[Webkit-unassigned] [Bug 31106] Sanitize web fonts using the OTS library
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 9 17:27:03 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=31106
--- Comment #39 from John Daggett <jdaggett at mozilla.com> 2009-11-09 17:27:00 PDT ---
I'm curious why OpenType layout (e.g. GPOS/GSUB) and AAT (e.g. morx) tables are
omitted from the sanitizer. My experience fixing font bugs in Firefox makes me
think that these are actually more susceptible to attack then many of the base
level TrueType tables, since the complexity of these tables easily hides
underlying bugs.
One other thing to note here is that Webkit code currently uses the t2embed
library for loading ttf fonts. There have been known problems with this
library in the past:
KB 961371 Vulnerabilities in the Embedded OpenType Font Engine could allow
remote code execution
http://support.microsoft.com/kb/961371
If you're implementing a sanitizer seems like you really should be skipping
calls to t2embed and instead using the low-level font loading API's, as is done
for CFF fonts currently.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list