Closed
Bug 576997
Opened 14 years ago
Closed 14 years ago
Need to upgrade in-tree FreeType to 2.4.0 once it has been released
Categories
(Core :: Layout: Text and Fonts, defect)
Core
Layout: Text and Fonts
Tracking
()
RESOLVED
FIXED
People
(Reporter: reed, Assigned: blassey)
References
Details
(Whiteboard: [sg:critical?] android only)
Attachments
(1 file)
1.33 MB,
patch
|
benjamin
:
review+
|
Details | Diff | Splinter Review |
Robert Święcki of Google Switzerland GmbH reported multiple (possibly security-related) bugs in FreeType 2.3.12 and earlier. Once FreeType 2.4.0 has been released, we need to upgrade our in-tree copies to ensure we have the fixes for these issues. Filing this as a tracker bug to ensure we do that and don't miss it.
Reporter | ||
Updated•14 years ago
|
Reporter | ||
Comment 1•14 years ago
|
||
Is anything on 1.9.2 or 1.9.1 using the in-free FreeType yet?
Reporter | ||
Updated•14 years ago
|
Summary: Need to upgrade in-tree FreeType to 2.4.0 once it has been released → Need to upgrade in-tree FreeType to 2.4.0 once it has been released
Comment 2•14 years ago
|
||
I recommend checking out the http://code.google.com/p/ots/ - as far as i know it's been written to support OTF/TTF/WOFF in chromium. But the library is pretty portable, so maybe you should think about using it as well (none of the bugs I've reported affects chromiu, even though it's using freetype under linux/macos)
We don't use in-tree Freetype in any desktop build. We may be using it on some mobile builds, I'm not sure.
Assignee | ||
Comment 4•14 years ago
|
||
(In reply to comment #3) > We don't use in-tree Freetype in any desktop build. We may be using it on some > mobile builds, I'm not sure. We haven't had an official release using in-tree freetype yet
Comment 5•14 years ago
|
||
Well, libots is a very robust sanitizer. It's not only protecting against libfreetype bugs (I managed to find only one that passed libots verigication, a NULL-ptr deref. in freetype, but it's already been fixed). I think that it's even more useful when protecting Windows' in-kernel font renderer (sic!:). Not sure what firefox is using on windows to render fonts, but if it's this ingenious Microsoft's idea of ring-0 font renderer, then I'd use some sanitizer ;).
Comment 6•14 years ago
|
||
> it's this ingenious Microsoft's idea of ring-0 font renderer,
> then I'd use some sanitizer ;).
Oh... and in the light of recent Microsoft's PR wars against security researchers: This is solely my opinion; it does not necessarily reflect opinions of my employer etc. etc.. :)
Yeah, it might make a lot of sense to use a sanitizer before we pass downloaded fonts to the system glyph rasterizer. That should be treated as a separate issue though.
Assignee | ||
Updated•14 years ago
|
tracking-fennec: --- → 2.0+
Comment 8•14 years ago
|
||
This blocks android only.
Assignee | ||
Comment 9•14 years ago
|
||
Assignee: nobody → blassey.bugs
Attachment #458674 -
Flags: review?(benjamin)
Updated•14 years ago
|
Attachment #458674 -
Flags: review?(benjamin) → review+
Comment 10•14 years ago
|
||
FT 2.4.1 is released, no need to keep this bug hidden.
Group: core-security
Assignee | ||
Comment 11•14 years ago
|
||
pushed http://hg.mozilla.org/mozilla-central/rev/9eed0fe868f1
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•