[Webkit-unassigned] [Bug 31106] Sanitize web fonts using the OTS library

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Nov 29 13:37:25 PST 2009 

https://bugs.webkit.org/show_bug.cgi?id=31106


Eric Seidel <eric at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #42808|review?                     |review+, commit-queue-
               Flag|                            |




--- Comment #47 from Eric Seidel <eric at webkit.org>  2009-11-29 13:37:24 PST ---
(From update of attachment 42808)
 54     // name table replacement and/or padding for glyf table.

"glyph" not "glyf"

 36 #include "opentype-sanitiser.h"

and

 9         and attempts to validate and sanitise them. We hope this reduces the
attack surface


sanitizer instead of sanitiser.

I just read through the entire patch for the first time and it otherwise looks
OK, those typos can be corrected on landing, but this cannot be cq+'d as is.

As far as I can tell this change is non-harmful to WebKit and helps Chromium
feel more secure.  I am certain there are real, exploitable bugs in system
font-parsers on the various OSes WebKit supports.

Adding a sanitization step allows WebKit to trade any known system font parser
bugs for possible WebKit or OpenTypeSanitizer bugs which can be contained in a
sandbox instead of being exploit-your-machine bugs.  To the best of my
knowledge, WebKit has historically done the same for CG and Skia graphics
libraries.  I see this as a similar approach.

I've not spoke with any of the other Chromium folks in person about this, but
from a WebKit perspective, this seems like a good change to make.

I think other ports are going to want to adopt this type of sanitization. 
Whether that means we eventually need to move this "OTS" code into WebKit or
not, I'm not sure.  We don't include libxslt in WebKit, and I see this as
similar.

Obviously we should not commit this with objection remaining, but I'll mark
this with r+ representing my support of this patch.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list