Add a fuzzer for SfntlyWrapper::SubsetFont().

Add a fuzzer for SfntlyWrapper::SubsetFont().

BUG=639545
Committed: https://crrev.com/05192643e8bfe9ece91d32bd6084f5ccfe33f5a4
Cr-Commit-Position: refs/heads/master@{#414271}

[Lei Zhang, 2016-08-23 02:01:13]

thestig@chromium.org changed reviewers:
+ halcanary@google.com, ochang@chromium.org

[Lei Zhang, 2016-08-23 02:01:14]

Alternatively, we can put this in the sfntly github repo.

[Lei Zhang, 2016-08-23 02:04:25]

The CQ bit was checked by thestig@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-23 02:05:22]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Lei Zhang, 2016-08-23 02:09:52]

The CQ bit was checked by thestig@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-23 02:10:26]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-23 04:59:11]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-23 04:59:12]

Dry run: This issue passed the CQ dry run.

[hal.canary, 2016-08-23 15:48:23]

Also, see my latest patch in sfntly on github:

https://github.com/googlei18n/sfntly/commit/dc29ad099debf894cd9215de7cafcda30...

https://codereview.chromium.org/2268863003/diff/60001/third_party/sfntly/fuzz...
File third_party/sfntly/fuzzers/subset_font_fuzzer.cc (right):

https://codereview.chromium.org/2268863003/diff/60001/third_party/sfntly/fuzz...
third_party/sfntly/fuzzers/subset_font_fuzzer.cc:24:
SfntlyWrapper::SubsetFont(nullptr, font_data, font_size, glyph_ids,
    constexpr int kMaxFontNameSize = 128;

    size_t font_name_size =
        fuzzed_data.ConsumeUint32InRange(0, kMaxFontNameSize);

    std::string font_name_str(
        fuzzed_data.ConsumeBytes(font_name_size), font_name_size);

    SfntlyWrapper::SubsetFont(font_name_str.c_str(), ...

[hal.canary, 2016-08-23 15:49:04]

https://codereview.chromium.org/2268863003/diff/60001/base/test/fuzzed_data_p...
File base/test/fuzzed_data_provider.cc (right):

https://codereview.chromium.org/2268863003/diff/60001/base/test/fuzzed_data_p...
base/test/fuzzed_data_provider.cc:38: // Pull bytes off the end of the seed
data. Experimentally, this seems to
does this effect anything else?

[Lei Zhang, 2016-08-23 18:05:47]

The CQ bit was checked by thestig@chromium.org to run a CQ dry run

[Lei Zhang, 2016-08-23 18:05:50]

https://codereview.chromium.org/2268863003/diff/60001/base/test/fuzzed_data_p...
File base/test/fuzzed_data_provider.cc (right):

https://codereview.chromium.org/2268863003/diff/60001/base/test/fuzzed_data_p...
base/test/fuzzed_data_provider.cc:38: // Pull bytes off the end of the seed
data. Experimentally, this seems to
On 2016/08/23 15:49:04, Hal Canary wrote:
> does this effect anything else?

Hmm?

https://codereview.chromium.org/2268863003/diff/60001/third_party/sfntly/fuzz...
File third_party/sfntly/fuzzers/subset_font_fuzzer.cc (right):

https://codereview.chromium.org/2268863003/diff/60001/third_party/sfntly/fuzz...
third_party/sfntly/fuzzers/subset_font_fuzzer.cc:24:
SfntlyWrapper::SubsetFont(nullptr, font_data, font_size, glyph_ids,
On 2016/08/23 15:48:23, Hal Canary wrote:
>     constexpr int kMaxFontNameSize = 128;
> 
>     size_t font_name_size =
>         fuzzed_data.ConsumeUint32InRange(0, kMaxFontNameSize);
> 
>     std::string font_name_str(
>         fuzzed_data.ConsumeBytes(font_name_size), font_name_size);
> 
>     SfntlyWrapper::SubsetFont(font_name_str.c_str(), ...

Done.

[commit-bot: I haz the power, 2016-08-23 18:06:32]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Lei Zhang, 2016-08-23 18:39:57]

On 2016/08/23 15:48:23, Hal Canary wrote:
> Also, see my latest patch in sfntly on github:
> 
>
https://github.com/googlei18n/sfntly/commit/dc29ad099debf894cd9215de7cafcda30...

Do we need to roll DEPS for sfntly to pick that up in Chromium? Feels like the
answer should be yes.

[Lei Zhang, 2016-08-23 18:45:11]

ochang/mmoroz: Should I also add some sample fonts to the corpora?

[hal.canary, 2016-08-23 18:54:06]

On 2016/08/23 18:39:57, Lei Zhang wrote:
> On 2016/08/23 15:48:23, Hal Canary wrote:
> > Also, see my latest patch in sfntly on github:
> > 
> >
>
https://github.com/googlei18n/sfntly/commit/dc29ad099debf894cd9215de7cafcda30...
> 
> Do we need to roll DEPS for sfntly to pick that up in Chromium? Feels like the
> answer should be yes.

Yes.  That's been on my todo list for a couple of weeks.  Now that you are an
OWNER, https://crrev.com/2265433003

[hal.canary, 2016-08-23 18:59:40]

lgtm

[commit-bot: I haz the power, 2016-08-23 20:09:22]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-23 20:09:23]

Dry run: Try jobs failed on following builders:
  linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)

[Oliver Chang, 2016-08-23 20:11:54]

On 2016/08/23 18:45:11, Lei Zhang wrote:
> ochang/mmoroz: Should I also add some sample fonts to the corpora?

If you can, that would be awesome. They help a huge amount with fuzzing
coverage.

[Lei Zhang, 2016-08-23 20:21:23]

On 2016/08/23 20:11:54, Oliver Chang (slow) wrote:
> On 2016/08/23 18:45:11, Lei Zhang wrote:
> > ochang/mmoroz: Should I also add some sample fonts to the corpora?
> 
> If you can, that would be awesome. They help a huge amount with fuzzing
> coverage.

Copied some of our own fonts from sfntly / skia / webkit. Of course now it
easily hit an OOM locally...

[Lei Zhang, 2016-08-23 20:31:14]

On 2016/08/23 20:21:23, Lei Zhang wrote:
> Copied some of our own fonts from sfntly / skia / webkit. Of course now it
> easily hit an OOM locally...

Any advice on whether we should land this first, or fix some of the obvious
errors first? In this case, sometimes if some font structure claims its length
is 2 GB...

[mmoroz, 2016-08-24 16:58:15]

mmoroz@chromium.org changed reviewers:
+ mmoroz@chromium.org

[mmoroz, 2016-08-24 16:58:16]

LGTM

[mmoroz, 2016-08-24 17:00:02]

On 2016/08/23 20:31:14, Lei Zhang wrote:
> On 2016/08/23 20:21:23, Lei Zhang wrote:
> > Copied some of our own fonts from sfntly / skia / webkit. Of course now it
> > easily hit an OOM locally...
> 
> Any advice on whether we should land this first, or fix some of the obvious
> errors first? In this case, sometimes if some font structure claims its length
> is 2 GB...

I think we are free to land it. That will allow us to have a better tracking of
found bugs found and changes made.

[Lei Zhang, 2016-08-24 18:05:28]

Thanks. Landing.

[Lei Zhang, 2016-08-24 18:08:26]

The CQ bit was checked by thestig@chromium.org

[Lei Zhang, 2016-08-24 18:08:27]

The patchset sent to the CQ was uploaded after l-g-t-m from halcanary@google.com
Link to the patchset: https://codereview.chromium.org/2268863003/#ps120001
(title: "Add test corpus")

[commit-bot: I haz the power, 2016-08-24 18:09:20]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-24 20:11:54]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-24 20:11:55]

Try jobs failed on following builders:
  cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...)

[Lei Zhang, 2016-08-24 20:34:32]

The CQ bit was checked by thestig@chromium.org

[commit-bot: I haz the power, 2016-08-24 20:35:47]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-24 23:38:44]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-24 23:38:45]

Try jobs failed on following builders:
  linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)

[Lei Zhang, 2016-08-24 23:41:09]

The CQ bit was checked by thestig@chromium.org

[commit-bot: I haz the power, 2016-08-24 23:42:05]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-25 02:30:21]

Committed patchset #7 (id:120001)

[commit-bot: I haz the power, 2016-08-25 02:33:06]

Description was changed from

==========
Add a fuzzer for SfntlyWrapper::SubsetFont().

BUG=639545
==========

to

==========
Add a fuzzer for SfntlyWrapper::SubsetFont().

BUG=639545

Committed: https://crrev.com/05192643e8bfe9ece91d32bd6084f5ccfe33f5a4
Cr-Commit-Position: refs/heads/master@{#414271}
==========

[commit-bot: I haz the power, 2016-08-25 02:33:07]

Patchset 7 (id:??) landed as
https://crrev.com/05192643e8bfe9ece91d32bd6084f5ccfe33f5a4
Cr-Commit-Position: refs/heads/master@{#414271}