[fuzzing] Fuzz input text

Very rudimentary right now, but will get kcc's bot going.

From
https://github.com/behdad/harfbuzz/issues/139#issuecomment-163580783

diff --git a/test/fuzzing/hb-fuzzer.cc b/test/fuzzing/hb-fuzzer.cc
index 1412567..c01c57f 100644 (file)
--- a/test/fuzzing/hb-fuzzer.cc
+++ b/test/fuzzing/hb-fuzzer.cc
@@ -1,9 +1,9 @@
 #include <stddef.h>
 #include <hb.h>
 #include <hb-ot.h>
+#include <string.h>
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-  const char text[] = "ABCDEXYZ123@_%&)*$!";
 
   hb_blob_t *blob = hb_blob_create((const char *)data, size,
                                    HB_MEMORY_MODE_READONLY, NULL, NULL);
@@ -12,13 +12,26 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   hb_ot_font_set_funcs(font);
   hb_font_set_scale(font, 12, 12);
 
-  hb_buffer_t *buffer = hb_buffer_create();
-  hb_buffer_add_utf8(buffer, text, -1, 0, -1);
-  hb_buffer_guess_segment_properties(buffer);
+  {
+    const char text[] = "ABCDEXYZ123@_%&)*$!";
+    hb_buffer_t *buffer = hb_buffer_create();
+    hb_buffer_add_utf8(buffer, text, -1, 0, -1);
+    hb_buffer_guess_segment_properties(buffer);
+    hb_shape(font, buffer, NULL, 0);
+    hb_buffer_destroy(buffer);
+  }
+
+  uint32_t text32[16];
+  if (size > sizeof(text32)) {
+    memcpy(text32, data + size - sizeof(text32), sizeof(text32));
+    hb_buffer_t *buffer = hb_buffer_create();
+    hb_buffer_add_utf32(buffer, text32, sizeof(text32)/sizeof(text32[0]), 0, -1);
+    hb_buffer_guess_segment_properties(buffer);
+    hb_shape(font, buffer, NULL, 0);
+    hb_buffer_destroy(buffer);
+  }
 
-  hb_shape(font, buffer, NULL, 0);
 
-  hb_buffer_destroy(buffer);
   hb_font_destroy(font);
   hb_face_destroy(face);
   hb_blob_destroy(blob);