Closed Bug 576997 Opened 14 years ago Closed 14 years ago

Need to upgrade in-tree FreeType to 2.4.0 once it has been released

Categories

(Core :: Layout: Text and Fonts, defect)

Product:
Core
Component:
Layout: Text and Fonts
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
blocking2.0 --- final+
fennec 2.0+ ---

People

(Reporter: reed, Assigned: blassey)

References

Details

(Whiteboard: [sg:critical?] android only)

Attachments

(1 file)

patch to update to 2.4.1
1.33 MB, patch
benjamin
: review+
Details | Diff | Splinter Review 
Robert Święcki of Google Switzerland GmbH reported multiple (possibly security-related) bugs in FreeType 2.3.12 and earlier. Once FreeType 2.4.0 has been released, we need to upgrade our in-tree copies to ensure we have the fixes for these issues. Filing this as a tracker bug to ensure we do that and don't miss it.
blocking2.0: --- → ?
status2.0: --- → ?
Is anything on 1.9.2 or 1.9.1 using the in-free FreeType yet?
Summary: Need to upgrade in-tree FreeType to 2.4.0 once it has been released → Need to upgrade in-tree FreeType to 2.4.0 once it has been released
I recommend checking out the http://code.google.com/p/ots/ - as far as i know it's been written to support OTF/TTF/WOFF in chromium. But the library is pretty portable, so maybe you should think about using it as well (none of the bugs I've reported affects chromiu, even though it's using freetype under linux/macos)
We don't use in-tree Freetype in any desktop build. We may be using it on some mobile builds, I'm not sure.
(In reply to comment #3)
> We don't use in-tree Freetype in any desktop build. We may be using it on some
> mobile builds, I'm not sure.

We haven't had an official release using in-tree freetype yet
Well, libots is a very robust sanitizer. It's not only protecting against libfreetype bugs (I managed to find only one that passed libots verigication, a NULL-ptr  deref. in freetype, but it's already been fixed). I think that it's even more useful when protecting Windows' in-kernel font renderer (sic!:). Not sure what firefox is using on windows to render fonts, but if it's this ingenious Microsoft's idea of ring-0 font renderer, then I'd use some sanitizer ;).
> it's this ingenious Microsoft's idea of ring-0 font renderer,
> then I'd use some sanitizer ;).

Oh... and in the light of recent Microsoft's PR wars against security researchers: This is solely my opinion; it does not necessarily reflect opinions of my employer etc. etc.. :)
Yeah, it might make a lot of sense to use a sanitizer before we pass downloaded fonts to the system glyph rasterizer. That should be treated as a separate issue though.
tracking-fennec: --- → 2.0+
This blocks android only.
blocking2.0: ? → final+
status2.0: ? → ---
Whiteboard: [sg:critical?] trunk/2.0 only, maybe? → [sg:critical?] android only
Assignee: nobody → blassey.bugs

        Attachment #458674 -
        Flags: review?(benjamin)

    
  

        Attachment #458674 -
        Flags: review?(benjamin) → review+

    
    

    
  
FT 2.4.1 is released, no need to keep this bug hidden.
Group: core-security
Blocks: 579948

    
    

    
  
pushed http://hg.mozilla.org/mozilla-central/rev/9eed0fe868f1
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Depends on: 580921

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: