Last Comment Bug 601110 - OTF-CFF versions of font markA used in reftests are rejected by the OTS sanitizer
: OTF-CFF versions of font markA used in reftests are rejected by the OTS sanit...
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: Layout: Text (show other bugs)
: unspecified
: x86 Mac OS X
: -- normal (vote)
: ---
Assigned To: Jonathan Kew (:jfkthame)
:
:
Mentors:
Depends on:
Blocks: CVE-2010-3768
  Show dependency treegraph
 
Reported: 2010-10-01 06:08 PDT by Jonathan Kew (:jfkthame)
Modified: 2010-11-17 11:42 PST (History)
1 user (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
.13-fixed
.16-fixed


Attachments
patch, v1 - fix OS/2 table in markA.otf and markB.otf (2.51 KB, patch)
2010-10-01 15:28 PDT, Jonathan Kew (:jfkthame)
jd.bugzilla: review+
dveditz: approval1.9.2.13+
dveditz: approval1.9.1.16+
Details | Diff | Splinter Review

Description Jonathan Kew (:jfkthame) 2010-10-01 06:08:09 PDT
The font markA.otf and (I think) markB.otf, used by a couple of the files in layout/reftests/font-face (download-2-big-otf.html and src-list-2-big-otf.html) appear to be rejected by the OTS sanitizer, causing these tests to fail.
Comment 1 Jonathan Kew (:jfkthame) 2010-10-01 15:24:07 PDT
The problem with markA.otf and markB.otf is that the usFirstCharIndex and usLastCharIndex fields in the OS/2 table are incorrect: in both fonts, these two fields are set to 0xFFFF and 0x0000 respectively. This is illegal (firstChar > lastChar), so OTS rejects the fonts.

The .ttf versions of these fonts have the correct values here. I guess the conversion to .otf must have been done with a version of FontForge that rewrote this table incorrectly.
Comment 2 Jonathan Kew (:jfkthame) 2010-10-01 15:28:21 PDT
Created attachment 480268 [details] [diff] [review]
patch, v1 - fix OS/2 table in markA.otf and markB.otf

This fixes the firstCharIndex and lastCharIndex fields in the OS/2 tables such that the sanitizer no longer rejects the fonts.
Comment 3 John Daggett (:jtd) 2010-10-04 06:21:56 PDT
Just for reference, does the latest version of FontForge generate this correctly?
Comment 4 Jonathan Kew (:jfkthame) 2010-10-04 16:06:53 PDT
I have a version from Sept 2009 installed here, and just tried opening MarkA.ttf and generating MarkA.otf using this; the resulting font had correct first/lastCharIndex fields in the OS/2 table. So it looks like this got fixed at some point (assuming it was a fontforge bug that originally led to the bad fonts).
Comment 5 Jonathan Kew (:jfkthame) 2010-10-07 01:11:51 PDT
http://hg.mozilla.org/mozilla-central/rev/2583274ff9fc
Comment 6 Jonathan Kew (:jfkthame) 2010-11-01 11:21:39 PDT
Comment on attachment 480268 [details] [diff] [review]
patch, v1 - fix OS/2 table in markA.otf and markB.otf

Requesting approval for 1.9.2.13. This is a test-only patch, fixing an error in a couple of the test fonts we use; we need to fix this on branch, otherwise landing bug 527276 will lead to reftest failures because the incorrect fonts will no longer be loaded.
Comment 7 Daniel Veditz [:dveditz] 2010-11-03 10:29:11 PDT
Comment on attachment 480268 [details] [diff] [review]
patch, v1 - fix OS/2 table in markA.otf and markB.otf

Approved for 1.9.2.13, a=dveditz for release-drivers
Comment 8 Jonathan Kew (:jfkthame) 2010-11-04 06:25:27 PDT
Pushed to 1.9.2:
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/d48042220ae0
Comment 9 Jonathan Kew (:jfkthame) 2010-11-16 13:02:33 PST
Comment on attachment 480268 [details] [diff] [review]
patch, v1 - fix OS/2 table in markA.otf and markB.otf

Requesting approval to land on 1.9.1, so that we can take the OTS font sanitizer there.
Comment 10 Daniel Veditz [:dveditz] 2010-11-17 10:39:02 PST
Comment on attachment 480268 [details] [diff] [review]
patch, v1 - fix OS/2 table in markA.otf and markB.otf

Approved for 1.9.1.16, a=dveditz for release-drivers
Comment 11 Jonathan Kew (:jfkthame) 2010-11-17 11:42:15 PST
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/8982331bf83b

Note You need to log in before you can comment on or make changes to this bug.