xref: /aosp_15_r20/external/harfbuzz_ng/test/fuzzing/hb-shape-fuzzer.cc (revision 2d1272b857b1f7575e6e246373e1cb218663db8a) 
1*2d1272b8SAndroid Build Coastguard Worker #include "hb-fuzzer.hh"
2*2d1272b8SAndroid Build Coastguard Worker 
3*2d1272b8SAndroid Build Coastguard Worker #include <hb-ot.h>
4*2d1272b8SAndroid Build Coastguard Worker #include <string.h>
5*2d1272b8SAndroid Build Coastguard Worker 
6*2d1272b8SAndroid Build Coastguard Worker #include <stdlib.h>
7*2d1272b8SAndroid Build Coastguard Worker 
8*2d1272b8SAndroid Build Coastguard Worker #define TEST_OT_FACE_NO_MAIN 1
9*2d1272b8SAndroid Build Coastguard Worker #include "../api/test-ot-face.c"
10*2d1272b8SAndroid Build Coastguard Worker #undef TEST_OT_FACE_NO_MAIN
11*2d1272b8SAndroid Build Coastguard Worker 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)12*2d1272b8SAndroid Build Coastguard Worker extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
13*2d1272b8SAndroid Build Coastguard Worker {
14*2d1272b8SAndroid Build Coastguard Worker   alloc_state = _fuzzing_alloc_state (data, size);
15*2d1272b8SAndroid Build Coastguard Worker 
16*2d1272b8SAndroid Build Coastguard Worker   hb_blob_t *blob = hb_blob_create ((const char *)data, size,
17*2d1272b8SAndroid Build Coastguard Worker 				    HB_MEMORY_MODE_READONLY, nullptr, nullptr);
18*2d1272b8SAndroid Build Coastguard Worker   hb_face_t *face = hb_face_create (blob, 0);
19*2d1272b8SAndroid Build Coastguard Worker   hb_font_t *font = hb_font_create (face);
20*2d1272b8SAndroid Build Coastguard Worker   hb_ot_font_set_funcs (font);
21*2d1272b8SAndroid Build Coastguard Worker   hb_font_set_scale (font, 12, 12);
22*2d1272b8SAndroid Build Coastguard Worker 
23*2d1272b8SAndroid Build Coastguard Worker   unsigned num_coords = 0;
24*2d1272b8SAndroid Build Coastguard Worker   if (size) num_coords = data[size - 1];
25*2d1272b8SAndroid Build Coastguard Worker   num_coords = hb_ot_var_get_axis_count (face) > num_coords ? num_coords : hb_ot_var_get_axis_count (face);
26*2d1272b8SAndroid Build Coastguard Worker   int *coords = (int *) calloc (num_coords, sizeof (int));
27*2d1272b8SAndroid Build Coastguard Worker   if (size > num_coords + 1)
28*2d1272b8SAndroid Build Coastguard Worker     for (unsigned i = 0; i < num_coords; ++i)
29*2d1272b8SAndroid Build Coastguard Worker       coords[i] = ((int) data[size - num_coords + i - 1] - 128) * 10;
30*2d1272b8SAndroid Build Coastguard Worker   hb_font_set_var_coords_normalized (font, coords, num_coords);
31*2d1272b8SAndroid Build Coastguard Worker   free (coords);
32*2d1272b8SAndroid Build Coastguard Worker 
33*2d1272b8SAndroid Build Coastguard Worker   {
34*2d1272b8SAndroid Build Coastguard Worker     const char text[] = "ABCDEXYZ123@_%&)*$!";
35*2d1272b8SAndroid Build Coastguard Worker     hb_buffer_t *buffer = hb_buffer_create ();
36*2d1272b8SAndroid Build Coastguard Worker     hb_buffer_set_flags (buffer, (hb_buffer_flags_t) (HB_BUFFER_FLAG_VERIFY /* | HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT */));
37*2d1272b8SAndroid Build Coastguard Worker     hb_buffer_add_utf8 (buffer, text, -1, 0, -1);
38*2d1272b8SAndroid Build Coastguard Worker     hb_buffer_guess_segment_properties (buffer);
39*2d1272b8SAndroid Build Coastguard Worker     hb_shape (font, buffer, nullptr, 0);
40*2d1272b8SAndroid Build Coastguard Worker     hb_buffer_destroy (buffer);
41*2d1272b8SAndroid Build Coastguard Worker   }
42*2d1272b8SAndroid Build Coastguard Worker 
43*2d1272b8SAndroid Build Coastguard Worker   uint32_t text32[16] = {0};
44*2d1272b8SAndroid Build Coastguard Worker   unsigned int len = sizeof (text32);
45*2d1272b8SAndroid Build Coastguard Worker   if (size < len)
46*2d1272b8SAndroid Build Coastguard Worker     len = size;
47*2d1272b8SAndroid Build Coastguard Worker   if (len)
48*2d1272b8SAndroid Build Coastguard Worker     memcpy (text32, data + size - len, len);
49*2d1272b8SAndroid Build Coastguard Worker 
50*2d1272b8SAndroid Build Coastguard Worker   /* Misc calls on font. */
51*2d1272b8SAndroid Build Coastguard Worker   text32[10] = test_font (font, text32[15]) % 256;
52*2d1272b8SAndroid Build Coastguard Worker 
53*2d1272b8SAndroid Build Coastguard Worker   hb_buffer_t *buffer = hb_buffer_create ();
54*2d1272b8SAndroid Build Coastguard Worker  // hb_buffer_set_flags (buffer, (hb_buffer_flags_t) (HB_BUFFER_FLAG_VERIFY | HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT));
55*2d1272b8SAndroid Build Coastguard Worker   hb_buffer_add_utf32 (buffer, text32, sizeof (text32) / sizeof (text32[0]), 0, -1);
56*2d1272b8SAndroid Build Coastguard Worker   hb_buffer_guess_segment_properties (buffer);
57*2d1272b8SAndroid Build Coastguard Worker   hb_shape (font, buffer, nullptr, 0);
58*2d1272b8SAndroid Build Coastguard Worker   hb_buffer_destroy (buffer);
59*2d1272b8SAndroid Build Coastguard Worker 
60*2d1272b8SAndroid Build Coastguard Worker   hb_font_destroy (font);
61*2d1272b8SAndroid Build Coastguard Worker   hb_face_destroy (face);
62*2d1272b8SAndroid Build Coastguard Worker   hb_blob_destroy (blob);
63*2d1272b8SAndroid Build Coastguard Worker   return 0;
64*2d1272b8SAndroid Build Coastguard Worker }
65