Add a fuzzer for SfntlyWrapper::SubsetFont().

third_party/sfntly/fuzzers/subset_font_fuzzer.cc

Index: third_party/sfntly/fuzzers/subset_font_fuzzer.cc
diff --git a/third_party/sfntly/fuzzers/subset_font_fuzzer.cc b/third_party/sfntly/fuzzers/subset_font_fuzzer.cc
new file mode 100644
index 0000000000000000000000000000000000000000..e886d06cd5bbfb1a0eac28239696ed3f8ffb85e9
--- /dev/null
+++ b/third_party/sfntly/fuzzers/subset_font_fuzzer.cc
@@ -0,0 +1,28 @@
+// Copyright 2016 The Chromimum Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <cstdint>
+
+#include "base/test/fuzzed_data_provider.h"
+#include "third_party/sfntly/src/cpp/src/sample/chromium/font_subsetter.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  constexpr int kMaxFontSize = 50 * 1024 * 1024;
+  base::FuzzedDataProvider fuzzed_data(data, size);
+  size_t font_size = fuzzed_data.ConsumeUint32InRange(0, kMaxFontSize);
+  base::StringPiece font_str = fuzzed_data.ConsumeBytes(font_size);
+  base::StringPiece glyph_ids_str = fuzzed_data.ConsumeRemainingBytes();
+  const unsigned int* glyph_ids =
+      reinterpret_cast<const unsigned int*>(glyph_ids_str.data());
+  const unsigned char* font_data =
+      reinterpret_cast<const unsigned char*>(font_str.data());
+  size_t glyph_ids_size =
+      glyph_ids_str.size() * sizeof(char) / sizeof(unsigned int);
+
+  unsigned char* output = nullptr;
+  SfntlyWrapper::SubsetFont(nullptr, font_data, font_size, glyph_ids,

[hal.canary, 2016/08/23 15:48:23]

    constexpr int kMaxFontNameSize = 128;

    size_t font_name_size =
        fuzzed_data.ConsumeUint32InRange(0, kMaxFontNameSize);

    std::string font_name_str(
        fuzzed_data.ConsumeBytes(font_name_size), font_name_size);

    SfntlyWrapper::SubsetFont(font_name_str.c_str(), ...

[Lei Zhang, 2016/08/23 18:05:50]

Done.

+                            glyph_ids_size, &output);
+  delete[] output;
+  return 0;
+}