From f6949881f66700819f10ad6fcff3e699d025f996 Mon Sep 17 00:00:00 2001 From: Ceyhun Alp Date: Fri, 27 Nov 2020 12:14:28 +0000 Subject: [PATCH] [Unstable] separate data from glyphs --- fuzzing/text_glyphs_fuzzer.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/fuzzing/text_glyphs_fuzzer.c b/fuzzing/text_glyphs_fuzzer.c index d23cb88bc..051f4891f 100644 --- a/fuzzing/text_glyphs_fuzzer.c +++ b/fuzzing/text_glyphs_fuzzer.c @@ -12,18 +12,23 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { cairo_status_t status; cairo_text_extents_t extents; cairo_text_cluster_t cluster; + size_t new_size = size - glyph_range; + uint8_t *new_data = (uint8_t *) calloc(new_size, sizeof(uint8_t)); + /*memcpy(new_data, &data[glyph_range], new_size*sizeof(uint8_t));*/ + memcpy(new_data, data, new_size * sizeof(uint8_t)); - char *tmpfile = fuzzer_get_tmpfile(data, size); + char *tmpfile = fuzzer_get_tmpfile(new_data, new_size); surface = cairo_image_surface_create_from_png(tmpfile); status = cairo_surface_status(surface); if (status != CAIRO_STATUS_SUCCESS) { + free(new_data); fuzzer_release_tmpfile(tmpfile); return 0; } - char *buf = (char *) calloc(size + 1, sizeof(char)); - memcpy(buf, data, size); - buf[size] = '\0'; + char *buf = (char *) calloc(new_size + 1, sizeof(char)); + memcpy(buf, new_data, new_size); + buf[new_size] = '\0'; cr = cairo_create(surface); cairo_text_extents(cr, buf, &extents); @@ -39,6 +44,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { cairo_destroy(cr); cairo_surface_destroy(surface); + free(new_data); free(buf); fuzzer_release_tmpfile(tmpfile); return 0;