Followup from bug 663668, where downloadable fonts were disabled on 1.9.2 builds under Lion, OSX 10.7: http://hg.mozilla.org/releases/mozilla-1.9.2/rev/0a1993a0c859 Phillipe pointed out that according to Apple release notes, 10.7.2 fixes the underlying OSX bug: http://support.apple.com/kb/HT5002 > ATS > > Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion > v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 > > Impact: Applications which use the ATSFontDeactivate API may be > vulnerable to an unexpected application termination or arbitrary code > execution > > Description: A buffer overflow issue existed in the ATSFontDeactivate > API. > > CVE-ID > > CVE-2011-0230 : Steven Michaud of Mozilla I don't think we should undo the patch but rather simply restrict the use of the Lion-specific pref to 10.7 and 10.7.1 builds and have all other builds use the general pref for enabling/disabling downloadable fonts.
Perhaps it goes without saying, but first we need to do some testing to confirm that the 10.7.2 update really does fix the problem.
I don't crash on OS X 10.7.2 in FF 3.6.18 or FF 4.0.1, testing with either of the following URLs: http://people.mozilla.org/~jdaggett/memtesting/iteratepages.html http://people.mozilla.com/~stmichaud/bmo/iteratepages-663688.html But I'm not sure if John's test currently visits any pages with downloadable fonts. And though I know mine did, I don't know if any of those pages are still live. > Followup from bug 663668, where downloadable fonts were disabled on > 1.9.2 builds under Lion, OSX 10.7: It's bug 663688 :-)
(meant to post this yesterday, but apparently didn't press the submit thingie…) I had the opportunity to run a series of test on a 10.7.2 machine [*] * an automated pageset (steven's but with different URLs) that ran for about 40 minutes * manually loading a whole bunch of pages with webfonts, from real world stuff to sometimes weirdo test files [.ttf, .otf, .woff and src: local()] I have on my dev server * playing with the google fonts pages/UI * loading a window with several tabs at once * closing that window in one go * quiting and restarting the browser with a window with several pages loaded The browser [**] never crashed, I didn't notice any anomalies, the machine didn't vanish in a puff of smoke and apparently I survived. For completeness' sake, we restarted the machine at the end of the test. [*] ~1year old MBP with 4gig of ram, Adobe CS5 fonts installed, new user account [**] Gecko 1.9.2 obviously…
And (just to confirm), was the gfx.downloadable_fonts.enabled.lion pref set to TRUE for all this testing?
(In reply to Jonathan Kew (:jfkthame) from comment #4) > And (just to confirm), was the gfx.downloadable_fonts.enabled.lion pref set > to TRUE for all this testing? Of course - that is the point, right? And before you ask, all requested fonts loaded (it is hard to escape the beauty of src:local(ahem)...).
Created attachment 569628 [details] [diff] [review] patch, only use the lion-specific pref on 10.7.0 - 10.7.1 OK, this should implement John's suggested behavior of using the lion-specific pref only on the buggy releases, and reverting to the generic one on 10.7.2. (It's a pity that we'll then have a pref that sounds like it ought to affect current Lion systems but is in fact ignored. I suppose we could consider changing its name to something more explicit - and very long-winded - like "gfx.downloadable_fonts.enabled.lion-10.7.0-10.7.1" but I'm not sure that is really worthwhile.)
> And (just to confirm), was the gfx.downloadable_fonts.enabled.lion pref set > to TRUE for all this testing? Yes.
Comment on attachment 569628 [details] [diff] [review] patch, only use the lion-specific pref on 10.7.0 - 10.7.1 We disabled downloadable fonts on OS X 10.7 due to an Apple bug, but now that the OS bug is fixed, we'd like to re-enable the feature for users on the up-to-date Lion release.
Comment on attachment 569628 [details] [diff] [review] patch, only use the lion-specific pref on 10.7.0 - 10.7.1 Unfortunately we're a couple of weeks past code-freeze, we should try getting this into the next release.
Comment on attachment 569628 [details] [diff] [review] patch, only use the lion-specific pref on 10.7.0 - 10.7.1 Approved for 126.96.36.199, a=dveditz Does this bug need to be hidden? The scary crash was fixed many releases ago and this is just re-enabling a feature.
https://hg.mozilla.org/releases/mozilla-1.9.2/rev/7a0309c9c7e7 Fixed for 188.8.131.52, but the tracking flags don't offer that value yet. Un-hiding this, as suggested in comment 10. The original crash (bug 663688 - note that the bug number was typo'd in comment 0 and in the commit message of cset 0a1993a0c859) has been unhidden already.
(In reply to Jonathan Kew (:jfkthame) from comment #11) > https://hg.mozilla.org/releases/mozilla-1.9.2/rev/7a0309c9c7e7 > > Fixed for 184.108.40.206, but the tracking flags don't offer that value yet. It is present now, so setting that flag.
I've verified this in the nightly 1.9.2 build (Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:220.127.116.11pre) Gecko/20111209 Namoroka/3.6.25pre) using: http://people.mozilla.org/~jdaggett/memtesting/iteratepages.html http://people.mozilla.com/~stmichaud/bmo/iteratepages-663688.html and letting it run a while with the gfx.downloadable_fonts.enabled.lion pref set to TRUE in the profile. No crashes so this appears to be fixed. (This is on the current 10.7 version.)