Changeset 51623 in webkit

Timestamp:

Dec 2, 2009 10:14:23 PM (14 years ago)

Author:

eric@webkit.org

Message:

2009-12-02 Yusuke Sato <​yusukes@chromium.org>

Reviewed by Eric Seidel.

Sanitize web fonts using the OTS library
​https://bugs.webkit.org/show_bug.cgi?id=31106

Add support for OpenType sanitizer (OTS). It parses OpenType files (from @font-face)
and attempts to validate and sanitize them. We hope this reduces the attack surface
of the system font libraries.

• WebCore.gyp/WebCore.gyp: Added dependency to (chromium_src_dir)/third_party/ots/ library.
• WebCore.gypi: Added new files below.
• WebCore.xcodeproj/project.pbxproj: Ditto.
• platform/graphics/chromium/FontCustomPlatformData.cpp: Validate and transcode a web font. (WebCore::createFontCustomPlatformData):
• platform/graphics/mac/FontCustomPlatformData.cpp: Ditto. (WebCore::createFontCustomPlatformData):
• platform/graphics/opentype/OpenTypeSanitizer.cpp: Added. (WebCore::OpenTypeSanitizer::sanitize):
• platform/graphics/opentype/OpenTypeSanitizer.h: Added. (WebCore::OpenTypeSanitizer::OpenTypeSanitizer):

2009-12-02 Yusuke Sato <​yusukes@chromium.org>

Reviewed by Eric Seidel.

Sanitize web fonts using the OTS library
​https://bugs.webkit.org/show_bug.cgi?id=31106

• DEPS: Added dependency to the OpenType sanitizer library.
• features.gypi: Added ENABLE_OPENTYPE_SANITIZER=1.

Location:

trunk

Files:

• WebCore/ChangeLog (modified) (1 diff)
• WebCore/WebCore.gyp/WebCore.gyp (modified) (2 diffs)
• WebCore/WebCore.gypi (modified) (1 diff)
• WebCore/WebCore.xcodeproj/project.pbxproj (modified) (6 diffs)
• WebCore/platform/graphics/chromium/FontCustomPlatformData.cpp (modified) (2 diffs)
• WebCore/platform/graphics/mac/FontCustomPlatformData.cpp (modified) (2 diffs)
• WebCore/platform/graphics/opentype/OpenTypeSanitizer.cpp (added)
• WebCore/platform/graphics/opentype/OpenTypeSanitizer.h (added)
• WebKit/chromium/ChangeLog (modified) (1 diff)
• WebKit/chromium/DEPS (modified) (2 diffs)
• WebKit/chromium/features.gypi (modified) (1 diff)

trunk/WebCore/ChangeLog

@@ +1 @@
+2009-12-02  Yusuke Sato  <yusukes@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        Sanitize web fonts using the OTS library 
+        https://bugs.webkit.org/show_bug.cgi?id=31106
+
+        Add support for OpenType sanitizer (OTS). It parses OpenType files (from @font-face)
+        and attempts to validate and sanitize them. We hope this reduces the attack surface
+        of the system font libraries.
+
+        * WebCore.gyp/WebCore.gyp: Added dependency to (chromium_src_dir)/third_party/ots/ library.
+        * WebCore.gypi: Added new files below.
+        * WebCore.xcodeproj/project.pbxproj: Ditto.
+        * platform/graphics/chromium/FontCustomPlatformData.cpp: Validate and transcode a web font.
+        (WebCore::createFontCustomPlatformData):
+        * platform/graphics/mac/FontCustomPlatformData.cpp: Ditto.
+        (WebCore::createFontCustomPlatformData):
+        * platform/graphics/opentype/OpenTypeSanitizer.cpp: Added.
+        (WebCore::OpenTypeSanitizer::sanitize):
+        * platform/graphics/opentype/OpenTypeSanitizer.h: Added.
+        (WebCore::OpenTypeSanitizer::OpenTypeSanitizer):
+
 2009-12-02  Oliver Hunt  <oliver@apple.com>
 

trunk/WebCore/WebCore.gyp/WebCore.gyp

@@ -625 +625 @@
         '<(chromium_src_dir)/third_party/libxslt/libxslt.gyp:libxslt',
         '<(chromium_src_dir)/third_party/npapi/npapi.gyp:npapi',
+        '<(chromium_src_dir)/third_party/ots/ots.gyp:ots',
         '<(chromium_src_dir)/third_party/sqlite/sqlite.gyp:sqlite',
       ],
@@ -651 +652 @@
         ['exclude', '(android|cairo|cf|cg|curl|gtk|haiku|linux|mac|opentype|posix|qt|soup|symbian|win|wx)/'],
         ['exclude', '(?<!Chromium)(SVGAllInOne|Android|Cairo|CF|CG|Curl|Gtk|Linux|Mac|OpenType|POSIX|Posix|Qt|Safari|Soup|Symbian|Win|Wx)\\.(cpp|mm?)$'],
+        ['include', 'platform/graphics/opentype/OpenTypeSanitizer\\.cpp$'],
 
         # JSC-only.

trunk/WebCore/WebCore.gypi

@@ -2027 +2027 @@
             'platform/graphics/mac/WebTiledLayer.mm',
             'platform/graphics/MediaPlayer.cpp',
+            'platform/graphics/opentype/OpenTypeSanitizer.cpp',
+            'platform/graphics/opentype/OpenTypeSanitizer.h',
             'platform/graphics/opentype/OpenTypeUtilities.cpp',
             'platform/graphics/opentype/OpenTypeUtilities.h',

trunk/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -4749 +4749 @@
                 EDE3A5000C7A430600956A37 /* ColorMac.h in Headers */ = {isa = PBXBuildFile; fileRef = EDE3A4FF0C7A430600956A37 /* ColorMac.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 EDEC98030AED7E170059137F /* WebCorePrefix.h in Headers */ = {isa = PBXBuildFile; fileRef = EDEC98020AED7E170059137F /* WebCorePrefix.h */; };
+                F4EAF4AE10C742B1009100D3 /* OpenTypeSanitizer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = F4EAF4AC10C742B1009100D3 /* OpenTypeSanitizer.cpp */; };
+                F4EAF4AF10C742B1009100D3 /* OpenTypeSanitizer.h in Headers */ = {isa = PBXBuildFile; fileRef = F4EAF4AD10C742B1009100D3 /* OpenTypeSanitizer.h */; };
                 F5C041DA0FFCA7CE00839D4A /* HTMLDataListElement.cpp in Sources */ = {isa = PBXBuildFile; fileRef = F5C041D70FFCA7CE00839D4A /* HTMLDataListElement.cpp */; };
                 F5C041DB0FFCA7CE00839D4A /* HTMLDataListElement.h in Headers */ = {isa = PBXBuildFile; fileRef = F5C041D80FFCA7CE00839D4A /* HTMLDataListElement.h */; };
@@ -9953 +9955 @@
                 EDE3A4FF0C7A430600956A37 /* ColorMac.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ColorMac.h; sourceTree = "<group>"; };
                 EDEC98020AED7E170059137F /* WebCorePrefix.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = WebCorePrefix.h; sourceTree = "<group>"; tabWidth = 4; usesTabs = 0; };
+                F4EAF4AC10C742B1009100D3 /* OpenTypeSanitizer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = OpenTypeSanitizer.cpp; path = opentype/OpenTypeSanitizer.cpp; sourceTree = "<group>"; };
+                F4EAF4AD10C742B1009100D3 /* OpenTypeSanitizer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = OpenTypeSanitizer.h; path = opentype/OpenTypeSanitizer.h; sourceTree = "<group>"; };
                 F523D23B02DE4396018635CA /* HTMLDocument.cpp */ = {isa = PBXFileReference; fileEncoding = 30; indentWidth = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HTMLDocument.cpp; sourceTree = "<group>"; tabWidth = 8; usesTabs = 0; };
                 F523D23C02DE4396018635CA /* HTMLDocument.h */ = {isa = PBXFileReference; fileEncoding = 30; indentWidth = 4; lastKnownFileType = sourcecode.c.h; path = HTMLDocument.h; sourceTree = "<group>"; tabWidth = 8; usesTabs = 0; };
@@ -14152 +14156 @@
                         isa = PBXGroup;
                         children = (
+                                F4EAF4AB10C74268009100D3 /* opentype */,
                                 B27535290B053814002CE64F /* cg */,
                                 A75E8B7F0E1DE2B0007F2481 /* filters */,
@@ -15132 +15137 @@
                         );
                         name = mac;
+                        sourceTree = "<group>";
+                };
+                F4EAF4AB10C74268009100D3 /* opentype */ = {
+                        isa = PBXGroup;
+                        children = (
+                                F4EAF4AC10C742B1009100D3 /* OpenTypeSanitizer.cpp */,
+                                F4EAF4AD10C742B1009100D3 /* OpenTypeSanitizer.h */,
+                        );
+                        name = opentype;
                         sourceTree = "<group>";
                 };
@@ -18209 +18223 @@
                                 7A0E770F10C00A8800A0276E /* InspectorFrontendHost.h in Headers */,
                                 7A0E771F10C00DB100A0276E /* JSInspectorFrontendHost.h in Headers */,
+                                F4EAF4AF10C742B1009100D3 /* OpenTypeSanitizer.h in Headers */,
                         );
                         runOnlyForDeploymentPostprocessing = 0;
@@ -20360 +20375 @@
                                 7A0E770E10C00A8800A0276E /* InspectorFrontendHost.cpp in Sources */,
                                 7A0E771E10C00DB100A0276E /* JSInspectorFrontendHost.cpp in Sources */,
+                                F4EAF4AE10C742B1009100D3 /* OpenTypeSanitizer.cpp in Sources */,
                         );
                         runOnlyForDeploymentPostprocessing = 0;

trunk/WebCore/platform/graphics/chromium/FontCustomPlatformData.cpp

@@ -43 +43 @@
 #include "FontPlatformData.h"
 #include "NotImplemented.h"
+#include "OpenTypeSanitizer.h"
 #include "SharedBuffer.h"
 
@@ -172 +173 @@
     ASSERT_ARG(buffer, buffer);
 
+#if ENABLE(OPENTYPE_SANITIZER)
+    OpenTypeSanitizer sanitizer(buffer);
+    RefPtr<SharedBuffer> transcodeBuffer = sanitizer.sanitize();
+    if (!transcodeBuffer)
+        return 0; // validation failed.
+    buffer = transcodeBuffer.get();
+#endif
+
 #if PLATFORM(WIN_OS)
     // Introduce the font to GDI. AddFontMemResourceEx should be used with care, because it will pollute the process's

trunk/WebCore/platform/graphics/mac/FontCustomPlatformData.cpp

@@ -25 +25 @@
 #include "SharedBuffer.h"
 #include "FontPlatformData.h"
+#include "OpenTypeSanitizer.h"
 
 namespace WebCore {
@@ -43 +44 @@
 {
     ASSERT_ARG(buffer, buffer);
+
+#if ENABLE(OPENTYPE_SANITIZER)
+    OpenTypeSanitizer sanitizer(buffer);
+    RefPtr<SharedBuffer> transcodeBuffer = sanitizer.sanitize();
+    if (!transcodeBuffer)
+        return 0; // validation failed.
+    buffer = transcodeBuffer.get();
+#endif
 
     ATSFontContainerRef containerRef = 0;

trunk/WebKit/chromium/ChangeLog

@@ +1 @@
+2009-12-02  Yusuke Sato  <yusukes@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        Sanitize web fonts using the OTS library 
+        https://bugs.webkit.org/show_bug.cgi?id=31106
+
+        * DEPS: Added dependency to the OpenType sanitizer library.
+        * features.gypi: Added ENABLE_OPENTYPE_SANITIZER=1.
+
 2009-12-02  Evan Stade  <estade@chromium.org>
 

trunk/WebKit/chromium/DEPS

@@ -42 +42 @@
   'icu_rev': '31724',
   'openvcdiff_rev': '28',
+  'ots_rev': '19',
   'skia_rev': '424',
   'v8_rev': '3276',
@@ -119 +120 @@
     Var('chromium_svn')+'/third_party/npapi@'+Var('chromium_rev'),
 
+  'third_party/ots':
+    'http://ots.googlecode.com/svn/trunk@'+Var('ots_rev'),
+
   'third_party/sqlite':
     Var('chromium_svn')+'/third_party/sqlite@'+Var('chromium_rev'),

trunk/WebKit/chromium/features.gypi

@@ -51 +51 @@
         'ENABLE_ICONDATABASE=0',
         'ENABLE_NOTIFICATIONS=1',
+        'ENABLE_OPENTYPE_SANITIZER=1',
         'ENABLE_ORIENTATION_EVENTS=0',
         'ENABLE_XSLT=1',