├── README.TXT
├── Release
    ├── MsFontsFuzz.exe
    ├── MsFontsFuzz.pdb
    ├── BrushScriptStd.otf
    └── BrushScriptStd_Fuzzing.bat
├── MsFontsFuzz
    ├── MsFontsFuzz.cpp
    ├── rng.h
    ├── stdafx.h
    ├── stdafx.cpp
    ├── targetver.h
    ├── rng.cpp
    └── MsFontsFuzz.vcproj
└── MsFontsFuzz.sln


/README.TXT:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Cr4sh/MsFontsFuzz/HEAD/README.TXT


--------------------------------------------------------------------------------
/Release/MsFontsFuzz.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Cr4sh/MsFontsFuzz/HEAD/Release/MsFontsFuzz.exe


--------------------------------------------------------------------------------
/Release/MsFontsFuzz.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Cr4sh/MsFontsFuzz/HEAD/Release/MsFontsFuzz.pdb


--------------------------------------------------------------------------------
/MsFontsFuzz/MsFontsFuzz.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Cr4sh/MsFontsFuzz/HEAD/MsFontsFuzz/MsFontsFuzz.cpp


--------------------------------------------------------------------------------
/Release/BrushScriptStd.otf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Cr4sh/MsFontsFuzz/HEAD/Release/BrushScriptStd.otf


--------------------------------------------------------------------------------
/MsFontsFuzz/rng.h:
--------------------------------------------------------------------------------
1 | void init_genrand(unsigned long s);
2 | void init_by_array(unsigned long init_key[], int key_length);
3 | unsigned long genrand_int32(void);
4 | unsigned long getrand(unsigned long min, unsigned long max);
5 | 


--------------------------------------------------------------------------------
/Release/BrushScriptStd_Fuzzing.bat:
--------------------------------------------------------------------------------
1 | @echo off
2 | MsFontsFuzz.exe "Brush Script Std" .\BrushScriptStd.otf -BLOCK_SIZE 1 -BLOCK_RANGE_START 0x00 -BLOCK_RANGE_END 0xff -BLOCK_RANGE_N 1 -FILE_RANGE_START 0x298a -FILE_RANGE_END 0x298f
3 | 


--------------------------------------------------------------------------------
/MsFontsFuzz/stdafx.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | #include "targetver.h"
 4 | 
 5 | #include <stdio.h>
 6 | #include <tchar.h>
 7 | #include <conio.h>
 8 | #include <windows.h>
 9 | #include <shlwapi.h>
10 | 
11 | #include "rng.h"
12 | 


--------------------------------------------------------------------------------
/MsFontsFuzz/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // MsFontsFuzz.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/MsFontsFuzz/targetver.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | // The following macros define the minimum required platform.  The minimum required platform
 4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run 
 5 | // your application.  The macros work by enabling all features available on platform versions up to and 
 6 | // including the version specified.
 7 | 
 8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
 9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef _WIN32_WINNT            // Specifies that the minimum required platform is Windows Vista.
11 | #define _WIN32_WINNT 0x0600     // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 | 
14 | 


--------------------------------------------------------------------------------
/MsFontsFuzz.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 10.00
 3 | # Visual Studio 2008
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MsFontsFuzz", "MsFontsFuzz\MsFontsFuzz.vcproj", "{A81B96FC-546B-428C-9F16-5B7950D0CBAF}"
 5 | EndProject
 6 | Global
 7 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 8 | 		Debug|Win32 = Debug|Win32
 9 | 		Release|Win32 = Release|Win32
10 | 	EndGlobalSection
11 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | 		{A81B96FC-546B-428C-9F16-5B7950D0CBAF}.Debug|Win32.ActiveCfg = Debug|Win32
13 | 		{A81B96FC-546B-428C-9F16-5B7950D0CBAF}.Debug|Win32.Build.0 = Debug|Win32
14 | 		{A81B96FC-546B-428C-9F16-5B7950D0CBAF}.Release|Win32.ActiveCfg = Release|Win32
15 | 		{A81B96FC-546B-428C-9F16-5B7950D0CBAF}.Release|Win32.Build.0 = Release|Win32
16 | 	EndGlobalSection
17 | 	GlobalSection(SolutionProperties) = preSolution
18 | 		HideSolutionNode = FALSE
19 | 	EndGlobalSection
20 | EndGlobal
21 | 


--------------------------------------------------------------------------------
/MsFontsFuzz/rng.cpp:
--------------------------------------------------------------------------------
  1 | /* 
  2 |    A C-program for MT19937, with initialization improved 2002/1/26.
  3 |    Coded by Takuji Nishimura and Makoto Matsumoto.
  4 | 
  5 |    Before using, initialize the state by using init_genrand(seed)  
  6 |    or init_by_array(init_key, key_length).
  7 | 
  8 |    Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura,
  9 |    All rights reserved.                          
 10 | 
 11 |    Redistribution and use in source and binary forms, with or without
 12 |    modification, are permitted provided that the following conditions
 13 |    are met:
 14 | 
 15 |      1. Redistributions of source code must retain the above copyright
 16 |         notice, this list of conditions and the following disclaimer.
 17 | 
 18 |      2. Redistributions in binary form must reproduce the above copyright
 19 |         notice, this list of conditions and the following disclaimer in the
 20 |         documentation and/or other materials provided with the distribution.
 21 | 
 22 |      3. The names of its contributors may not be used to endorse or promote 
 23 |         products derived from this software without specific prior written 
 24 |         permission.
 25 | 
 26 |    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 27 |    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 28 |    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 29 |    A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 30 |    CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 31 |    EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 32 |    PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 33 |    PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 34 |    LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 35 |    NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 36 |    SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 37 | 
 38 | 
 39 |    Any feedback is very welcome.
 40 |    http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html
 41 |    email: m-mat @ math.sci.hiroshima-u.ac.jp (remove space)
 42 | */
 43 | 
 44 | #include "stdafx.h"
 45 | 
 46 | /* Period parameters */  
 47 | #define N 624
 48 | #define M 397
 49 | #define MATRIX_A 0x9908b0dfUL   /* constant vector a */
 50 | #define UPPER_MASK 0x80000000UL /* most significant w-r bits */
 51 | #define LOWER_MASK 0x7fffffffUL /* least significant r bits */
 52 | 
 53 | static unsigned long mt[N]; /* the array for the state vector  */
 54 | static int mti=N+1; /* mti==N+1 means mt[N] is not initialized */
 55 | 
 56 | /* initializes mt[N] with a seed */
 57 | void init_genrand(unsigned long s)
 58 | {
 59 |     mt[0]= s & 0xffffffffUL;
 60 |     for (mti=1; mti<N; mti++) {
 61 |         mt[mti] = 
 62 | 	    (1812433253UL * (mt[mti-1] ^ (mt[mti-1] >> 30)) + mti); 
 63 |         /* See Knuth TAOCP Vol2. 3rd Ed. P.106 for multiplier. */
 64 |         /* In the previous versions, MSBs of the seed affect   */
 65 |         /* only MSBs of the array mt[].                        */
 66 |         /* 2002/01/09 modified by Makoto Matsumoto             */
 67 |         mt[mti] &= 0xffffffffUL;
 68 |         /* for >32 bit machines */
 69 |     }
 70 | }
 71 | 
 72 | /* initialize by an array with array-length */
 73 | /* init_key is the array for initializing keys */
 74 | /* key_length is its length */
 75 | /* slight change for C++, 2004/2/26 */
 76 | void init_by_array(unsigned long init_key[], int key_length)
 77 | {
 78 |     int i, j, k;
 79 |     init_genrand(19650218UL);
 80 |     i=1; j=0;
 81 |     k = (N>key_length ? N : key_length);
 82 |     for (; k; k--) {
 83 |         mt[i] = (mt[i] ^ ((mt[i-1] ^ (mt[i-1] >> 30)) * 1664525UL))
 84 |           + init_key[j] + j; /* non linear */
 85 |         mt[i] &= 0xffffffffUL; /* for WORDSIZE > 32 machines */
 86 |         i++; j++;
 87 |         if (i>=N) { mt[0] = mt[N-1]; i=1; }
 88 |         if (j>=key_length) j=0;
 89 |     }
 90 |     for (k=N-1; k; k--) {
 91 |         mt[i] = (mt[i] ^ ((mt[i-1] ^ (mt[i-1] >> 30)) * 1566083941UL))
 92 |           - i; /* non linear */
 93 |         mt[i] &= 0xffffffffUL; /* for WORDSIZE > 32 machines */
 94 |         i++;
 95 |         if (i>=N) { mt[0] = mt[N-1]; i=1; }
 96 |     }
 97 | 
 98 |     mt[0] = 0x80000000UL; /* MSB is 1; assuring non-zero initial array */ 
 99 | }
100 | 
101 | /* generates a random number on [0,0xffffffff]-interval */
102 | unsigned long genrand_int32(void)
103 | {
104 |     unsigned long y;
105 |     static unsigned long mag01[2]={0x0UL, MATRIX_A};
106 |     /* mag01[x] = x * MATRIX_A  for x=0,1 */
107 | 
108 |     if (mti >= N) { /* generate N words at one time */
109 |         int kk;
110 | 
111 |         if (mti == N+1)   /* if init_genrand() has not been called, */
112 |             init_genrand(5489UL); /* a default initial seed is used */
113 | 
114 |         for (kk=0;kk<N-M;kk++) {
115 |             y = (mt[kk]&UPPER_MASK)|(mt[kk+1]&LOWER_MASK);
116 |             mt[kk] = mt[kk+M] ^ (y >> 1) ^ mag01[y & 0x1UL];
117 |         }
118 |         for (;kk<N-1;kk++) {
119 |             y = (mt[kk]&UPPER_MASK)|(mt[kk+1]&LOWER_MASK);
120 |             mt[kk] = mt[kk+(M-N)] ^ (y >> 1) ^ mag01[y & 0x1UL];
121 |         }
122 |         y = (mt[N-1]&UPPER_MASK)|(mt[0]&LOWER_MASK);
123 |         mt[N-1] = mt[M-1] ^ (y >> 1) ^ mag01[y & 0x1UL];
124 | 
125 |         mti = 0;
126 |     }
127 |   
128 |     y = mt[mti++];
129 | 
130 |     /* Tempering */
131 |     y ^= (y >> 11);
132 |     y ^= (y << 7) & 0x9d2c5680UL;
133 |     y ^= (y << 15) & 0xefc60000UL;
134 |     y ^= (y >> 18);
135 | 
136 |     return y;
137 | }
138 | 
139 | unsigned long getrand(unsigned long min, unsigned long max)
140 | {
141 |     /* generate random-in-range long value */
142 |     return (genrand_int32() % (max - min + 1)) + min;
143 | }
144 | 


--------------------------------------------------------------------------------
/MsFontsFuzz/MsFontsFuzz.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="windows-1251"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="9,00"
  5 | 	Name="MsFontsFuzz"
  6 | 	ProjectGUID="{A81B96FC-546B-428C-9F16-5B7950D0CBAF}"
  7 | 	RootNamespace="MsFontsFuzz"
  8 | 	Keyword="Win32Proj"
  9 | 	TargetFrameworkVersion="196613"
 10 | 	>
 11 | 	<Platforms>
 12 | 		<Platform
 13 | 			Name="Win32"
 14 | 		/>
 15 | 	</Platforms>
 16 | 	<ToolFiles>
 17 | 	</ToolFiles>
 18 | 	<Configurations>
 19 | 		<Configuration
 20 | 			Name="Debug|Win32"
 21 | 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
 22 | 			IntermediateDirectory="$(ConfigurationName)"
 23 | 			ConfigurationType="1"
 24 | 			CharacterSet="1"
 25 | 			>
 26 | 			<Tool
 27 | 				Name="VCPreBuildEventTool"
 28 | 			/>
 29 | 			<Tool
 30 | 				Name="VCCustomBuildTool"
 31 | 			/>
 32 | 			<Tool
 33 | 				Name="VCXMLDataGeneratorTool"
 34 | 			/>
 35 | 			<Tool
 36 | 				Name="VCWebServiceProxyGeneratorTool"
 37 | 			/>
 38 | 			<Tool
 39 | 				Name="VCMIDLTool"
 40 | 			/>
 41 | 			<Tool
 42 | 				Name="VCCLCompilerTool"
 43 | 				Optimization="0"
 44 | 				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
 45 | 				MinimalRebuild="true"
 46 | 				BasicRuntimeChecks="3"
 47 | 				RuntimeLibrary="1"
 48 | 				UsePrecompiledHeader="2"
 49 | 				WarningLevel="3"
 50 | 				DebugInformationFormat="4"
 51 | 			/>
 52 | 			<Tool
 53 | 				Name="VCManagedResourceCompilerTool"
 54 | 			/>
 55 | 			<Tool
 56 | 				Name="VCResourceCompilerTool"
 57 | 			/>
 58 | 			<Tool
 59 | 				Name="VCPreLinkEventTool"
 60 | 			/>
 61 | 			<Tool
 62 | 				Name="VCLinkerTool"
 63 | 				AdditionalDependencies="shlwapi.lib ws2_32.lib"
 64 | 				LinkIncremental="2"
 65 | 				GenerateDebugInformation="true"
 66 | 				SubSystem="1"
 67 | 				TargetMachine="1"
 68 | 			/>
 69 | 			<Tool
 70 | 				Name="VCALinkTool"
 71 | 			/>
 72 | 			<Tool
 73 | 				Name="VCManifestTool"
 74 | 			/>
 75 | 			<Tool
 76 | 				Name="VCXDCMakeTool"
 77 | 			/>
 78 | 			<Tool
 79 | 				Name="VCBscMakeTool"
 80 | 			/>
 81 | 			<Tool
 82 | 				Name="VCFxCopTool"
 83 | 			/>
 84 | 			<Tool
 85 | 				Name="VCAppVerifierTool"
 86 | 			/>
 87 | 			<Tool
 88 | 				Name="VCPostBuildEventTool"
 89 | 			/>
 90 | 		</Configuration>
 91 | 		<Configuration
 92 | 			Name="Release|Win32"
 93 | 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
 94 | 			IntermediateDirectory="$(ConfigurationName)"
 95 | 			ConfigurationType="1"
 96 | 			CharacterSet="1"
 97 | 			WholeProgramOptimization="1"
 98 | 			>
 99 | 			<Tool
100 | 				Name="VCPreBuildEventTool"
101 | 			/>
102 | 			<Tool
103 | 				Name="VCCustomBuildTool"
104 | 			/>
105 | 			<Tool
106 | 				Name="VCXMLDataGeneratorTool"
107 | 			/>
108 | 			<Tool
109 | 				Name="VCWebServiceProxyGeneratorTool"
110 | 			/>
111 | 			<Tool
112 | 				Name="VCMIDLTool"
113 | 			/>
114 | 			<Tool
115 | 				Name="VCCLCompilerTool"
116 | 				Optimization="2"
117 | 				EnableIntrinsicFunctions="true"
118 | 				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
119 | 				RuntimeLibrary="0"
120 | 				EnableFunctionLevelLinking="true"
121 | 				UsePrecompiledHeader="2"
122 | 				WarningLevel="3"
123 | 				DebugInformationFormat="3"
124 | 			/>
125 | 			<Tool
126 | 				Name="VCManagedResourceCompilerTool"
127 | 			/>
128 | 			<Tool
129 | 				Name="VCResourceCompilerTool"
130 | 			/>
131 | 			<Tool
132 | 				Name="VCPreLinkEventTool"
133 | 			/>
134 | 			<Tool
135 | 				Name="VCLinkerTool"
136 | 				AdditionalDependencies="ws2_32.lib shlwapi.lib"
137 | 				LinkIncremental="1"
138 | 				GenerateDebugInformation="true"
139 | 				SubSystem="1"
140 | 				OptimizeReferences="2"
141 | 				EnableCOMDATFolding="2"
142 | 				TargetMachine="1"
143 | 			/>
144 | 			<Tool
145 | 				Name="VCALinkTool"
146 | 			/>
147 | 			<Tool
148 | 				Name="VCManifestTool"
149 | 			/>
150 | 			<Tool
151 | 				Name="VCXDCMakeTool"
152 | 			/>
153 | 			<Tool
154 | 				Name="VCBscMakeTool"
155 | 			/>
156 | 			<Tool
157 | 				Name="VCFxCopTool"
158 | 			/>
159 | 			<Tool
160 | 				Name="VCAppVerifierTool"
161 | 			/>
162 | 			<Tool
163 | 				Name="VCPostBuildEventTool"
164 | 			/>
165 | 		</Configuration>
166 | 	</Configurations>
167 | 	<References>
168 | 	</References>
169 | 	<Files>
170 | 		<Filter
171 | 			Name="Source Files"
172 | 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
173 | 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
174 | 			>
175 | 			<File
176 | 				RelativePath=".\MsFontsFuzz.cpp"
177 | 				>
178 | 			</File>
179 | 			<File
180 | 				RelativePath=".\rng.cpp"
181 | 				>
182 | 			</File>
183 | 			<File
184 | 				RelativePath=".\stdafx.cpp"
185 | 				>
186 | 				<FileConfiguration
187 | 					Name="Debug|Win32"
188 | 					>
189 | 					<Tool
190 | 						Name="VCCLCompilerTool"
191 | 						UsePrecompiledHeader="1"
192 | 					/>
193 | 				</FileConfiguration>
194 | 				<FileConfiguration
195 | 					Name="Release|Win32"
196 | 					>
197 | 					<Tool
198 | 						Name="VCCLCompilerTool"
199 | 						UsePrecompiledHeader="1"
200 | 					/>
201 | 				</FileConfiguration>
202 | 			</File>
203 | 		</Filter>
204 | 		<Filter
205 | 			Name="Header Files"
206 | 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
207 | 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
208 | 			>
209 | 			<File
210 | 				RelativePath=".\rng.h"
211 | 				>
212 | 			</File>
213 | 			<File
214 | 				RelativePath=".\stdafx.h"
215 | 				>
216 | 			</File>
217 | 			<File
218 | 				RelativePath=".\targetver.h"
219 | 				>
220 | 			</File>
221 | 		</Filter>
222 | 		<Filter
223 | 			Name="Resource Files"
224 | 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
225 | 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
226 | 			>
227 | 		</Filter>
228 | 	</Files>
229 | 	<Globals>
230 | 	</Globals>
231 | </VisualStudioProject>
232 | 


--------------------------------------------------------------------------------