||
-rw-r--r-- | modules/freetype2/src/tools/ftfuzzer/ftfuzzer.cc | 100 | ||||
-rw-r--r-- | modules/freetype2/src/tools/ftfuzzer/ftmutator.cc | 2 | ||||
-rw-r--r-- | modules/freetype2/src/tools/ftfuzzer/rasterfuzzer.cc | 2 | ||||
-rw-r--r-- | modules/freetype2/src/tools/ftfuzzer/runinput.cc | 2 |
5 files changed, 81 insertions, 37 deletions
diff --git a/modules/freetype2/src/tools/ftfuzzer/README b/modules/freetype2/src/tools/ftfuzzer/README index c16b7e94e..09d8e9f32 100644 --- a/modules/freetype2/src/tools/ftfuzzer/README +++ b/modules/freetype2/src/tools/ftfuzzer/README @@ -6,7 +6,7 @@ ftfuzzer.cc ----------- This file contains a target function for FreeType fuzzing. It can be -used with libFuzzer (http://llvm.org/docs/LibFuzzer.html) or +used with libFuzzer (https://llvm.org/docs/LibFuzzer.html) or potentially any other similar fuzzer. Usage: @@ -20,7 +20,7 @@ Usage: -fsanitize=address,signed-integer-overflow,shift You also need the header files from the `libarchive' library - (http://www.libarchive.org/) for handling tar files (see file + (https://www.libarchive.org/) for handling tar files (see file `ftmutator.cc' below for more). 2. Link with `libFuzzer' (it contains `main') and `libarchive'. @@ -29,10 +29,14 @@ Usage: The exact flags and commands may vary. + https://github.com/google/oss-fuzz/tree/master/projects/freetype2 There is a continuous fuzzing bot that runs ftfuzzer. - https://github.com/google/libfuzzer-bot/tree/master/freetype + https://oss-fuzz.com + +(You need an account to be able to see coverage reports and the like +on oss-fuzz.com.) Check the bot configuration for the most current settings. @@ -64,7 +68,7 @@ a convenience `main' function. Link it with `ftfuzzer.cc', ---------------------------------------------------------------------- -Copyright 2015-2016 by +Copyright 2015-2018 by David Turner, Robert Wilhelm, and Werner Lemberg. This file is part of the FreeType project, and may only be used, diff --git a/modules/freetype2/src/tools/ftfuzzer/ftfuzzer.cc b/modules/freetype2/src/tools/ftfuzzer/ftfuzzer.cc index 31834a5f9..acf2bc982 100644 --- a/modules/freetype2/src/tools/ftfuzzer/ftfuzzer.cc +++ b/modules/freetype2/src/tools/ftfuzzer/ftfuzzer.cc @@ -2,7 +2,7 @@ // // A fuzzing function to test FreeType with libFuzzer. // -// Copyright 2015-2016 by +// Copyright 2015-2018 by // David Turner, Robert Wilhelm, and Werner Lemberg. // // This file is part of the FreeType project, and may only be used, @@ -43,8 +43,7 @@ #include FT_OUTLINE_H #include FT_BBOX_H #include FT_MODULE_H -#include FT_CFF_DRIVER_H -#include FT_TRUETYPE_DRIVER_H +#include FT_DRIVER_H #include FT_MULTIPLE_MASTERS_H @@ -61,7 +60,7 @@ return; // try to activate Adobe's CFF engine; it might not be the default - unsigned int cff_hinting_engine = FT_CFF_HINTING_ADOBE; + unsigned int cff_hinting_engine = FT_HINTING_ADOBE; FT_Property_Set( library, "cff", "hinting-engine", &cff_hinting_engine ); @@ -76,7 +75,7 @@ FT_Global global_ft; - // We want to select n values at random (without repitition), + // We want to select n values at random (without repetition), // with 0 < n <= N. The algorithm is taken from TAoCP, Vol. 2 // (Algorithm S, selection sampling technique) struct Random @@ -270,11 +269,20 @@ long num_faces = face->num_faces; FT_Done_Face( face ); - // loop over all faces - for ( long face_index = 0; - face_index < num_faces; - face_index++ ) + // loop over up to 20 arbitrarily selected faces + // from index range [0;num-faces-1] + long max_face_cnt = num_faces < 20 + ? num_faces + : 20; + + Random faces_pool( (int)max_face_cnt, (int)num_faces ); + + for ( long face_cnt = 0; + face_cnt < max_face_cnt; + face_cnt++ ) { + long face_index = faces_pool.get() - 1; + // get number of instances if ( FT_New_Memory_Face( library, files[0].data(), @@ -285,17 +293,41 @@ long num_instances = face->style_flags >> 16; FT_Done_Face( face ); - // load face with and without instances - for ( long instance_index = 0; - instance_index < num_instances + 1; - instance_index++ ) + // loop over the face without instance (index 0) + // and up to 20 arbitrarily selected instances + // from index range [1;num_instances] + long max_instance_cnt = num_instances < 20 + ? num_instances + : 20; + + Random instances_pool( (int)max_instance_cnt, (int)num_instances ); + + for ( long instance_cnt = 0; + instance_cnt <= max_instance_cnt; + instance_cnt++ ) { - if ( FT_New_Memory_Face( library, - files[0].data(), - (FT_Long)files[0].size(), - ( instance_index << 16 ) + face_index, - &face ) ) - continue; + long instance_index = 0; + + if ( !instance_cnt ) + { + if ( FT_New_Memory_Face( library, + files[0].data(), + (FT_Long)files[0].size(), + face_index, + &face ) ) + continue; + } + else + { + instance_index = instances_pool.get(); + + if ( FT_New_Memory_Face( library, + files[0].data(), + (FT_Long)files[0].size(), + ( instance_index << 16 ) + face_index, + &face ) ) + continue; + } // if we have more than a single input file coming from an archive, // attach them (starting with the second file) using the order given @@ -314,19 +346,24 @@ FT_Attach_Stream( face, &open_args ); } - // loop over an arbitrary size for outlines (index 0) - // and up to ten arbitrarily selected bitmap stroke sizes (index 1-10) - int max_idx = face->num_fixed_sizes < 10 - ? face->num_fixed_sizes - : 10; + // loop over an arbitrary size for outlines + // and up to ten arbitrarily selected bitmap strike sizes + // from the range [0;num_fixed_sizes - 1] + int max_size_cnt = face->num_fixed_sizes < 10 + ? face->num_fixed_sizes + : 10; - Random pool( max_idx, face->num_fixed_sizes ); + Random sizes_pool( max_size_cnt, face->num_fixed_sizes ); - for ( int idx = 0; idx <= max_idx; idx++ ) + for ( int size_cnt = 0; + size_cnt <= max_size_cnt; + size_cnt++ ) { FT_Int32 flags = load_flags; - if ( !idx ) + int size_index = 0; + + if ( !size_cnt ) { // set up 20pt at 72dpi as an arbitrary size if ( FT_Set_Char_Size( face, 20 * 64, 20 * 64, 72, 72 ) ) @@ -335,17 +372,20 @@ } else { - // bitmap strokes are not active for glyph variations + // bitmap strikes are not active for font variations if ( instance_index ) continue; - if ( FT_Select_Size( face, pool.get() - 1 ) ) + size_index = sizes_pool.get() - 1; + + if ( FT_Select_Size( face, size_index ) ) continue; flags |= FT_LOAD_COLOR; } // test MM interface only for a face without a selected instance - if ( instance_index == 0 ) + // and without a selected bitmap strike + if ( !instance_index && !size_cnt ) setIntermediateAxis( face ); // loop over all glyphs diff --git a/modules/freetype2/src/tools/ftfuzzer/ftmutator.cc b/modules/freetype2/src/tools/ftfuzzer/ftmutator.cc index 4818450aa..ae4b14040 100644 --- a/modules/freetype2/src/tools/ftfuzzer/ftmutator.cc +++ b/modules/freetype2/src/tools/ftfuzzer/ftmutator.cc @@ -2,7 +2,7 @@ // // A custom fuzzer mutator to test for FreeType with libFuzzer. // -// Copyright 2015-2016 by +// Copyright 2015-2018 by // David Turner, Robert Wilhelm, and Werner Lemberg. // // This file is part of the FreeType project, and may only be used, diff --git a/modules/freetype2/src/tools/ftfuzzer/rasterfuzzer.cc b/modules/freetype2/src/tools/ftfuzzer/rasterfuzzer.cc index 05187b0be..c69b95ea0 100644 --- a/modules/freetype2/src/tools/ftfuzzer/rasterfuzzer.cc +++ b/modules/freetype2/src/tools/ftfuzzer/rasterfuzzer.cc @@ -2,7 +2,7 @@ // // A fuzzing function to test FreeType's rasterizers with libFuzzer. // -// Copyright 2016 by +// Copyright 2016-2018 by // David Turner, Robert Wilhelm, and Werner Lemberg. // // This file is part of the FreeType project, and may only be used, diff --git a/modules/freetype2/src/tools/ftfuzzer/runinput.cc b/modules/freetype2/src/tools/ftfuzzer/runinput.cc index d5f9f1587..2b02f5758 100644 --- a/modules/freetype2/src/tools/ftfuzzer/runinput.cc +++ b/modules/freetype2/src/tools/ftfuzzer/runinput.cc @@ -2,7 +2,7 @@ // // A `main' function for fuzzers like `ftfuzzer.cc'. // -// Copyright 2015-2016 by +// Copyright 2015-2018 by // David Turner, Robert Wilhelm, and Werner Lemberg. // // This file is part of the FreeType project, and may only be used, |