From ee6b4115d2f39e1d2d29616cdd6c1706dbc4c7d9 Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Sat, 12 Mar 2016 23:48:13 +0100 Subject: [PATCH] [ftfuzzer] Improve coverage of rasterfuzzer. * src/tools/ftfuzzer/rasterfuzzer.cc (LLVMFuzzerTestOneInput): Use input data for `tags' array also. Trim input data to get more positive hits. --- ChangeLog | 8 +++++ src/tools/ftfuzzer/rasterfuzzer.cc | 47 +++++++++++++++++++++++------- 2 files changed, 44 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6dd1f0c73..3dedbe044 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2016-03-12 Werner Lemberg + + [ftfuzzer] Improve coverage of rasterfuzzer. + + * src/tools/ftfuzzer/rasterfuzzer.cc (LLVMFuzzerTestOneInput): Use + input data for `tags' array also. + Trim input data to get more positive hits. + 2016-03-11 Pavlo Denysov Fix CMake issues for iOS (patch #8941). diff --git a/src/tools/ftfuzzer/rasterfuzzer.cc b/src/tools/ftfuzzer/rasterfuzzer.cc index 37cc7542e..05187b0be 100644 --- a/src/tools/ftfuzzer/rasterfuzzer.cc +++ b/src/tools/ftfuzzer/rasterfuzzer.cc @@ -71,27 +71,52 @@ NULL // palette }; - short n_points = short( size_ / sizeof ( FT_Vector ) ); + const size_t vsize = sizeof ( FT_Vector ); + const size_t tsize = sizeof ( char ); + + // we use the input data for both points and tags + short n_points = short( size_ / ( vsize + tsize ) ); if ( n_points <= 2 ) return 0; FT_Vector* points = reinterpret_cast( - const_cast( data ) ); + const_cast( + data ) ); + char* tags = reinterpret_cast( + const_cast( + data + size_t( n_points ) * vsize ) ); + + // to reduce the number of invalid outlines that are immediately + // rejected in `FT_Outline_Render', limit values to 2^18 pixels + // (i.e., 2^24 bits) + for ( short i = 0; i < n_points; i++ ) + { + if ( points[i].x == LONG_MIN ) + points[i].x = 0; + else if ( points[i].x < 0 ) + points[i].x = -( -points[i].x & 0xFFFFFF ) - 1; + else + points[i].x = ( points[i].x & 0xFFFFFF ) + 1; + + if ( points[i].y == LONG_MIN ) + points[i].y = 0; + else if ( points[i].y < 0 ) + points[i].y = -( -points[i].y & 0xFFFFFF ) - 1; + else + points[i].y = ( points[i].y & 0xFFFFFF ) + 1; + } short contours[1]; contours[0] = n_points - 1; - vector tags( (size_t)n_points ); - fill( tags.begin(), tags.end(), 1 ); - FT_Outline outline = { - 1, // n_contours - n_points, // n_points - points, // points - reinterpret_cast( tags.data() ), // tags - contours, // contours - FT_OUTLINE_NONE // flags + 1, // n_contours + n_points, // n_points + points, // points + tags, // tags + contours, // contours + FT_OUTLINE_NONE // flags }; FT_Outline_Get_Bitmap( library, &outline, &bitmap_mono );