Currently, libFuzzer only supports mutation of a single file. We
circumvent this problem by using an uncompressed tar archive as
multiple-file input for the fuzzer.
This patch enables tests of `FT_Attach_Stream' and AFM/PFM parsing;
a constructed tarball should contain a font file as the first
element, and files to be attached as further elements.
* src/tools/ftfuzzer/ftfuzzer.cc: Include libarchive headers.
(archive_read_entry_data, parse_data): New functions.
(LLVMFuzzerTestOneInput): Updated.
* src/tools/ftfuzzer/ftmutator.cc: New file, providing a custom
mutator for libFuzzer that can mutate tarballs in a sensible way.
* src/autofit/afhints.c (af_print_idx, af_get_segment_index,
af_get_edge_index): New functions.
(af_glyph_hints_dump_points): Remove unnecessary `|', `[', and `]'.
Add segment and edge index for each point.
Slightly change printing order of some elements.
Don't print `-1' but `--' for missing elements.
(af_glyph_hints_dump_segments, af_glyph_hints_dump_edges): Remove
unnecessary `|', `[', and `]'.
Don't print `-1' but `--' for missing elements.
Problem reported by Nikolay Sivov <bunglehead@gmail.com>.
* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Avoid zero value
for `metrics->height' by applying some heuristics.
This modifies the addition of subroutine number to subroutine bias
from unsigned to signed, but does not change any results.
* src/cff/cf2ft.c (cf2_initGlobalRegionBuffer,
cf2_initLocalRegionBuffer): Change variable names from (unsigned)
`idx' to (signed) `subrNum', since it is not an index until after
the bias is added.
* src/cff/cf2ft.h: Updated.
* src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdCALLSUBR>:
Updated similarly.
* src/cid/cidload.c (parse_fd_array): Check `num_dicts' against
stream size.
(cid_read_subrs): Check largest offset against stream size.
(cid_parse_dict): Move safety check to ...
(cid_face_open): ... this function.
Also test length of binary data and values of `SDBytes',
`SubrMapOffset', `SubrCount', `CIDMapOffset', and `CIDCount'.
Due to incorrect casting negative numbers were shown as very large
(positive) integers on 64bit systems.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings) <op_none>:
Use division instead of shift.
* src/bdf/bdflib.c (ACMSG17): New message macro.
(_bdf_parse_t): Add member `size'.
(bdf_load_font): Set `size'.
(_bdf_parse_glyphs): Adjust `cnt' if necessary.
Similar to other font formats, this commit makes the parser no
longer check the whole PCF file but only the header and the TOC if
we just want to get the number of available faces (and a proper
recognition of the font format).
* src/pcf/pcfdrivr.c (PCF_Face_Init): Updated.
Exit quickly if face_index < 0.
* src/pcfread.c (pcf_load_font): Add `face_index' argument.
Exit quickly if face_index < 0.
* src/pcf/pcf.h: Updated.
This patch also contains various other improvements.
* src/tools/ftfuzzer/ftfuzzer.cc: Add preprocessor guard to reject
pre-C++11 compilers.
(FT_Global): New class. Use it to provide a global constructor and
destructor for the `FT_Library' object.
(setIntermediateAxis): New function to select an (arbitrary)
instance.
(LLVMFuzzerTestOneInput): Loop over all faces and named instances.
Also call `FT_Set_Char_Size'.
Use the `gvar' table size instead of the remaining bytes in the
stream.
* src/truetype/ttgxvar.h (GX_BlendRec): New field `gvar_size'.
* src/truetype/ttgxvar.c (ft_var_load_gvar): Set `gvar_size'.
(ft_var_readpackedpoints, ft_var_readpackeddeltas: New argument
`size'.
(tt_face_vary_cvt, TT_Vary_Apply_Glyph_Deltas): Updated.