Closed
Bug 453223
Opened 16 years ago
Closed 13 years ago
need to review thebes/cairo code for places bogus font data could cause problems
Categories
(Core :: Graphics, defect, P1)
Core
Graphics
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jtd, Assigned: jtd)
References
Details
(Keywords: meta, Whiteboard: [sg:audit])
With the addition of downloadable fonts as a feature in Gecko, our text rendering components are now potentially open to attacks using bogus font data. We need to review the code to look for potential places where bogus font data could potentially cause problems. This includes:
- old thebes wrappers
- gfx text/font handling code
- cairo text/font handling code
Possible places where problems could occur: handling names, reading the cmap, handling metrics, catching errors when drawing with bogus glyph data.
I'm going to log a separate bug for font fuzzing work.
Assignee | ||
Comment 1•16 years ago
|
||
Font fuzzer logged as bug 453225.
"Old Thebes wrappers" should not be exposed to downloadable fonts, to be honest. Maybe we could just have a textrun creation flag that disables downloadable fonts, and set that flag in the nsRenderingContextThebes text APIs.
Assignee | ||
Updated•16 years ago
|
Priority: -- → P1
Comment 3•16 years ago
|
||
Any progress to share here? I'm setting severity as sg:critical? as we have for other "audit this code" bugs like bug 430193.
Whiteboard: [sg:critical?]
Comment 4•16 years ago
|
||
in bug 430193 we found a specific problem and were looking for others like it. pure "audit" bugs are what [sg:investigate] was made for.
Keywords: meta
Whiteboard: [sg:critical?] → [sg:investigate]
Updated•15 years ago
|
Whiteboard: [sg:investigate] → [sg:audit]
Since there is no specific vulnerability anywhere here, a lot of work has happened since this was filed, and there is no movement lately, can we resolve and/or open up this bug?
Assignee | ||
Comment 6•13 years ago
|
||
Especially given that our code now uses the OpenType sanitizer, this is no longer so important.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
Updated•13 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•