Open Bug 1572931 Opened 6 years ago Updated 3 years ago

Don't drop AAT table from webfonts with OTS

Categories

(Core :: Layout: Text and Fonts, defect, P3)

Product:
Core
Component:
Layout: Text and Fonts
Version:
68 Branch
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: ebrahim, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36

Steps to reproduce:

http://ebraminio.github.io/sandbox/index.html

Actual results:

It doesn't show first and third as black circles with white text as it drops AAT table.

Expected results:

As described.

Reported in Chrome also https://bugs.chromium.org/p/chromium/issues/detail?id=992446

(I haven't tested trunk versions of Firefox and the code, sorry beforehand if is fixed there)

Severity: normal → minor
Type: enhancement → defect
Component: Untriaged → Layout: Text and Fonts
Priority: -- → P3
Product: Firefox → Core

It's the same on trunk. Historically, there hasn't been a lot of demand for using AAT fonts as webfonts (in general, they wouldn't have worked on non-Apple platforms), and Core Text shaping could be a bit fragile, so dropping the AAT tables avoided exposing a bunch of extra attack surface.

Ideally, OTS would be extended to validate the AAT tables, though we could consider passing them through unchecked if we have sufficient confidence that HarfBuzz's AAT handling is fully robust.

Asked here also apparently https://bugzilla.mozilla.org/show_bug.cgi?id=602411
HarfBuzz AAT is fuzzed and its issues have found and fixed so I guess having OTS to implement it first is not that useful.

And asked here https://bugzilla.mozilla.org/show_bug.cgi?id=768322 very long time before

Severity: minor → S4
You need to log in before you can comment on or make changes to this bug.