Google Git
Sign in
chromium / external / github.com / freetype / freetype2-testing / 5e8b2b33c76032dadccb04593e17d32193f6802c / . / fuzzing
tree: 7819702e81fd028b8266c2befa68cdc117152c72 [path history] [tgz]
  1. corpora/
  2. scripts/
  3. settings/
  4. src/
  5. CMakeLists.txt
  6. README.md
fuzzing/README.md

License: GPL v2 Build Status

FreeType

https://www.freetype.org

FreeType is a freely available software library to render fonts.

Fuzzing

The Fuzzing subproject has two main purposes:

  • OSS-Fuzz: Provide the source code and build scripts for OSS Fuzz's fuzzers.
  • Travis CI: Provide settings, source code, and build scripts for the regression test suite.

Structure

The general structure of this subproject is as follows:

  • corpora: The initial corpora for OSS-Fuzz and the regression tests.
  • scripts: Scripts that build the fuzz targets and prepare files (corpora and settings) for OSS-Fuzz.
  • settings: Various settings for the OSS-Fuzz targets as well as for used submodules.
  • src: Source code of the fuzz targets.

Fuzzed Coverage

The fuzzers reach large parts of FreeType (1 September 2018):

TotalPercent
Functions1462/161690.41%
Lines of Code73866/8315688.90%

Fuzzed API

The following tables provide an overview over currently fuzzed and unfuzzed parts of FreeType's API. Columns have the following meaning:

  • Function: The name of an API function.
  • Module: The name of a module when set via FT_Property_Set.
  • Property: The name of a property when set via FT_Property_Set.
  • Fuzzed:
    • (:wavy_dash:) A function is used at least once, by one fuzz target.
    • (:heavy_check_mark:) A function is used in (almost) every possible way and it is up the fuzzer to find inputs that fully test it.
  • Resources: Some important resources that a function uses. This list is by no means complete. It merely highlights important shared resources that carry over from one function to another.
  • Alias: Other functions that do exactly the same.
  • Calls: Other API functions that a function calls. Used to track down implicitely used API functions.
  • Called by: Other API functions that call a function. Used to track down implicitely used API functions.

FreeType Version

https://www.freetype.org/freetype2/docs/reference/ft2-version.html

FunctionFuzzedResources
1.1.1FT_Library_Version:heavy_check_mark:Library
1.1.2FT_Face_CheckTrueTypePatents:heavy_check_mark:Face
1.1.3FT_Face_SetUnpatentedHinting:heavy_check_mark:Face

Base Interface

https://www.freetype.org/freetype2/docs/reference/ft2-base_interface.html

FunctionFuzzedResources
2.1.1FT_Init_FreeType:heavy_check_mark:
2.1.2FT_Done_FreeType:heavy_check_mark:Library
FunctionFuzzedResourcesCallsCalled by
2.2.1FT_New_FaceLibrary
File Path
2.2.2FT_Done_Face:heavy_check_mark:Face6.1.1
2.2.3FT_Reference_FaceFace
2.2.4FT_New_Memory_Face:heavy_check_mark:Library
Bytes		2.2.6
2.2.5FT_Face_PropertiesFace
2.2.6FT_Open_Face:heavy_check_mark:Library6.1.22.2.4
2.2.8
2.2.7FT_Attach_FileFace
File Path
2.2.8FT_Attach_Stream:heavy_check_mark:Face
Bytes		2.2.6
FunctionFuzzedResourcesCallsCalled by
2.3.1FT_Set_Char_Size:heavy_check_mark:Face2.3.3
2.3.2FT_Set_Pixel_Sizes:heavy_check_mark:Face
2.3.3FT_Request_Size:heavy_check_mark:Face2.3.1
2.3.4FT_Select_Size:heavy_check_mark:Face
2.3.5FT_Set_Transform:heavy_check_mark:Face
FunctionFuzzedResourcesCallsCalled by
2.4.1FT_Load_Glyph:heavy_check_mark:Face
Glyph Index
Load Flags		2.5.12.4.6
2.4.2FT_Get_Char_Index:heavy_check_mark:Face
Char Code		2.4.6
2.4.3FT_Get_First_Char:heavy_check_mark:Face
2.4.4FT_Get_Next_Char:heavy_check_mark:Face
Char Code
2.4.5FT_Get_Name_Index:heavy_check_mark:Face
2.4.6FT_Load_Char:heavy_check_mark:Face
Char Code
Load Flags		2.4.1
2.4.2
FunctionFuzzedResourcesCalled by
2.5.1FT_Render_Glyph:heavy_check_mark:Glyph Slot2.4.1
FunctionFuzzedResources
2.6.1FT_Get_Kerning:heavy_check_mark:Face
2x Glyph Index
2.6.2FT_Get_Track_Kerning:heavy_check_mark:Face
FunctionFuzzedResources
2.7.1FT_Get_Glyph_Name:heavy_check_mark:Face
Glyph Index
2.7.2FT_Get_Postscript_Name:heavy_check_mark:Face
FunctionFuzzedResources
2.8.1FT_Select_Charmap:heavy_check_mark:Face
2.8.2FT_Set_Charmap:heavy_check_mark:Face
Char Map
2.8.3FT_Get_Charmap_Index:heavy_check_mark:Face
Char Map
FunctionFuzzedResources
2.9.1FT_Get_FSType_Flags:heavy_check_mark:Face
2.9.2FT_Get_SubGlyph_Info:heavy_check_mark:Glyph Slot
Subglyph Index

Unicode Variation Sequences

https://www.freetype.org/freetype2/docs/reference/ft2-glyph_variants.html

FunctionFuzzedResources
3.1.1FT_Face_GetCharVariantIndex:heavy_check_mark:Face
Char Code
Var Selector
3.1.2FT_Face_GetCharVariantIsDefault:heavy_check_mark:Face
Char Code
Var Selector
3.1.3FT_Face_GetVariantSelectors:heavy_check_mark:Face
3.1.4FT_Face_GetVariantsOfChar:heavy_check_mark:Face
Char Code
3.1.5FT_Face_GetCharsOfVariant:heavy_check_mark:Face
Var Selector

Glyph Management

https://www.freetype.org/freetype2/docs/reference/ft2-glyph_management.html

FunctionFuzzedResources
4.1.1FT_Get_Glyph:heavy_check_mark:Glyph Slot
4.1.2FT_Glyph_Copy:heavy_check_mark:Glyph
4.1.3FT_Glyph_Transform:heavy_check_mark:Glyph
4.1.4FT_Glyph_Get_CBox:heavy_check_mark:Glyph
4.1.5FT_Glyph_To_Bitmap:heavy_check_mark:Glyph
4.1.6FT_Done_Glyph:heavy_check_mark:Glyph

Mac Specific Interface

https://www.freetype.org/freetype2/docs/reference/ft2-mac_specific.html

FunctionFuzzed
5.1.1FT_New_Face_From_FOND
5.1.2FT_GetFile_From_Mac_Name
5.1.3FT_GetFile_From_Mac_ATS_Name
5.1.4FT_GetFilePath_From_Mac_ATS_Name
5.1.5FT_New_Face_From_FSSpec
5.1.6FT_New_Face_From_FSRef

Size Management

https://www.freetype.org/freetype2/docs/reference/ft2-sizes_management.html

FunctionFuzzedResourcesCalled by
6.1.1FT_New_Size:heavy_check_mark:Face2.2.6
6.1.2FT_Done_Size:heavy_check_mark:Size2.2.2
6.1.3FT_Activate_SizeSize

Multiple Masters

https://www.freetype.org/freetype2/docs/reference/ft2-multiple_masters.html

FunctionFuzzedResourcesAlias
7.1.1FT_Get_Multi_Master:heavy_check_mark:Face
7.1.2FT_Get_MM_Var:heavy_check_mark:Face
7.1.3FT_Done_MM_Var:heavy_check_mark:Library
MM Var
7.1.4FT_Set_MM_Design_Coordinates:heavy_check_mark:Face
7.1.5FT_Set_Var_Design_Coordinates:heavy_check_mark:Face
7.1.6FT_Get_Var_Design_Coordinates:heavy_check_mark:Face
7.1.7FT_Set_MM_Blend_Coordinates:wavy_dash:Face7.1.9
7.1.8FT_Get_MM_Blend_Coordinates:heavy_check_mark:Face7.1.10
7.1.9FT_Set_Var_Blend_Coordinates:wavy_dash:Face7.1.7
7.1.10FT_Get_Var_Blend_Coordinates:heavy_check_mark:Face7.1.8
7.1.11FT_Get_Var_Axis_Flags:heavy_check_mark:MM Var
7.1.12FT_Set_Named_Instance:wavy_dash:Face

TrueType Tables

https://www.freetype.org/freetype2/docs/reference/ft2-truetype_tables.html

FunctionFuzzedResources
8.1.1FT_Get_Sfnt_Table:heavy_check_mark:Face
8.1.2FT_Load_Sfnt_Table:wavy_dash:Face
8.1.3FT_Sfnt_Table_Info:heavy_check_mark:Face
8.1.4FT_Get_CMap_Language_ID:heavy_check_mark:Char Map
8.1.5FT_Get_CMap_Format:heavy_check_mark:Char Map

Type 1 Tables

https://www.freetype.org/freetype2/docs/reference/ft2-type1_tables.html

FunctionFuzzedResources
9.1.1FT_Has_PS_Glyph_Names:heavy_check_mark:Face
9.1.2FT_Get_PS_Font_Info:heavy_check_mark:Face
9.1.3FT_Get_PS_Font_Private:heavy_check_mark:Face
9.1.4FT_Get_PS_Font_Value:heavy_check_mark:Face

SFNT Names

https://www.freetype.org/freetype2/docs/reference/ft2-sfnt_names.html

FunctionFuzzedResources
10.1.1FT_Get_Sfnt_Name_Count:heavy_check_mark:Face
10.1.2FT_Get_Sfnt_Name:heavy_check_mark:Face
10.1.3FT_Get_Sfnt_LangTag:heavy_check_mark:Face

BDF and PCF Files

https://www.freetype.org/freetype2/docs/reference/ft2-bdf_fonts.html

FunctionFuzzed
11.1.1FT_Get_BDF_Charset_ID:heavy_check_mark:
11.1.2FT_Get_BDF_Property

CID Fonts

https://www.freetype.org/freetype2/docs/reference/ft2-cid_fonts.html

FunctionFuzzedResources
12.1.1FT_Get_CID_Registry_Ordering_Supplement:heavy_check_mark:Face
12.1.2FT_Get_CID_Is_Internally_CID_Keyed:heavy_check_mark:Face
12.1.3FT_Get_CID_From_Glyph_Index:heavy_check_mark:Face
Glyph Index

PFR Fonts

https://www.freetype.org/freetype2/docs/reference/ft2-pfr_fonts.html

FunctionFuzzed
13.1.1FT_Get_PFR_Metrics
13.1.2FT_Get_PFR_Kerning
13.1.3FT_Get_PFR_Advance

Window FNT Files

https://www.freetype.org/freetype2/docs/reference/ft2-winfnt_fonts.html

FunctionFuzzedResources
14.1.1FT_Get_WinFNT_Header:heavy_check_mark:Face

Font Formats

https://www.freetype.org/freetype2/docs/reference/ft2-font_formats.html

FunctionFuzzedResources
15.1.1FT_Get_Font_Format:heavy_check_mark:Face

Gasp Table

https://www.freetype.org/freetype2/docs/reference/ft2-gasp_table.html

FunctionFuzzedResources
16.1.1FT_Get_Gasp:heavy_check_mark:Face

Driver Properties

https://www.freetype.org/freetype2/docs/reference/ft2-properties.html

ModulePropertyFuzzed
17.1.1autofitterdarkening-parameters
17.1.2autofitterdefault-script
17.1.3autofitterfallback-script
17.1.4autofitterincrease-x-height
17.1.5autofitterno-stem-darkening
17.1.6autofitterwarping :heavy_check_mark:
17.1.7cffdarkening-parameters
17.1.8cffhinting-engine:heavy_check_mark:
17.1.9cffno-stem-darkening
17.1.10cffrandom-seed
17.1.11pcfno-long-family-names
17.1.12t1ciddarkening-parameters
17.1.13t1cidhinting-engine:heavy_check_mark:
17.1.14t1cidno-stem-darkening
17.1.15t1cidrandom-seed
17.1.16truetypeinterpreter-version :heavy_check_mark:
17.1.17type1darkening-parameters
17.1.18type1hinting-engine:heavy_check_mark:
17.1.19type1no-stem-darkening
17.1.20type1random-seed

Cache Sub-System

https://www.freetype.org/freetype2/docs/reference/ft2-cache_subsystem.html

FunctionFuzzed
18.1.1FTC_Manager_New
18.1.2FTC_Manager_Reset
18.1.3FTC_Manager_Done
18.1.4FTC_Manager_LookupFace
18.1.5FTC_Manager_LookupSize
18.1.6FTC_Manager_RemoveFaceID
18.1.7FTC_Node_Unref
18.1.8FTC_ImageCache_New
18.1.9FTC_ImageCache_Lookup
18.1.10FTC_SBitCache_New
18.1.11FTC_SBitCache_Lookup
18.1.12FTC_CMapCache_New
18.1.13FTC_CMapCache_Lookup
18.1.14FTC_ImageCache_LookupScaler
18.1.15FTC_SBitCache_LookupScaler

Outline Processing

https://www.freetype.org/freetype2/docs/reference/ft2-outline_processing.html

FunctionFuzzedResources
21.1.1FT_Outline_New:heavy_check_mark:Library
21.1.2FT_Outline_Done:heavy_check_mark:Library
Outline
21.1.3FT_Outline_Copy:heavy_check_mark:Outline
21.1.4FT_Outline_Translate:heavy_check_mark:Outline
21.1.5FT_Outline_Transform:heavy_check_mark:Outline
21.1.6FT_Outline_Embolden:heavy_check_mark:Outline
21.1.7FT_Outline_EmboldenXY:heavy_check_mark:Outline
21.1.8FT_Outline_Reverse:heavy_check_mark:Outline
21.1.9FT_Outline_Check:heavy_check_mark:Outline
21.1.10FT_Outline_Get_CBox:heavy_check_mark:Outline
21.1.11FT_Outline_Get_BBox:heavy_check_mark:Outline
21.1.12FT_Outline_Get_BitmapLibrary
Outline
21.1.13FT_Outline_RenderLibrary
Outline
21.1.14FT_Outline_Decompose:heavy_check_mark:Outline
21.1.15FT_Outline_Get_Orientation:heavy_check_mark:Outline

Bitmap Handling

https://www.freetype.org/freetype2/docs/reference/ft2-bitmap_handling.html

FunctionFuzzedResources
23.1.1FT_Bitmap_Init:heavy_check_mark:
23.1.2FT_Bitmap_Copy:heavy_check_mark:Library
Bitmap
23.1.3FT_Bitmap_Embolden:heavy_check_mark:Library
Bitmap
23.1.4FT_Bitmap_Convert:heavy_check_mark:Library
Bitmap
23.1.5FT_Bitmap_Blend:wavy_dash:Library
Bitmap
23.1.6FT_GlyphSlot_Own_BitmapGlyph Slot
23.1.7FT_Bitmap_Done:heavy_check_mark:Library
Bitmap

GZIP Streams

https://www.freetype.org/freetype2/docs/reference/ft2-gzip.html

FunctionFuzzed
28.1.1FT_Stream_OpenGzip:heavy_check_mark:
28.1.2FT_Gzip_Uncompress

LZW Streams

https://www.freetype.org/freetype2/docs/reference/ft2-lzw.html

FunctionFuzzed
29.1.1FT_Stream_OpenLZW:heavy_check_mark:

BZIP2 Streams

https://www.freetype.org/freetype2/docs/reference/ft2-bzip2.html

FunctionFuzzed
30.1.1FT_Stream_OpenBzip2:heavy_check_mark: