Add basic fuzzing harness

fuzz/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "fontdue-fuzz-target"
+version = "0.1.0"
+authors = ["Robert McLaughlin <robert@sparkk.us>"]
+edition = "2018"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+afl = "*"
+fontdue = { version = "*", path = "../" }
+

fuzz/README.md

@@ -0,0 +1,17 @@
+# Fuzzer for fontdue
+
+## Usage
+
+1. Build the fuzz target: `cargo afl build --release`
+
+2. Generate a corpus directory. Ideally this would be some small font file(s). The last 4 bytes are parsed as utf8, and the last character is used as the rendered character -- so be sure to concatenate that onto the end of your file. `build_corpus.py` may be helpful to run.
+
+3. `cargo afl fuzz -i CORPUS -o out target/release/fontdue-fuzz-target` (replace CORPUS with your corpus directory).
+
+4. Wait (a while)
+
+## Replicating a crash
+
+Included is a convenience binary which accepts the crash file as an argument, reads it, and rasterizes the target character.
+
+Invoke it with `./target/release/replicator out/crashes/INTERESTING_CRASH`

fuzz/build_corpus.py

@@ -0,0 +1,29 @@
+#! /usr/bin/python3
+
+import os
+import os.path
+import sys
+
+
+_dirname = os.path.dirname(os.path.abspath(__file__))
+
+if not os.path.exists(os.path.join(_dirname, 'corpus')):
+    os.mkdir(os.path.join(_dirname, 'corpus'))
+
+for root,dirs,files in os.walk(os.path.join(_dirname, '../resources/')):
+    for name in files:
+        if not name.endswith('.ttf'):
+            continue
+        # move this into corpus
+        fname = os.path.join(root,name)
+        dest = os.path.join(_dirname, 'corpus', name)
+        with open(fname, mode='rb') as fin:
+            b = fin.read()
+            if len(b) + 4 < 1024 * 1024:
+                with open(dest + ".1", mode='wb') as fout:
+                    fout.write(b + b'\x00\x00\x00g')
+                with open(dest + ".2", mode='wb') as fout:
+                    fout.write(b + b'\x00\xe3\x92\xa8')
+                with open(dest + ".3", mode='wb') as fout:
+                    fout.write(b + b'\x00\xe2\x88\x91')
+

fuzz/src/bin/replicator.rs

@@ -0,0 +1,34 @@
+use std::env;
+use std::fs::File;
+use std::io::prelude::*;
+extern crate fontdue;
+
+
+fn main() -> std::io::Result<()> {
+    let args: Vec<String> = env::args().collect();
+    if args.len() < 2 {
+        println!("supply file name");
+    }
+
+    let mut file = File::open(&args[1])?;
+    let mut buffer = Vec::<u8>::new();
+    file.read_to_end(&mut buffer)?;
+    let data_font_part = &buffer[0..buffer.len()-4];
+    let data_char_part = &buffer[buffer.len()-4-1..buffer.len()];
+
+    if let Ok(s) = std::str::from_utf8(&data_char_part) {
+            if let Some(chr) = s.chars().last() {
+                println!("file={0}, char={1}", &args[1], chr);
+                let font = fontdue::Font::from_bytes(data_font_part, fontdue::FontSettings::default());
+                println!("parsed font");
+                if !font.is_ok() {
+                    return Ok(());
+                }
+                let font = font.unwrap();
+                println!("rasterize...");
+                let _ = font.rasterize(chr, 60.0);
+            }
+    }
+
+    return Ok(());
+}

fuzz/src/main.rs

@@ -0,0 +1,22 @@
+#[macro_use]
+extern crate afl;
+extern crate fontdue;
+
+
+fn main() {
+    fuzz!(|data: &[u8]| {
+        let data_font_part = &data[0..data.len()-4];
+        let data_char_part = &data[data.len()-4-1..data.len()];
+
+        if let Ok(s) = std::str::from_utf8(&data_char_part) {
+            if let Some(chr) = s.chars().last() {
+                let font = fontdue::Font::from_bytes(data_font_part, fontdue::FontSettings::default());
+                if !font.is_ok() {
+                    return;
+                }
+                let font = font.unwrap();
+                let _ = font.rasterize(chr, 60.0);
+            }
+        }
+    });
+}