Skip to content

Commit

Permalink
Build additional FreeType fuzz targets
Browse files Browse the repository at this point in the history 
Define a GN template configuration and mirror build structure from the
upstream CMakeLists.txt pattern where additional fuzzers are
defined using a add_fuzzer_target function. Transfer options from
options files into arguments. This allows building a set of 16
additional fuzz targets, including type1 and cid targets which
still have relevance for PDFium.

This also serves as preparation for integrating a fuzzer for the new
COLR v1 font format.

Bug: 1147907
Change-Id: I20f4a4f22bccd2b1de2840981a7ae009a160cb14
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2712802
Commit-Queue: Dominik Röttsches <drott@chromium.org>
Reviewed-by: Dirk Pranke <dpranke@google.com>
Cr-Commit-Position: refs/heads/master@{#857645}
  • Loading branch information
@drott
drott authored and Chromium LUCI CQ committed Feb 25, 2021
1 parent f954b48 commit 0db553e
Show file tree
Hide file tree
Showing 3 changed files with 258 additions and 14 deletions.
2 changes: 1 addition & 1 deletion BUILD.gn
View file
Original file line number Diff line number Diff line change
Expand Up @@ -761,7 +761,7 @@ group("gn_all") {
deps += [
"//chrome/services/ipp_parser/public/cpp:fuzzers",
"//testing/libfuzzer/fuzzers",
"//third_party/freetype-testing:freetype_truetype_render_fuzzer",
"//third_party/freetype-testing:fuzzers",
"//third_party/grpc:fuzzers",
"//third_party/icu/fuzzers",
"//third_party/qcms:fuzzers",
Expand Down
266 changes: 256 additions & 10 deletions third_party/freetype-testing/BUILD.gn
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,40 +8,286 @@ import("//testing/libfuzzer/fuzzer_test.gni")
source_set("freetype-testing") {
}

config("build_truetype_render_fuzzer") {
config("freetype_fuzzer_config") {
include_dirs = [ "src/fuzzing/src/" ]
defines = [
"FUZZ_TARGET_HEADER_PATH=\"targets/font-drivers/truetype-render.h\"",
"FUZZ_TARGET_CLASS_NAME=freetype::TrueTypeRenderFuzzTarget",
]
}

fuzzer_test("freetype_truetype_render_fuzzer") {
additional_configs = [ ":build_truetype_render_fuzzer" ]
source_set("freetype_fuzzer_sources") {
include_dirs = [ "src/fuzzing/src/" ]
_src = "src/fuzzing/src"
sources = [
"$_src/fuzzers/template.cpp",
"$_src/iterators/faceloaditerator.cpp",
"$_src/iterators/faceloaditerator.h",
"$_src/iterators/faceprepiterator-bitmaps.cpp",
"$_src/iterators/faceprepiterator-bitmaps.h",
"$_src/iterators/faceprepiterator-multiplemasters.cpp",
"$_src/iterators/faceprepiterator-multiplemasters.h",
"$_src/iterators/faceprepiterator-outlines.cpp",
"$_src/iterators/faceprepiterator-outlines.h",
"$_src/iterators/faceprepiterator.cpp",
"$_src/iterators/faceprepiterator.h",
"$_src/iterators/glyphloaditerator-naive.cpp",
"$_src/iterators/glyphloaditerator-naive.h",
"$_src/iterators/glyphloaditerator.cpp",
"$_src/iterators/glyphloaditerator.h",
"$_src/iterators/glyphrenderiterator-allmodes.cpp",
"$_src/iterators/glyphrenderiterator-allmodes.h",
"$_src/iterators/glyphrenderiterator.cpp",
"$_src/iterators/glyphrenderiterator.h",
"$_src/targets/FaceFuzzTarget.cpp",
"$_src/targets/FuzzTarget.cpp",
"$_src/targets/font-drivers/cff-ftengine.cpp",
"$_src/targets/font-drivers/cff-ftengine.h",
"$_src/targets/font-drivers/cff-render-ftengine.cpp",
"$_src/targets/font-drivers/cff-render-ftengine.h",
"$_src/targets/font-drivers/cff-render.cpp",
"$_src/targets/font-drivers/cff-render.h",
"$_src/targets/font-drivers/cff.cpp",
"$_src/targets/font-drivers/cff.h",
"$_src/targets/font-drivers/cidtype1-ftengine.cpp",
"$_src/targets/font-drivers/cidtype1-ftengine.h",
"$_src/targets/font-drivers/cidtype1-render-ftengine.cpp",
"$_src/targets/font-drivers/cidtype1-render-ftengine.h",
"$_src/targets/font-drivers/cidtype1-render.cpp",
"$_src/targets/font-drivers/cidtype1-render.h",
"$_src/targets/font-drivers/cidtype1.cpp",
"$_src/targets/font-drivers/cidtype1.h",
"$_src/targets/font-drivers/truetype-render-i35.cpp",
"$_src/targets/font-drivers/truetype-render-i35.h",
"$_src/targets/font-drivers/truetype-render-i38.cpp",
"$_src/targets/font-drivers/truetype-render-i38.h",
"$_src/targets/font-drivers/truetype-render.cpp",
"$_src/targets/font-drivers/truetype-render.h",
"$_src/targets/font-drivers/truetype.cpp",
"$_src/targets/font-drivers/truetype.h",
"$_src/targets/font-drivers/type1-ftengine.cpp",
"$_src/targets/font-drivers/type1-ftengine.h",
"$_src/targets/font-drivers/type1-render-ftengine.cpp",
"$_src/targets/font-drivers/type1-render-ftengine.h",
"$_src/targets/font-drivers/type1-render.cpp",
"$_src/targets/font-drivers/type1-render.h",
"$_src/targets/font-drivers/type1.cpp",
"$_src/targets/font-drivers/type1.h",
"$_src/targets/font-drivers/type42-render.cpp",
"$_src/targets/font-drivers/type42-render.h",
"$_src/targets/font-drivers/type42.cpp",
"$_src/targets/font-drivers/type42.h",
"$_src/targets/glyphs/outlines.cpp",
"$_src/targets/glyphs/outlines.h",
"$_src/utils/faceloader.cpp",
"$_src/utils/utils.cpp",
"$_src/visitors/facevisitor-autohinter.cpp",
"$_src/visitors/facevisitor-autohinter.h",
"$_src/visitors/facevisitor-charcodes.cpp",
"$_src/visitors/facevisitor-charcodes.h",
"$_src/visitors/facevisitor-cid.cpp",
"$_src/visitors/facevisitor-cid.h",
"$_src/visitors/facevisitor-gasp.cpp",
"$_src/visitors/facevisitor-gasp.h",
"$_src/visitors/facevisitor-kerning.cpp",
"$_src/visitors/facevisitor-kerning.h",
"$_src/visitors/facevisitor-loadglyphs-bitmaps.cpp",
"$_src/visitors/facevisitor-loadglyphs-bitmaps.h",
"$_src/visitors/facevisitor-loadglyphs-outlines.cpp",
"$_src/visitors/facevisitor-loadglyphs-outlines.h",
"$_src/visitors/facevisitor-loadglyphs.cpp",
"$_src/visitors/facevisitor-loadglyphs.h",
"$_src/visitors/facevisitor-multiplemasters.cpp",
"$_src/visitors/facevisitor-multiplemasters.h",
"$_src/visitors/facevisitor-renderglyphs.cpp",
"$_src/visitors/facevisitor-renderglyphs.h",
"$_src/visitors/facevisitor-sfntnames.cpp",
"$_src/visitors/facevisitor-sfntnames.h",
"$_src/visitors/facevisitor-subglyphs.cpp",
"$_src/visitors/facevisitor-subglyphs.h",
"$_src/visitors/facevisitor-trackkerning.cpp",
"$_src/visitors/facevisitor-trackkerning.h",
"$_src/visitors/facevisitor-truetypetables.cpp",
"$_src/visitors/facevisitor-truetypetables.h",
"$_src/visitors/facevisitor-type1tables.cpp",
"$_src/visitors/facevisitor-type1tables.h",
"$_src/visitors/facevisitor-variants.cpp",
"$_src/visitors/facevisitor-variants.h",
"$_src/visitors/facevisitor.h",
"$_src/visitors/glyphvisitor-bitmap-handling.cpp",
"$_src/visitors/glyphvisitor-bitmap-handling.h",
"$_src/visitors/glyphvisitor-cbox.cpp",
"$_src/visitors/glyphvisitor-cbox.h",
"$_src/visitors/glyphvisitor-outlines.cpp",
"$_src/visitors/glyphvisitor-outlines.h",
"$_src/visitors/glyphvisitor-transform.cpp",
"$_src/visitors/glyphvisitor-transform.h",
"$_src/visitors/glyphvisitor.h",
]
deps = [ "//third_party:freetype_harfbuzz" ]
seed_corpus = "src/fuzzing/corpora/truetype-render"

if (is_linux || is_chromeos || is_chromecast) {
# These sources depend on FreeType's symbol FT_Get_BDF_Charset_ID which is only built on this
# configuration/platforms, see FreeType's BUILD.gn. In turn they will only be needed by the BDF fuzzer that we built only on this configuration/platforms.
sources += [
"$_src/targets/font-drivers/bdf-render.cpp",
"$_src/targets/font-drivers/bdf-render.h",
"$_src/targets/font-drivers/bdf.cpp",
"$_src/targets/font-drivers/bdf.h",
"$_src/targets/font-drivers/pcf-render.cpp",
"$_src/targets/font-drivers/pcf-render.h",
"$_src/targets/font-drivers/pcf.cpp",
"$_src/targets/font-drivers/pcf.h",
"$_src/visitors/facevisitor-bdf.cpp",
"$_src/visitors/facevisitor-bdf.h",
]
}
configs += [ ":freetype_fuzzer_config" ]
public_deps = [ "//third_party:freetype_harfbuzz" ]
}

template("freetype_fuzzer_test") {
assert(defined(invoker.driver_header),
"driver_header must be defined for $target_name")
assert(defined(invoker.target_class),
"target_class must be defined for $target_name")

fuzzer_test("freetype_${target_name}_fuzzer") {
defines = [
"FUZZ_TARGET_HEADER_PATH=\"targets/${invoker.driver_header}\"",
"FUZZ_TARGET_CLASS_NAME=${invoker.target_class}",
]
if (defined(invoker.dict)) {
dict = invoker.dict
}
if (defined(invoker.libfuzzer_options)) {
libfuzzer_options = invoker.libfuzzer_options
}
_src = "src/fuzzing/src"
sources = [ "$_src/fuzzers/template.cpp" ]
additional_configs = [ ":freetype_fuzzer_config" ]
deps = [ ":freetype_fuzzer_sources" ]
seed_corpus = "src/fuzzing/corpora/${invoker.corpus_name}"
}
}

freetype_fuzzer_test("cff_ftengine") {
corpus_name = "cff-ftengine"
target_class = "freetype::CffFtEngineFuzzTarget"
driver_header = "font-drivers/cff-ftengine.h"
libfuzzer_options = [ "max_len=30000" ]
}
freetype_fuzzer_test("cff_render_ftengine") {
corpus_name = "cff-render-ftengine"
target_class = "freetype::CffRenderFtEngineFuzzTarget"
driver_header = "font-drivers/cff-render-ftengine.h"
libfuzzer_options = [ "max_len=30000" ]
}
freetype_fuzzer_test("cff_render") {
corpus_name = "cff-render"
target_class = "freetype::CffRenderFuzzTarget"
driver_header = "font-drivers/cff-render.h"
libfuzzer_options = [ "max_len=30000" ]
}
freetype_fuzzer_test("cidtype1_ftengine") {
corpus_name = "cidtype1-ftengine"
target_class = "freetype::CidType1FtEngineFuzzTarget"
driver_header = "font-drivers/cidtype1-ftengine.h"
libfuzzer_options = [ "max_len=30000" ]
dict = "src/fuzzing/settings/oss-fuzz/type1.dict"
}
freetype_fuzzer_test("cidtype1") {
corpus_name = "cidtype1"
target_class = "freetype::CidType1FuzzTarget"
driver_header = "font-drivers/cidtype1.h"
libfuzzer_options = [ "max_len=30000" ]
dict = "src/fuzzing/settings/oss-fuzz/type1.dict"
}
freetype_fuzzer_test("cidtype1_render_ftengine") {
corpus_name = "cidtype1-render-ftengine"
target_class = "freetype::CidType1RenderFtEngineFuzzTarget"
driver_header = "font-drivers/cidtype1-render-ftengine.h"
libfuzzer_options = [ "max_len=30000" ]
dict = "src/fuzzing/settings/oss-fuzz/type1.dict"
}
freetype_fuzzer_test("cidtype1_render") {
corpus_name = "cidtype1-render"
target_class = "freetype::CidType1RenderFuzzTarget"
driver_header = "font-drivers/cidtype1-render.h"
libfuzzer_options = [ "max_len=30000" ]
dict = "src/fuzzing/settings/oss-fuzz/type1.dict"
}
freetype_fuzzer_test("truetype") {
corpus_name = "truetype"
target_class = "freetype::TrueTypeFuzzTarget"
driver_header = "font-drivers/truetype.h"
libfuzzer_options = [ "max_len=30000" ]
}
freetype_fuzzer_test("truetype_render") {
corpus_name = "truetype-render"
target_class = "freetype::TrueTypeRenderFuzzTarget"
driver_header = "font-drivers/truetype-render.h"
libfuzzer_options = [ "max_len=30000" ]
}
freetype_fuzzer_test("truetype_render_i35") {
corpus_name = "truetype-render-i35"
target_class = "freetype::TrueTypeRenderI35FuzzTarget"
driver_header = "font-drivers/truetype-render-i35.h"
libfuzzer_options = [ "max_len=30000" ]
}
freetype_fuzzer_test("truetype_render_i38") {
corpus_name = "truetype-render-i38"
target_class = "freetype::TrueTypeRenderI38FuzzTarget"
driver_header = "font-drivers/truetype-render-i38.h"
libfuzzer_options = [ "max_len=30000" ]
}
freetype_fuzzer_test("glyphs_outlines") {
corpus_name = "glyphs-outlines"
target_class = "freetype::GlyphsOutlinesFuzzTarget"
driver_header = "glyphs/outlines.h"
libfuzzer_options = [ "max_len=30000" ]
}
freetype_fuzzer_test("type1_ftengine") {
corpus_name = "type1-ftengine"
target_class = "freetype::Type1FtEngineFuzzTarget"
driver_header = "font-drivers/type1-ftengine.h"
}
freetype_fuzzer_test("type1") {
corpus_name = "type1"
target_class = "freetype::Type1FuzzTarget"
driver_header = "font-drivers/type1.h"
libfuzzer_options = [ "max_len=30000" ]
dict = "src/fuzzing/settings/oss-fuzz/type1.dict"
}
freetype_fuzzer_test("type1_render_ftengine") {
corpus_name = "type1-render-ftengine"
target_class = "freetype::Type1RenderFtEngineFuzzTarget"
driver_header = "font-drivers/type1-render-ftengine.h"
libfuzzer_options = [ "max_len=30000" ]
dict = "src/fuzzing/settings/oss-fuzz/type1.dict"
}
freetype_fuzzer_test("type1_render") {
corpus_name = "type1-render"
target_class = "freetype::Type1RenderFuzzTarget"
driver_header = "font-drivers/type1-render.h"
libfuzzer_options = [ "max_len=30000" ]
dict = "src/fuzzing/settings/oss-fuzz/type1.dict"
}

if (is_linux || is_chromeos || is_chromecast) {
# FreeType's symbol FT_Get_BDF_Charset_ID is only built on this
# configuration, see FreeType's BUILD.gn. So build fuzzers that depend on
# this symbol only on this configuration, too.
freetype_fuzzer_test("bdf") {
corpus_name = "bdf"
target_class = "freetype::BdfFuzzTarget"
driver_header = "font-drivers/bdf.h"
libfuzzer_options = [ "max_len=30000" ]
dict = "src/fuzzing/settings/oss-fuzz/bdf.dict"
}
freetype_fuzzer_test("bdf_render") {
corpus_name = "bdf-render"
target_class = "freetype::BdfRenderFuzzTarget"
driver_header = "font-drivers/bdf-render.h"
libfuzzer_options = [ "max_len=30000" ]
}
}

# Root BUILD.gn depends on this target so that the fuzzer definitions in this
# file can be discovered.
group("fuzzers") {
}
4 changes: 1 addition & 3 deletions third_party/freetype/BUILD.gn
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@ config("freetype_component_config") {
if (!is_component_build) {
defines += [ "CHROMIUM_RESTRICT_VISIBILITY" ]
}

}

config("freetype_config") {
Expand Down Expand Up @@ -126,6 +125,7 @@ source_set("freetype_source") {

if (!is_android) {
sources += [
"src/src/base/ftcid.c",
"src/src/cid/type1cid.c",
"src/src/type1/type1.c",
]
Expand All @@ -135,9 +135,7 @@ source_set("freetype_source") {
# Needed for content_shell on Linux and Chromecast, since fontconfig
# requires FT_Get_BDF_Property.
sources += [ "src/src/base/ftbdf.c" ]
}

if (is_linux || is_chromeos || is_chromecast) {
# Needed on Fedora whose libfreetype builds ftsynth.c containing
# FT_GlyphSlot_Embolden, which we need to replace in content_shell if
# we are linking against our own FreeType.
Expand Down

0 comments on commit 0db553e

Please sign in to comment.