From 69c93dd259daf8ff2eb5945eba1d9f811ad325b9 Mon Sep 17 00:00:00 2001 From: Ceyhun Alp Date: Thu, 26 Nov 2020 15:09:38 +0000 Subject: [PATCH] Change malloc to calloc. Randomize glyphs --- fuzzing/pdf_surface_fuzzer.c | 4 +--- fuzzing/raster_fuzzer.c | 2 +- fuzzing/text_glyphs_fuzzer.c | 18 +++++++----------- 3 files changed, 9 insertions(+), 15 deletions(-) diff --git a/fuzzing/pdf_surface_fuzzer.c b/fuzzing/pdf_surface_fuzzer.c index d6c698dc0..33cb0e08b 100644 --- a/fuzzing/pdf_surface_fuzzer.c +++ b/fuzzing/pdf_surface_fuzzer.c @@ -11,7 +11,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { cairo_t *cr; cairo_surface_t *surface; cairo_status_t status; - int flags; char *tmpfile = fuzzer_get_tmpfile(data, size); surface = cairo_pdf_surface_create(tmpfile, WIDTH_IN_POINTS, HEIGHT_IN_POINTS); @@ -21,11 +20,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { return 0; } - char *buf = (char *) malloc(size + 1); + char *buf = (char *) calloc(size + 1, sizeof(char)); memcpy(buf, data, size); buf[size] = '\0'; - flags = CAIRO_PDF_OUTLINE_FLAG_BOLD | CAIRO_PDF_OUTLINE_FLAG_OPEN; cairo_pdf_surface_set_metadata(surface, CAIRO_PDF_METADATA_TITLE, buf); cr = cairo_create(surface); cairo_tag_begin(cr, buf, NULL); diff --git a/fuzzing/raster_fuzzer.c b/fuzzing/raster_fuzzer.c index d8c53bbf5..797d4e7c1 100644 --- a/fuzzing/raster_fuzzer.c +++ b/fuzzing/raster_fuzzer.c @@ -40,7 +40,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { w = cairo_image_surface_get_width(surface); h = cairo_image_surface_get_height(surface); - char *buf = (char *) malloc(size + 1); + char *buf = (char *) calloc(size + 1, sizeof(char)); memcpy(buf, data, size); buf[size] = '\0'; diff --git a/fuzzing/text_glyphs_fuzzer.c b/fuzzing/text_glyphs_fuzzer.c index ae5586f75..60d752934 100644 --- a/fuzzing/text_glyphs_fuzzer.c +++ b/fuzzing/text_glyphs_fuzzer.c @@ -1,22 +1,18 @@ #include #include "fuzzer_temp_file.h" +#define GLYPH_RANGE 9 + int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size < GLYPH_RANGE) { + return 0; + } cairo_t *cr; cairo_surface_t *surface; cairo_status_t status; cairo_text_extents_t extents; cairo_text_cluster_t cluster; - // Taken from test/text-glyph-range.c - long int index[] = { - 0, /* 'no matching glyph' */ - 0xffff, /* kATSDeletedGlyphCode */ - 0x1ffff, /* out of range */ - -1L, /* out of range */ - 70, 68, 76, 85, 82 /* 'cairo' */ - }; - char *tmpfile = fuzzer_get_tmpfile(data, size); surface = cairo_image_surface_create_from_png(tmpfile); status = cairo_surface_status(surface); @@ -25,7 +21,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { return 0; } - char *buf = (char *) malloc(size + 1); + char *buf = (char *) calloc(size + 1, sizeof(char)); memcpy(buf, data, size); buf[size] = '\0'; @@ -36,7 +32,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { for (int i = 0; i < 9; i++) { // Taken from test/text-glyph-range.c cairo_glyph_t glyph = { - index[i], 10 * i, 25 + (long int)data[i], 10 * i, 25 }; cairo_show_text_glyphs(cr, buf, size, &glyph, 1, &cluster, 1, 0); }