Add freetype-testing and build truetype-render-fuzzer

The FreeType-Testing GitHub repository is a project connected to
the FreeType font rasterisation library which provides a set of
fuzzing-harnesses for oss-fuzz. After issue 1139963 we want to build and
run a fuzzing configuration that matches the FreeType build
configuration that we use for Chromium. This CL achieves that for the
first harness: truetype-render-fuzzer, the main glyph rasterisation
harness.

The CL adds the GPL-licensed FreeType-Testing repository to third-party
as a non-shipping dependency in order to be able to build the same
harnesses as part of Chromium and against Chromium's freetype-harfbuzz
build target.

It defines a fuzzer_test build target to build the
TrueTypeRenderFuzzTarget and defines which seed_corpus directory to use
from the freetype-testing set of corpora.

Bug: 1140584
Cq-Include-Trybots: luci.chromium.try:linux-libfuzzer-asan-rel
Change-Id: Icb2ab2d4ee65fd7d1d45ebfe9ca01ff0ef3628e0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2529104Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Ben Wagner <bungeman@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Commit-Queue: Dominik Röttsches <drott@chromium.org>
Cr-Commit-Position: refs/heads/master@{#826696}

BUILD.gn

@@ -769,6 +769,7 @@ group("gn_all") {
     deps += [
       "//chrome/services/ipp_parser/public/cpp:fuzzers",
       "//testing/libfuzzer/fuzzers",
+      "//third_party/freetype-testing:freetype_truetype_render_fuzzer",
       "//third_party/grpc:fuzzers",
       "//third_party/icu/fuzzers",
       "//third_party/qcms:fuzzers",

DEPS

@@ -250,6 +250,10 @@ vars = {
   # and whatever else without interference from each other.
   'freetype_revision': '32b14552d662f28290e2792ce775fcd65397479a',
   # Three lines of non-changing comments so that
+  # the commit queue can handle CLs rolling freetype
+  # and whatever else without interference from each other.
+  'freetype_testing_revision': 'bf5001a755f7a1196c19ddb13b2a14cb5dfe10b7',
+  # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling HarfBuzz
   # and whatever else without interference from each other.
   'harfbuzz_revision': 'c39ab82c90479341dcf28eaa8174af6f08c0d7ae',
@@ -944,6 +948,9 @@ deps = {
   'src/third_party/freetype/src':
     Var('chromium_git') + '/chromium/src/third_party/freetype2.git' + '@' + Var('freetype_revision'),
 
+  'src/third_party/freetype-testing/src':
+    Var('chromium_git') + '/external/github.com/freetype/freetype2-testing.git' + '@' + Var('freetype_testing_revision'),
+
   'src/third_party/harfbuzz-ng/src':
     Var('chromium_git') + '/external/github.com/harfbuzz/harfbuzz.git' + '@' + Var('harfbuzz_revision'),
 

third_party/freetype-testing/BUILD.gn

+# Copyright 2020 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+import("//build/config/freetype/freetype.gni")
+import("//testing/libfuzzer/fuzzer_test.gni")
+
+source_set("freetype-testing") {
+}
+
+config("build_truetype_render_fuzzer") {
+  include_dirs = [ "src/fuzzing/src/" ]
+  defines = [
+    "FUZZ_TARGET_HEADER_PATH=\"targets/font-drivers/truetype-render.h\"",
+    "FUZZ_TARGET_CLASS_NAME=freetype::TrueTypeRenderFuzzTarget",
+  ]
+}
+
+fuzzer_test("freetype_truetype_render_fuzzer") {
+  additional_configs = [ ":build_truetype_render_fuzzer" ]
+  _src = "src/fuzzing/src"
+  sources = [
+    "$_src/fuzzers/template.cpp",
+    "$_src/iterators/faceloaditerator.cpp",
+    "$_src/iterators/faceprepiterator-bitmaps.cpp",
+    "$_src/iterators/faceprepiterator-multiplemasters.cpp",
+    "$_src/iterators/faceprepiterator-outlines.cpp",
+    "$_src/iterators/faceprepiterator.cpp",
+    "$_src/iterators/glyphloaditerator-naive.cpp",
+    "$_src/iterators/glyphloaditerator.cpp",
+    "$_src/iterators/glyphrenderiterator-allmodes.cpp",
+    "$_src/iterators/glyphrenderiterator.cpp",
+    "$_src/targets/FaceFuzzTarget.cpp",
+    "$_src/targets/FuzzTarget.cpp",
+    "$_src/targets/font-drivers/truetype-render.cpp",
+    "$_src/utils/faceloader.cpp",
+    "$_src/utils/utils.cpp",
+    "$_src/visitors/facevisitor-autohinter.cpp",
+    "$_src/visitors/facevisitor-loadglyphs-bitmaps.cpp",
+    "$_src/visitors/facevisitor-loadglyphs-outlines.cpp",
+    "$_src/visitors/facevisitor-loadglyphs.cpp",
+    "$_src/visitors/facevisitor-renderglyphs.cpp",
+    "$_src/visitors/facevisitor-subglyphs.cpp",
+  ]
+  deps = [ "//third_party:freetype_harfbuzz" ]
+  seed_corpus = "src/fuzzing/corpora/truetype-render"
+}

third_party/freetype-testing/OWNERS

+bungeman@chromium.org
+drott@chromium.org
+# COMPONENT: Blink>Fonts

third_party/freetype-testing/README.chromium

+Name: FreeType-Testing
+URL: https://github.com/freetype/freetype2-testing
+Version: VER-bf5001a755
+Revision: bf5001a755f7a1196c19ddb13b2a14cb5dfe10b7
+License: GPL
+License File: NOT_SHIPPED
+Security Critical: no
+License Android Compatible: yes
+
+Description:
+This package tracks the freetype-testing repository which is a collection of
+fuzzer harnesses that provide coverage for freetype for oss-fuzz. We want to run
+some of the fuzzing harness as part of Chromium's own fuzzing. This is the
+reason for this repository to be included.
+
+How to update:
+1. Update the revision in this file, and the freetype-testing revision in the
+   top level Chromium DEPS file.
+2. Update BUILD.gn to reflect changes if needed.