First crack at oss-fuzz rigging for fontations (#12011)

Take a first swing at rigging a
https://github.com/googlefonts/fontations fuzzer. Setup based on
https://google.github.io/oss-fuzz/getting-started/new-project-guide/rust-lang/.
I have never rigged a Rust fuzzer before, advice most appreciated.

To increase our odds try to provide a decent corpus of test fonts.

For context Google Fonts and Chrome are collaborating to migrate some
text rendering paths in Chrome to use [skrifa](https://docs.rs/skrifa/)
instead of FreeType. As with woff2, we view fuzzing prior to shipping as
mandatory. EDIT: one more ref,
https://chromestatus.com/feature/5717358869217280.

Step toward https://github.com/googlefonts/fontations/issues/420.

The fuzzer is added to fontations in
https://github.com/googlefonts/fontations/pull/917. Best not to merge
this until that goes in. EDIT: now merged. Minimal function, will extend
use cases tested over time.

projects/fontations/Dockerfile

@@ -0,0 +1,24 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Based on https://google.github.io/oss-fuzz/getting-started/new-project-guide/rust-lang/
+
+FROM gcr.io/oss-fuzz-base/base-builder-rust
+
+RUN git clone --depth 1 https://github.com/googlefonts/fontations
+WORKDIR $SRC/fontations
+
+COPY build.sh $SRC/

projects/fontations/build.sh

@@ -0,0 +1,57 @@
+#!/bin/bash -eu
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# To test:
+#   export SRC=/tmp
+#   export OUT=/tmp
+#   git clone --depth 1 https://github.com/googlefonts/fontations /tmp/fontations
+#   rm -rf /tmp/{font_srcs,corpus_tmp}
+#   projects/fontations/build.sh
+
+CLONE_TMP="$SRC/font_srcs"
+CORPUS_TMP="$SRC/corpus_tmp"
+mkdir "$CLONE_TMP"
+mkdir "$CORPUS_TMP"
+
+pushd "$CLONE_TMP"
+git clone --depth 1 https://github.com/unicode-org/text-rendering-tests.git
+git clone --depth 1 https://github.com/googlefonts/color-fonts.git
+git clone --depth 1 https://github.com/harfbuzz/harfbuzz.git
+for d in text-rendering-tests/fonts color-fonts/fonts harfbuzz/test; do
+    find $d -name '*.[ot]t[fc]' -execdir cp {} ${CORPUS_TMP} \;
+done
+popd
+
+pushd "$CORPUS_TMP"
+zip seed_corpus.zip *
+popd
+
+cd $SRC/fontations
+# Add +nightly after cargo if running locally and getting: error: the option `Z` is only accepted on the nightly compiler
+cargo fuzz build -O --debug-assertions
+
+# Based on zip-rs
+RELEASE_DIR=target/x86_64-unknown-linux-gnu/release
+num_fuzzers=0
+for fuzzer in $(find $RELEASE_DIR -maxdepth 1 -type f -executable -name 'fuzz_*'  -exec basename {} \;); do
+    cp -v "$CORPUS_TMP/seed_corpus.zip" $(basename $fuzzer)_seed_corpus.zip
+    cp -v "$RELEASE_DIR/$fuzzer" $OUT/
+    num_fuzzers=$((num_fuzzers+1))
+done
+
+# If we found 0 fuzzers something is very wrong
+[[ "$num_fuzzers" -gt 0 ]] || { echo "No fuzzers!"; exit 1; }

projects/fontations/project.yaml

@@ -0,0 +1,11 @@
+homepage: "https://github.com/googlefonts/fontations"
+language: rust
+primary_contact: "rsheeter@google.com"
+auto_ccs:
+  - "drott@google.com"
+  - "grieger@google.com"
+sanitizers:
+  - address
+fuzzing_engines:
+  - libfuzzer
+main_repo: 'https://github.com/googlefonts/fontations'