Google has open-sourced an internal tool that can help security researchers find security bugs in font display (rasterization) components.
The tool is named BrokenType and is the work of Google Project Zero security engineer Mateusz Jurczyk, one of the leading experts in font-related security bugs [1, 2, 3].
At its core, BrokenType is a fuzzer, which is a special tool that feeds a software application with large quantities of random data and analyzes their output for abnormalities –which, in turn, give developers a hint about the presence of possible bugs in their code.