Closed Bug 1603367 Opened 3 years ago Closed 3 years ago

Firefox throws error "downloadable font: hhea: bad caret offset:" [...] in console

Categories

(Core :: Layout: Text and Fonts, defect)

71 Branch
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: holmrichter, Unassigned)

Details

Attachments

(1 file)

48.91 KB, application/octet-stream
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36

Steps to reproduce:

I updated Firefox to Version 71.0 (64-Bit).
Then I visited a website with embedded custom fonts (woff).
The font is embedded with the font-face property via css, like this:
@font-face {
font-family: 'FreeMono';
src: url('FreeMono.woff') format('woff');
font-weight: normal;
font-style: normal;
}

Reproduce:
I was able to reproduce the error on the website "https://fontdrop.info/" by just uploading a font. The error message is shown, if you upload a *.woff, or also with a *.ttf. I'm not sure, if it happens with every font.

I could not reproduce this with Chrome.

Actual results:

Since this update, it throws errors relating to woff-fonts, see attached screenshots.
On one site, it shows the message:
"downloadable font: hhea: bad caret offset: -47 (font-family: "BrushScript" style:normal weight:400 stretch:100 src index:0) source: path/to/BrushScript.woff unknown:22:11"
Another site, using other fonts, shows:
"downloadable font: gasp: Changed the version number to 1 (font-family: "FreeMono" style:normal weight:400 stretch:100 src index:0) source: path/to/FreeMono.woff unknown:22:11"

Anyway, the fonts seem to render correct.

Expected results:

No error message should be shown.

(In reply to holmrichter from comment #0)

Created attachment 9115394 [details]
font_error_hhea_badcaret.JPG

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36

Steps to reproduce:

I updated Firefox to Version 71.0 (64-Bit).
Then I visited a website with embedded custom fonts (woff).
The font is embedded with the font-face property via css, like this:
@font-face {
font-family: 'FreeMono';
src: url('FreeMono.woff') format('woff');
font-weight: normal;
font-style: normal;
}

Reproduce:
I was able to reproduce the error on the website "https://fontdrop.info/" by just uploading a font. The error message is shown, if you upload a *.woff, or also with a *.ttf. I'm not sure, if it happens with every font.

I could not reproduce this with Chrome.

Actual results:

Since this update, it throws errors relating to woff-fonts, see attached screenshots.
On one site, it shows the message:
"downloadable font: hhea: bad caret offset: -47 (font-family: "BrushScript" style:normal weight:400 stretch:100 src index:0) source: *****/fonts/BrushScript/BrushScript.woff unknown:22:11"
Another site, using other fonts, shows:
"downloadable font: gasp: Changed the version number to 1 (font-family: "FreeMono" style:normal weight:400 stretch:100 src index:0) source: *****/fonts/FreeMono/FreeMono.woff unknown:22:11"

Anyway, the fonts seem to render correct.

Expected results:

No error message should be shown.

please remove the links in the description and the image, for privacy reasons

Group: firefox-core-security

I'll keep this as confidential until we've stripped the content you're worried about, but we may need the font files in order to reproduce. Would you mind uploading those to the bug (via https://bugzilla.mozilla.org/attachment.cgi?bugid=1603367&action=enter )?

Group: firefox-core-security → mozilla-employee-confidential
Component: Untriaged → Layout: Text and Fonts
Flags: needinfo?(holmrichter)
Product: Firefox → Core
Attached file FreeMono.woff
Flags: needinfo?(holmrichter)

The messages (they're warning rather than errors) come from the OpenType Sanitizer, which checks downloaded fonts for conformance with the OpenType spec. I checked both of these examples and the messages are correct; the font resources are erroneous (although OTS is able to fix up the errors and the fonts still work).

In the case of Brush Script, the font does not indicate in its 'head' table that it is a slanted face (although in fact it is), and therefore OTS expects the caretOffset field in the 'hhea' table to be zero, as per https://docs.microsoft.com/en-us/typography/opentype/spec/hhea.

In the case of FreeMono, the 'gasp' table has its version field set to zero, but according to https://docs.microsoft.com/en-us/typography/opentype/spec/gasp the only valid version number is 1.

So in each case, OTS issues a warning message to advise that the font resource is in violation of the OpenType spec requirements (although in these cases it is still usable).

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
Group: mozilla-employee-confidential

Thank you for the explanation.

If the messages are warnings, not errors, shouldn't they appear as warnings in the log (in yellow) instead of red error messages, filtered as error also?

That's a fair point, it would be nice to make a distinction. I filed bug 1603458 to do this.

You need to log in before you can comment on or make changes to this bug.