The loader is designed to load font files using the DirectWrite interface (the engine used by all major Windows web browsers at the time of this writing), and test its rasterization code against malformed input. The purpose of the program is to stress-test as much font-handling code as possible, and to execute it for all glyphs found in the font file instead of a limited charset such as just the ASCII characters.
The font-related DirectWrite calls made by the loader are listed below:
- IDWriteFactory::CreateFontFileReference
- IDWriteFactory::CreateFontFace
- IDWriteFontFile::Analyze
- IDWriteFontFace::GetMetrics
- IDWriteFontFace::GetDesignGlyphMetrics
- IDWriteFontFace::GetGlyphIndices
- IDWriteFontFace1::GetUnicodeRanges
- IDWriteBitmapRenderTarget::DrawGlyphRun
The application can be compiled with Microsoft Visual Studio after importing ttf-otf-dwrite-loader.cpp and config.h into a new project.
Using the tool is as simple as passing the path of the tested TTF/OTF font in the first argument, for example:
c:\ttf-otf-dwrite-loader>ttf-otf-dwrite-loader.exe C:\Windows\Fonts\arial.ttf
[+] Input font is supported, with file type 2, face type 1 and number of faces 1
[+] Loaded 140 unicode ranges from the input font
[+] Font processing completed
[+] Font displayed without errors.
c:\ttf-otf-dwrite-loader>
In addition to the standard output, you should also observe the font's glyphs being drawn in the upper left corner of the screen:
During fuzzing, we recommend enabling Page Heap for the loader process, for better detection of out-of-bounds and uninitialized memory bugs.