Integrating with OSS-Fuzz

[Google-Autofuzz]

Greetings freetype-gl developers and contributors,

We’re reaching out because your project is an important part of the open source ecosystem, and we’d like to invite you to integrate with our fuzzing service, OSS-Fuzz. OSS-Fuzz is a free fuzzing infrastructure you can use to identify security vulnerabilities and stability bugs in your project. OSS-Fuzz will:

• Continuously run all the fuzzers you write.
• Alert you when it finds issues.
• Automatically close issues after they’ve been fixed by a commit.

Many widely used open source projects like OpenSSL, FFmpeg, LibreOffice, and ImageMagick are fuzzing via OSS-Fuzz, which helps them find and remediate critical issues.

Even though typical integrations can be done in < 100 LoC, we have a reward program in place which aims to recognize folks who are not just contributing to open source, but are also working hard to make it more secure.

We want to stress that anyone who meets the eligibility criteria and integrates a project with OSS-Fuzz is eligible for a reward.

To help you getting started, we attached our internal fuzzer for your project that you are welcome to use directly, or to use it as a starting point.

If you're not interested in integrating with OSS-Fuzz, it would be helpful for us to understand why—lack of interest, lack of time, or something else—so we can better support projects like yours in the future.

If we’ve missed your question in our FAQ, feel free to reply or reach out to us at [email protected].

Thanks!

Julien,
OSS-Fuzz Team

---

#include <stddef.h>
#include <stdint.h>
#include "third_party/freetype_gl/freetype-gl.h"

static void ExamineGlyphs(const wchar_t* text,
                          texture_font_t* font) {
  if (texture_font_load_glyphs(font, text) != 0) {
    return;
  }
  while (*text != '\0') {
    texture_glyph_t* glyph = texture_font_get_glyph(font, *text);
    if (glyph != NULL) {
      texture_glyph_get_kerning(glyph, *text);
    }
    ++text;
  }
}

int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  if (size == 0) {
    return 0;
  }
  texture_atlas_t* atlas = texture_atlas_new(1024, 1024, 1);
  if (atlas == NULL) {
    return 0;
  }

  // Note: you can create a new font for various different pt_sizes, i.e. it
  // might be useful to fuzz the pt_size variable along with the input buffer.
  const float pt_size = 12.0f;
  texture_font_t* font =
      texture_font_new_from_memory(atlas, pt_size, data, size);
  if (font == NULL) {
    texture_atlas_delete(atlas);
    return 0;
  }

  // Note: you can create load glyphs using arbitrary text. Might be useful to
  // fuzz these.
  const wchar_t text[] = L"some text sequence";
  ExamineGlyphs(text, font);

  texture_font_delete(font);
  texture_atlas_delete(atlas);
  return 0;

[rougier]

Anybody familiar with this service ?

[Google-Autofuzz]

If you need help, we can help to start the integration. Do you want us to help?

[rougier]

No, I would like first to have more explanation on your first message (is that an automated message, what does the attached code is supposed to explain, etc.). I looked at your FAQ but is is far from clear.

[Google-Autofuzz]

Sure, sorry if the meaning wasn't clear.

The first message isn't an automated one, hence why it was signed by Julien, who is a Google employee doing some outreach for OSS-Fuzz.

The attached code is a fuzzer, that we are currently running internally. It feeds random data to functions from the freetype-gl API, trying to uncover problematic outcomes, like hangs or crashes, in order to fix them, to improve the reliability and security of freetype-gl.

OSS-Fuzz is a service that could be compared to appveyor or travis-ci, that you're already using, but instead of trying to simply build your software and run your testsuite, it will continually fuzz it, and let you know if a crash or a hang is found.

The goal of the first message was to advertise OSS-Fuzz to you, ask if you would be interested in integrating freetype-gl in it, offer monetary compensation for this work, and give you our fuzzer as a starting point.