Changeset 51623 in webkit
- Timestamp:
- Dec 2, 2009 10:14:23 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebCore/ChangeLog
r51621 r51623 1 2009-12-02 Yusuke Sato <yusukes@chromium.org> 2 3 Reviewed by Eric Seidel. 4 5 Sanitize web fonts using the OTS library 6 https://bugs.webkit.org/show_bug.cgi?id=31106 7 8 Add support for OpenType sanitizer (OTS). It parses OpenType files (from @font-face) 9 and attempts to validate and sanitize them. We hope this reduces the attack surface 10 of the system font libraries. 11 12 * WebCore.gyp/WebCore.gyp: Added dependency to (chromium_src_dir)/third_party/ots/ library. 13 * WebCore.gypi: Added new files below. 14 * WebCore.xcodeproj/project.pbxproj: Ditto. 15 * platform/graphics/chromium/FontCustomPlatformData.cpp: Validate and transcode a web font. 16 (WebCore::createFontCustomPlatformData): 17 * platform/graphics/mac/FontCustomPlatformData.cpp: Ditto. 18 (WebCore::createFontCustomPlatformData): 19 * platform/graphics/opentype/OpenTypeSanitizer.cpp: Added. 20 (WebCore::OpenTypeSanitizer::sanitize): 21 * platform/graphics/opentype/OpenTypeSanitizer.h: Added. 22 (WebCore::OpenTypeSanitizer::OpenTypeSanitizer): 23 1 24 2009-12-02 Oliver Hunt <oliver@apple.com> 2 25 -
trunk/WebCore/WebCore.gyp/WebCore.gyp
r51603 r51623 625 625 '<(chromium_src_dir)/third_party/libxslt/libxslt.gyp:libxslt', 626 626 '<(chromium_src_dir)/third_party/npapi/npapi.gyp:npapi', 627 '<(chromium_src_dir)/third_party/ots/ots.gyp:ots', 627 628 '<(chromium_src_dir)/third_party/sqlite/sqlite.gyp:sqlite', 628 629 ], … … 651 652 ['exclude', '(android|cairo|cf|cg|curl|gtk|haiku|linux|mac|opentype|posix|qt|soup|symbian|win|wx)/'], 652 653 ['exclude', '(?<!Chromium)(SVGAllInOne|Android|Cairo|CF|CG|Curl|Gtk|Linux|Mac|OpenType|POSIX|Posix|Qt|Safari|Soup|Symbian|Win|Wx)\\.(cpp|mm?)$'], 654 ['include', 'platform/graphics/opentype/OpenTypeSanitizer\\.cpp$'], 653 655 654 656 # JSC-only. -
trunk/WebCore/WebCore.gypi
r51603 r51623 2027 2027 'platform/graphics/mac/WebTiledLayer.mm', 2028 2028 'platform/graphics/MediaPlayer.cpp', 2029 'platform/graphics/opentype/OpenTypeSanitizer.cpp', 2030 'platform/graphics/opentype/OpenTypeSanitizer.h', 2029 2031 'platform/graphics/opentype/OpenTypeUtilities.cpp', 2030 2032 'platform/graphics/opentype/OpenTypeUtilities.h', -
trunk/WebCore/WebCore.xcodeproj/project.pbxproj
r51602 r51623 4749 4749 EDE3A5000C7A430600956A37 /* ColorMac.h in Headers */ = {isa = PBXBuildFile; fileRef = EDE3A4FF0C7A430600956A37 /* ColorMac.h */; settings = {ATTRIBUTES = (Private, ); }; }; 4750 4750 EDEC98030AED7E170059137F /* WebCorePrefix.h in Headers */ = {isa = PBXBuildFile; fileRef = EDEC98020AED7E170059137F /* WebCorePrefix.h */; }; 4751 F4EAF4AE10C742B1009100D3 /* OpenTypeSanitizer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = F4EAF4AC10C742B1009100D3 /* OpenTypeSanitizer.cpp */; }; 4752 F4EAF4AF10C742B1009100D3 /* OpenTypeSanitizer.h in Headers */ = {isa = PBXBuildFile; fileRef = F4EAF4AD10C742B1009100D3 /* OpenTypeSanitizer.h */; }; 4751 4753 F5C041DA0FFCA7CE00839D4A /* HTMLDataListElement.cpp in Sources */ = {isa = PBXBuildFile; fileRef = F5C041D70FFCA7CE00839D4A /* HTMLDataListElement.cpp */; }; 4752 4754 F5C041DB0FFCA7CE00839D4A /* HTMLDataListElement.h in Headers */ = {isa = PBXBuildFile; fileRef = F5C041D80FFCA7CE00839D4A /* HTMLDataListElement.h */; }; … … 9953 9955 EDE3A4FF0C7A430600956A37 /* ColorMac.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ColorMac.h; sourceTree = "<group>"; }; 9954 9956 EDEC98020AED7E170059137F /* WebCorePrefix.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = WebCorePrefix.h; sourceTree = "<group>"; tabWidth = 4; usesTabs = 0; }; 9957 F4EAF4AC10C742B1009100D3 /* OpenTypeSanitizer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = OpenTypeSanitizer.cpp; path = opentype/OpenTypeSanitizer.cpp; sourceTree = "<group>"; }; 9958 F4EAF4AD10C742B1009100D3 /* OpenTypeSanitizer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = OpenTypeSanitizer.h; path = opentype/OpenTypeSanitizer.h; sourceTree = "<group>"; }; 9955 9959 F523D23B02DE4396018635CA /* HTMLDocument.cpp */ = {isa = PBXFileReference; fileEncoding = 30; indentWidth = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HTMLDocument.cpp; sourceTree = "<group>"; tabWidth = 8; usesTabs = 0; }; 9956 9960 F523D23C02DE4396018635CA /* HTMLDocument.h */ = {isa = PBXFileReference; fileEncoding = 30; indentWidth = 4; lastKnownFileType = sourcecode.c.h; path = HTMLDocument.h; sourceTree = "<group>"; tabWidth = 8; usesTabs = 0; }; … … 14152 14156 isa = PBXGroup; 14153 14157 children = ( 14158 F4EAF4AB10C74268009100D3 /* opentype */, 14154 14159 B27535290B053814002CE64F /* cg */, 14155 14160 A75E8B7F0E1DE2B0007F2481 /* filters */, … … 15132 15137 ); 15133 15138 name = mac; 15139 sourceTree = "<group>"; 15140 }; 15141 F4EAF4AB10C74268009100D3 /* opentype */ = { 15142 isa = PBXGroup; 15143 children = ( 15144 F4EAF4AC10C742B1009100D3 /* OpenTypeSanitizer.cpp */, 15145 F4EAF4AD10C742B1009100D3 /* OpenTypeSanitizer.h */, 15146 ); 15147 name = opentype; 15134 15148 sourceTree = "<group>"; 15135 15149 }; … … 18209 18223 7A0E770F10C00A8800A0276E /* InspectorFrontendHost.h in Headers */, 18210 18224 7A0E771F10C00DB100A0276E /* JSInspectorFrontendHost.h in Headers */, 18225 F4EAF4AF10C742B1009100D3 /* OpenTypeSanitizer.h in Headers */, 18211 18226 ); 18212 18227 runOnlyForDeploymentPostprocessing = 0; … … 20360 20375 7A0E770E10C00A8800A0276E /* InspectorFrontendHost.cpp in Sources */, 20361 20376 7A0E771E10C00DB100A0276E /* JSInspectorFrontendHost.cpp in Sources */, 20377 F4EAF4AE10C742B1009100D3 /* OpenTypeSanitizer.cpp in Sources */, 20362 20378 ); 20363 20379 runOnlyForDeploymentPostprocessing = 0; -
trunk/WebCore/platform/graphics/chromium/FontCustomPlatformData.cpp
r50859 r51623 43 43 #include "FontPlatformData.h" 44 44 #include "NotImplemented.h" 45 #include "OpenTypeSanitizer.h" 45 46 #include "SharedBuffer.h" 46 47 … … 172 173 ASSERT_ARG(buffer, buffer); 173 174 175 #if ENABLE(OPENTYPE_SANITIZER) 176 OpenTypeSanitizer sanitizer(buffer); 177 RefPtr<SharedBuffer> transcodeBuffer = sanitizer.sanitize(); 178 if (!transcodeBuffer) 179 return 0; // validation failed. 180 buffer = transcodeBuffer.get(); 181 #endif 182 174 183 #if PLATFORM(WIN_OS) 175 184 // Introduce the font to GDI. AddFontMemResourceEx should be used with care, because it will pollute the process's -
trunk/WebCore/platform/graphics/mac/FontCustomPlatformData.cpp
r47585 r51623 25 25 #include "SharedBuffer.h" 26 26 #include "FontPlatformData.h" 27 #include "OpenTypeSanitizer.h" 27 28 28 29 namespace WebCore { … … 43 44 { 44 45 ASSERT_ARG(buffer, buffer); 46 47 #if ENABLE(OPENTYPE_SANITIZER) 48 OpenTypeSanitizer sanitizer(buffer); 49 RefPtr<SharedBuffer> transcodeBuffer = sanitizer.sanitize(); 50 if (!transcodeBuffer) 51 return 0; // validation failed. 52 buffer = transcodeBuffer.get(); 53 #endif 45 54 46 55 ATSFontContainerRef containerRef = 0; -
trunk/WebKit/chromium/ChangeLog
r51614 r51623 1 2009-12-02 Yusuke Sato <yusukes@chromium.org> 2 3 Reviewed by Eric Seidel. 4 5 Sanitize web fonts using the OTS library 6 https://bugs.webkit.org/show_bug.cgi?id=31106 7 8 * DEPS: Added dependency to the OpenType sanitizer library. 9 * features.gypi: Added ENABLE_OPENTYPE_SANITIZER=1. 10 1 11 2009-12-02 Evan Stade <estade@chromium.org> 2 12 -
trunk/WebKit/chromium/DEPS
r51144 r51623 42 42 'icu_rev': '31724', 43 43 'openvcdiff_rev': '28', 44 'ots_rev': '19', 44 45 'skia_rev': '424', 45 46 'v8_rev': '3276', … … 119 120 Var('chromium_svn')+'/third_party/npapi@'+Var('chromium_rev'), 120 121 122 'third_party/ots': 123 'http://ots.googlecode.com/svn/trunk@'+Var('ots_rev'), 124 121 125 'third_party/sqlite': 122 126 Var('chromium_svn')+'/third_party/sqlite@'+Var('chromium_rev'), -
trunk/WebKit/chromium/features.gypi
r51373 r51623 51 51 'ENABLE_ICONDATABASE=0', 52 52 'ENABLE_NOTIFICATIONS=1', 53 'ENABLE_OPENTYPE_SANITIZER=1', 53 54 'ENABLE_ORIENTATION_EVENTS=0', 54 55 'ENABLE_XSLT=1',
Note: See TracChangeset
for help on using the changeset viewer.