blob: 08383e19c8420d030e6f2342884ccf470de725fa [file] [log] [blame]
// Copyright 2016 The Chromimum Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <cstdint>
#include "base/test/fuzzed_data_provider.h"
#include "third_party/sfntly/src/cpp/src/sample/chromium/font_subsetter.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
constexpr int kMaxFontNameSize = 128;
constexpr int kMaxFontSize = 50 * 1024 * 1024;
base::FuzzedDataProvider fuzzed_data(data, size);
size_t font_name_size = fuzzed_data.ConsumeUint32InRange(0, kMaxFontNameSize);
base::StringPiece font_name = fuzzed_data.ConsumeBytes(font_name_size);
size_t font_str_size = fuzzed_data.ConsumeUint32InRange(0, kMaxFontSize);
base::StringPiece font_str = fuzzed_data.ConsumeBytes(font_str_size);
const unsigned char* font_data =
reinterpret_cast<const unsigned char*>(font_str.data());
base::StringPiece glyph_ids_str = fuzzed_data.ConsumeRemainingBytes();
const unsigned int* glyph_ids =
reinterpret_cast<const unsigned int*>(glyph_ids_str.data());
size_t glyph_ids_size =
glyph_ids_str.size() * sizeof(char) / sizeof(unsigned int);
unsigned char* output = nullptr;
SfntlyWrapper::SubsetFont(font_name.data(), font_data, font_str_size,
glyph_ids, glyph_ids_size, &output);
delete[] output;
return 0;
}