Closed Bug 576997 Opened 10 years ago Closed 10 years ago

Need to upgrade in-tree FreeType to 2.4.0 once it has been released

Categories

(Core :: Layout: Text and Fonts, defect, critical)

defect
Not set
critical

Tracking

()

RESOLVED FIXED
Tracking Status
blocking2.0 --- final+
fennec 2.0+ ---

People

(Reporter: reed, Assigned: blassey)

References

Details

(Whiteboard: [sg:critical?] android only)

Attachments

(1 file)

Robert Święcki of Google Switzerland GmbH reported multiple (possibly security-related) bugs in FreeType 2.3.12 and earlier. Once FreeType 2.4.0 has been released, we need to upgrade our in-tree copies to ensure we have the fixes for these issues. Filing this as a tracker bug to ensure we do that and don't miss it.
blocking2.0: --- → ?
status2.0: --- → ?
Is anything on 1.9.2 or 1.9.1 using the in-free FreeType yet?
Summary: Need to upgrade in-tree FreeType to 2.4.0 once it has been released → Need to upgrade in-tree FreeType to 2.4.0 once it has been released
I recommend checking out the http://code.google.com/p/ots/ - as far as i know it's been written to support OTF/TTF/WOFF in chromium. But the library is pretty portable, so maybe you should think about using it as well (none of the bugs I've reported affects chromiu, even though it's using freetype under linux/macos)
We don't use in-tree Freetype in any desktop build. We may be using it on some mobile builds, I'm not sure.
(In reply to comment #3)
> We don't use in-tree Freetype in any desktop build. We may be using it on some
> mobile builds, I'm not sure.

We haven't had an official release using in-tree freetype yet
Well, libots is a very robust sanitizer. It's not only protecting against libfreetype bugs (I managed to find only one that passed libots verigication, a NULL-ptr  deref. in freetype, but it's already been fixed). I think that it's even more useful when protecting Windows' in-kernel font renderer (sic!:). Not sure what firefox is using on windows to render fonts, but if it's this ingenious Microsoft's idea of ring-0 font renderer, then I'd use some sanitizer ;).
> it's this ingenious Microsoft's idea of ring-0 font renderer,
> then I'd use some sanitizer ;).

Oh... and in the light of recent Microsoft's PR wars against security researchers: This is solely my opinion; it does not necessarily reflect opinions of my employer etc. etc.. :)
Yeah, it might make a lot of sense to use a sanitizer before we pass downloaded fonts to the system glyph rasterizer. That should be treated as a separate issue though.
tracking-fennec: --- → 2.0+
This blocks android only.
blocking2.0: ? → final+
status2.0: ? → ---
Whiteboard: [sg:critical?] trunk/2.0 only, maybe? → [sg:critical?] android only
Assignee: nobody → blassey.bugs
Attachment #458674 - Flags: review?(benjamin)
Attachment #458674 - Flags: review?(benjamin) → review+
FT 2.4.1 is released, no need to keep this bug hidden.
Group: core-security
pushed http://hg.mozilla.org/mozilla-central/rev/9eed0fe868f1
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Depends on: 580921
You need to log in before you can comment on or make changes to this bug.