[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.17-1283-gcf603cf
eric at webkit.org
eric at webkit.org
Tue Jan 5 23:41:21 UTC 2010
The following commit has been merged in the webkit-1.1 branch:
commit 1316f1de0e8e1c683e3388ee00a73eb35e8ed60e
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Dec 3 06:14:23 2009 +0000
2009-12-02 Yusuke Sato <yusukes at chromium.org>
Reviewed by Eric Seidel.
Sanitize web fonts using the OTS library
https://bugs.webkit.org/show_bug.cgi?id=31106
Add support for OpenType sanitizer (OTS). It parses OpenType files (from @font-face)
and attempts to validate and sanitize them. We hope this reduces the attack surface
of the system font libraries.
* WebCore.gyp/WebCore.gyp: Added dependency to (chromium_src_dir)/third_party/ots/ library.
* WebCore.gypi: Added new files below.
* WebCore.xcodeproj/project.pbxproj: Ditto.
* platform/graphics/chromium/FontCustomPlatformData.cpp: Validate and transcode a web font.
(WebCore::createFontCustomPlatformData):
* platform/graphics/mac/FontCustomPlatformData.cpp: Ditto.
(WebCore::createFontCustomPlatformData):
* platform/graphics/opentype/OpenTypeSanitizer.cpp: Added.
(WebCore::OpenTypeSanitizer::sanitize):
* platform/graphics/opentype/OpenTypeSanitizer.h: Added.
(WebCore::OpenTypeSanitizer::OpenTypeSanitizer):
2009-12-02 Yusuke Sato <yusukes at chromium.org>
Reviewed by Eric Seidel.
Sanitize web fonts using the OTS library
https://bugs.webkit.org/show_bug.cgi?id=31106
* DEPS: Added dependency to the OpenType sanitizer library.
* features.gypi: Added ENABLE_OPENTYPE_SANITIZER=1.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@51623 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 2773432..c72b3be 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,26 @@
+2009-12-02 Yusuke Sato <yusukes at chromium.org>
+
+ Reviewed by Eric Seidel.
+
+ Sanitize web fonts using the OTS library
+ https://bugs.webkit.org/show_bug.cgi?id=31106
+
+ Add support for OpenType sanitizer (OTS). It parses OpenType files (from @font-face)
+ and attempts to validate and sanitize them. We hope this reduces the attack surface
+ of the system font libraries.
+
+ * WebCore.gyp/WebCore.gyp: Added dependency to (chromium_src_dir)/third_party/ots/ library.
+ * WebCore.gypi: Added new files below.
+ * WebCore.xcodeproj/project.pbxproj: Ditto.
+ * platform/graphics/chromium/FontCustomPlatformData.cpp: Validate and transcode a web font.
+ (WebCore::createFontCustomPlatformData):
+ * platform/graphics/mac/FontCustomPlatformData.cpp: Ditto.
+ (WebCore::createFontCustomPlatformData):
+ * platform/graphics/opentype/OpenTypeSanitizer.cpp: Added.
+ (WebCore::OpenTypeSanitizer::sanitize):
+ * platform/graphics/opentype/OpenTypeSanitizer.h: Added.
+ (WebCore::OpenTypeSanitizer::OpenTypeSanitizer):
+
2009-12-02 Oliver Hunt <oliver at apple.com>
Reviewed by Sam Weinig.
diff --git a/WebCore/WebCore.gyp/WebCore.gyp b/WebCore/WebCore.gyp/WebCore.gyp
index a2ae605..2339a95 100644
--- a/WebCore/WebCore.gyp/WebCore.gyp
+++ b/WebCore/WebCore.gyp/WebCore.gyp
@@ -624,6 +624,7 @@
'<(chromium_src_dir)/third_party/libxml/libxml.gyp:libxml',
'<(chromium_src_dir)/third_party/libxslt/libxslt.gyp:libxslt',
'<(chromium_src_dir)/third_party/npapi/npapi.gyp:npapi',
+ '<(chromium_src_dir)/third_party/ots/ots.gyp:ots',
'<(chromium_src_dir)/third_party/sqlite/sqlite.gyp:sqlite',
],
'defines': [
@@ -650,6 +651,7 @@
# filenames.
['exclude', '(android|cairo|cf|cg|curl|gtk|haiku|linux|mac|opentype|posix|qt|soup|symbian|win|wx)/'],
['exclude', '(?<!Chromium)(SVGAllInOne|Android|Cairo|CF|CG|Curl|Gtk|Linux|Mac|OpenType|POSIX|Posix|Qt|Safari|Soup|Symbian|Win|Wx)\\.(cpp|mm?)$'],
+ ['include', 'platform/graphics/opentype/OpenTypeSanitizer\\.cpp$'],
# JSC-only.
['exclude', 'inspector/JavaScript[^/]*\\.cpp$'],
diff --git a/WebCore/WebCore.gypi b/WebCore/WebCore.gypi
index 470c739..700b85b 100644
--- a/WebCore/WebCore.gypi
+++ b/WebCore/WebCore.gypi
@@ -2026,6 +2026,8 @@
'platform/graphics/mac/WebTiledLayer.h',
'platform/graphics/mac/WebTiledLayer.mm',
'platform/graphics/MediaPlayer.cpp',
+ 'platform/graphics/opentype/OpenTypeSanitizer.cpp',
+ 'platform/graphics/opentype/OpenTypeSanitizer.h',
'platform/graphics/opentype/OpenTypeUtilities.cpp',
'platform/graphics/opentype/OpenTypeUtilities.h',
'platform/graphics/qt/ColorQt.cpp',
diff --git a/WebCore/WebCore.xcodeproj/project.pbxproj b/WebCore/WebCore.xcodeproj/project.pbxproj
index 26f0772..2bfbdb5 100644
--- a/WebCore/WebCore.xcodeproj/project.pbxproj
+++ b/WebCore/WebCore.xcodeproj/project.pbxproj
@@ -4748,6 +4748,8 @@
ED501DC60B249F2900AE18D9 /* EditorMac.mm in Sources */ = {isa = PBXBuildFile; fileRef = ED501DC50B249F2900AE18D9 /* EditorMac.mm */; };
EDE3A5000C7A430600956A37 /* ColorMac.h in Headers */ = {isa = PBXBuildFile; fileRef = EDE3A4FF0C7A430600956A37 /* ColorMac.h */; settings = {ATTRIBUTES = (Private, ); }; };
EDEC98030AED7E170059137F /* WebCorePrefix.h in Headers */ = {isa = PBXBuildFile; fileRef = EDEC98020AED7E170059137F /* WebCorePrefix.h */; };
+ F4EAF4AE10C742B1009100D3 /* OpenTypeSanitizer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = F4EAF4AC10C742B1009100D3 /* OpenTypeSanitizer.cpp */; };
+ F4EAF4AF10C742B1009100D3 /* OpenTypeSanitizer.h in Headers */ = {isa = PBXBuildFile; fileRef = F4EAF4AD10C742B1009100D3 /* OpenTypeSanitizer.h */; };
F5C041DA0FFCA7CE00839D4A /* HTMLDataListElement.cpp in Sources */ = {isa = PBXBuildFile; fileRef = F5C041D70FFCA7CE00839D4A /* HTMLDataListElement.cpp */; };
F5C041DB0FFCA7CE00839D4A /* HTMLDataListElement.h in Headers */ = {isa = PBXBuildFile; fileRef = F5C041D80FFCA7CE00839D4A /* HTMLDataListElement.h */; };
F5C041E30FFCA96D00839D4A /* DOMHTMLDataListElement.h in Headers */ = {isa = PBXBuildFile; fileRef = F5C041DE0FFCA96D00839D4A /* DOMHTMLDataListElement.h */; };
@@ -9952,6 +9954,8 @@
ED501DC50B249F2900AE18D9 /* EditorMac.mm */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.objcpp; name = EditorMac.mm; path = mac/EditorMac.mm; sourceTree = "<group>"; };
EDE3A4FF0C7A430600956A37 /* ColorMac.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ColorMac.h; sourceTree = "<group>"; };
EDEC98020AED7E170059137F /* WebCorePrefix.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = WebCorePrefix.h; sourceTree = "<group>"; tabWidth = 4; usesTabs = 0; };
+ F4EAF4AC10C742B1009100D3 /* OpenTypeSanitizer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = OpenTypeSanitizer.cpp; path = opentype/OpenTypeSanitizer.cpp; sourceTree = "<group>"; };
+ F4EAF4AD10C742B1009100D3 /* OpenTypeSanitizer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = OpenTypeSanitizer.h; path = opentype/OpenTypeSanitizer.h; sourceTree = "<group>"; };
F523D23B02DE4396018635CA /* HTMLDocument.cpp */ = {isa = PBXFileReference; fileEncoding = 30; indentWidth = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HTMLDocument.cpp; sourceTree = "<group>"; tabWidth = 8; usesTabs = 0; };
F523D23C02DE4396018635CA /* HTMLDocument.h */ = {isa = PBXFileReference; fileEncoding = 30; indentWidth = 4; lastKnownFileType = sourcecode.c.h; path = HTMLDocument.h; sourceTree = "<group>"; tabWidth = 8; usesTabs = 0; };
F523D23E02DE4396018635CA /* HTMLElement.cpp */ = {isa = PBXFileReference; fileEncoding = 30; indentWidth = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HTMLElement.cpp; sourceTree = "<group>"; tabWidth = 8; usesTabs = 0; };
@@ -14151,6 +14155,7 @@
B2A015910AF6CD53006BCE0E /* graphics */ = {
isa = PBXGroup;
children = (
+ F4EAF4AB10C74268009100D3 /* opentype */,
B27535290B053814002CE64F /* cg */,
A75E8B7F0E1DE2B0007F2481 /* filters */,
B27535490B053814002CE64F /* mac */,
@@ -15133,6 +15138,15 @@
name = mac;
sourceTree = "<group>";
};
+ F4EAF4AB10C74268009100D3 /* opentype */ = {
+ isa = PBXGroup;
+ children = (
+ F4EAF4AC10C742B1009100D3 /* OpenTypeSanitizer.cpp */,
+ F4EAF4AD10C742B1009100D3 /* OpenTypeSanitizer.h */,
+ );
+ name = opentype;
+ sourceTree = "<group>";
+ };
F523D18402DE42E8018635CA /* css */ = {
isa = PBXGroup;
children = (
@@ -18208,6 +18222,7 @@
7A0E76FA10BF08ED00A0276E /* InjectedScriptHost.h in Headers */,
7A0E770F10C00A8800A0276E /* InspectorFrontendHost.h in Headers */,
7A0E771F10C00DB100A0276E /* JSInspectorFrontendHost.h in Headers */,
+ F4EAF4AF10C742B1009100D3 /* OpenTypeSanitizer.h in Headers */,
);
runOnlyForDeploymentPostprocessing = 0;
};
@@ -20359,6 +20374,7 @@
7A0E76F910BF08ED00A0276E /* InjectedScriptHost.cpp in Sources */,
7A0E770E10C00A8800A0276E /* InspectorFrontendHost.cpp in Sources */,
7A0E771E10C00DB100A0276E /* JSInspectorFrontendHost.cpp in Sources */,
+ F4EAF4AE10C742B1009100D3 /* OpenTypeSanitizer.cpp in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
diff --git a/WebCore/platform/graphics/chromium/FontCustomPlatformData.cpp b/WebCore/platform/graphics/chromium/FontCustomPlatformData.cpp
index 4081521..6bd7d7c 100644
--- a/WebCore/platform/graphics/chromium/FontCustomPlatformData.cpp
+++ b/WebCore/platform/graphics/chromium/FontCustomPlatformData.cpp
@@ -42,6 +42,7 @@
#include "FontPlatformData.h"
#include "NotImplemented.h"
+#include "OpenTypeSanitizer.h"
#include "SharedBuffer.h"
#if PLATFORM(WIN_OS)
@@ -171,6 +172,14 @@ FontCustomPlatformData* createFontCustomPlatformData(SharedBuffer* buffer)
{
ASSERT_ARG(buffer, buffer);
+#if ENABLE(OPENTYPE_SANITIZER)
+ OpenTypeSanitizer sanitizer(buffer);
+ RefPtr<SharedBuffer> transcodeBuffer = sanitizer.sanitize();
+ if (!transcodeBuffer)
+ return 0; // validation failed.
+ buffer = transcodeBuffer.get();
+#endif
+
#if PLATFORM(WIN_OS)
// Introduce the font to GDI. AddFontMemResourceEx should be used with care, because it will pollute the process's
// font namespace (Windows has no API for creating an HFONT from data without exposing the font to the
diff --git a/WebCore/platform/graphics/mac/FontCustomPlatformData.cpp b/WebCore/platform/graphics/mac/FontCustomPlatformData.cpp
index 5e72101..256b5a4 100644
--- a/WebCore/platform/graphics/mac/FontCustomPlatformData.cpp
+++ b/WebCore/platform/graphics/mac/FontCustomPlatformData.cpp
@@ -24,6 +24,7 @@
#include <ApplicationServices/ApplicationServices.h>
#include "SharedBuffer.h"
#include "FontPlatformData.h"
+#include "OpenTypeSanitizer.h"
namespace WebCore {
@@ -43,6 +44,14 @@ FontCustomPlatformData* createFontCustomPlatformData(SharedBuffer* buffer)
{
ASSERT_ARG(buffer, buffer);
+#if ENABLE(OPENTYPE_SANITIZER)
+ OpenTypeSanitizer sanitizer(buffer);
+ RefPtr<SharedBuffer> transcodeBuffer = sanitizer.sanitize();
+ if (!transcodeBuffer)
+ return 0; // validation failed.
+ buffer = transcodeBuffer.get();
+#endif
+
ATSFontContainerRef containerRef = 0;
ATSFontRef fontRef = 0;
diff --git a/WebCore/platform/graphics/opentype/OpenTypeSanitizer.cpp b/WebCore/platform/graphics/opentype/OpenTypeSanitizer.cpp
new file mode 100644
index 0000000..b4cdb09
--- /dev/null
+++ b/WebCore/platform/graphics/opentype/OpenTypeSanitizer.cpp
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#if ENABLE(OPENTYPE_SANITIZER)
+#include "OpenTypeSanitizer.h"
+
+#include "SharedBuffer.h"
+#include "opentype-sanitiser.h"
+#include "ots-memory-stream.h"
+#include <wtf/OwnArrayPtr.h>
+
+namespace WebCore {
+
+PassRefPtr<SharedBuffer> OpenTypeSanitizer::sanitize()
+{
+ if (!m_buffer)
+ return 0;
+
+ // This is the largest web font size which we'll try to transcode.
+ static const size_t maxWebFontSize = 30 * 1024 * 1024; // 30 MB
+ if (m_buffer->size() > maxWebFontSize)
+ return 0;
+
+ // A transcoded font is usually smaller than an original font.
+ // However, it can be slightly bigger than the original one due to
+ // name table replacement and/or padding for glyf table.
+ static const size_t padLen = 20 * 1024; // 20 kB
+
+ OwnArrayPtr<unsigned char> transcodeRawBuffer(new unsigned char[m_buffer->size() + padLen]);
+ ots::MemoryStream output(transcodeRawBuffer.get(), m_buffer->size() + padLen);
+ if (!ots::Process(&output, reinterpret_cast<const uint8_t*>(m_buffer->data()), m_buffer->size()))
+ return 0;
+
+ const size_t transcodeLen = output.Tell();
+ return SharedBuffer::create(transcodeRawBuffer.get(), transcodeLen);
+}
+
+} // namespace WebCore
+
+#endif // ENABLE(OPENTYPE_SANITIZER)
diff --git a/WebCore/platform/graphics/opentype/OpenTypeSanitizer.h b/WebCore/platform/graphics/opentype/OpenTypeSanitizer.h
new file mode 100644
index 0000000..3f93448
--- /dev/null
+++ b/WebCore/platform/graphics/opentype/OpenTypeSanitizer.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef OpenTypeSanitizer_h
+#define OpenTypeSanitizer_h
+
+#if ENABLE(OPENTYPE_SANITIZER)
+#include <wtf/Forward.h>
+
+namespace WebCore {
+
+class SharedBuffer;
+
+class OpenTypeSanitizer {
+public:
+ explicit OpenTypeSanitizer(SharedBuffer* buffer)
+ : m_buffer(buffer)
+ {
+ }
+
+ PassRefPtr<SharedBuffer> sanitize();
+
+private:
+ SharedBuffer* const m_buffer;
+};
+
+} // namespace WebCore
+
+#endif // ENABLE(OPENTYPE_SANITIZER)
+#endif // OpenTypeSanitizer_h
diff --git a/WebKit/chromium/ChangeLog b/WebKit/chromium/ChangeLog
index 1da8778..7b1df81 100644
--- a/WebKit/chromium/ChangeLog
+++ b/WebKit/chromium/ChangeLog
@@ -1,3 +1,13 @@
+2009-12-02 Yusuke Sato <yusukes at chromium.org>
+
+ Reviewed by Eric Seidel.
+
+ Sanitize web fonts using the OTS library
+ https://bugs.webkit.org/show_bug.cgi?id=31106
+
+ * DEPS: Added dependency to the OpenType sanitizer library.
+ * features.gypi: Added ENABLE_OPENTYPE_SANITIZER=1.
+
2009-12-02 Evan Stade <estade at chromium.org>
Reviewed by Darin Fisher.
diff --git a/WebKit/chromium/DEPS b/WebKit/chromium/DEPS
index 70dc6ef..07e385b 100644
--- a/WebKit/chromium/DEPS
+++ b/WebKit/chromium/DEPS
@@ -41,6 +41,7 @@ vars = {
'gyp_rev': '751',
'icu_rev': '31724',
'openvcdiff_rev': '28',
+ 'ots_rev': '19',
'skia_rev': '424',
'v8_rev': '3276',
@@ -118,6 +119,9 @@ deps = {
'third_party/npapi':
Var('chromium_svn')+'/third_party/npapi@'+Var('chromium_rev'),
+ 'third_party/ots':
+ 'http://ots.googlecode.com/svn/trunk@'+Var('ots_rev'),
+
'third_party/sqlite':
Var('chromium_svn')+'/third_party/sqlite@'+Var('chromium_rev'),
diff --git a/WebKit/chromium/features.gypi b/WebKit/chromium/features.gypi
index 3c53f71..14be1a2 100644
--- a/WebKit/chromium/features.gypi
+++ b/WebKit/chromium/features.gypi
@@ -50,6 +50,7 @@
'ENABLE_JSC_MULTIPLE_THREADS=0',
'ENABLE_ICONDATABASE=0',
'ENABLE_NOTIFICATIONS=1',
+ 'ENABLE_OPENTYPE_SANITIZER=1',
'ENABLE_ORIENTATION_EVENTS=0',
'ENABLE_XSLT=1',
'ENABLE_XPATH=1',
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list