| OLD | NEW |
|---|
| (Empty) | |
| 1 What's OTS? |
| 2 =========== |
| 3 |
| 4 Sanitiser for OpenType (OTS) is a small library which parses OpenType files |
| 5 (usually from `@font-face`) and attempts to validate and sanitise them. This |
| 6 library is primarily intended to be used with Chromium. We hope this reduces |
| 7 the attack surface of the system font libraries. |
| 8 |
| 9 What the sanitiser does is as follows: |
| 10 |
| 11 1. Parses an original font. If the parsing fails, OTS rejects the original |
| 12 font. |
| 13 2. Validates the parsed data structure. If the validation fails, it rejects the |
| 14 original font as well. |
| 15 3. Creates a new font on memory by serializing the data structure, and we call |
| 16 this "transcoding". |
| 17 |
| 18 By transcoding fonts in this way, it is ensured that: |
| 19 |
| 20 1. All information in an original font that OTS doesn't know or can't parse is |
| 21 dropped from the transcoded font. |
| 22 2. All information in the transcoded font is valid (standard compliant). |
| 23 Particularly 'length' and 'offset' values, that are often used as attack |
| 24 vectors, are ensured to be correct. |
| 25 |
| 26 Supported OpenType tables |
| 27 ========================= |
| 28 |
| 29 | Name | Mandatory table? | Supported by OTS? | Note | |
| 30 |--------|-----------------------------|-------------------|--------| |
| 31 | `sfnt` | Yes | Yes | Overlapped tables a
re not allowed; it is treated as a fatal parser error.| |
| 32 | `maxp` | Yes | Yes | | |
| 33 | `head` | Yes | Yes | | |
| 34 | `hhea` | Yes | Yes | | |
| 35 | `hmtx` | Yes | Yes | | |
| 36 | `name` | Yes | Yes | | |
| 37 | `OS/2` | Yes | Yes | | |
| 38 | `post` | Yes | Yes | | |
| 39 | `cmap` | Yes | Partialy | see below | |
| 40 | `glyf` | Yes, for TrueType fonts | Yes | TrueType bytecode i
s supported, but OTS does **not** validate it.| |
| 41 | `loca` | Yes, when glyf table exists | Yes | | |
| 42 | `CFF ` | Yes, for OpenType fonts | Yes | OpenType bytecode i
s also supported, and OTS **does** validate it.| |
| 43 | `cvt ` | No | Yes | Though this table i
s not mandatory, OTS can't drop the table from a transcoded font since it might
be referred from other hinting-related tables. Errors on this table should be tr
eated as fatal.| |
| 44 | `fpgm` | No | Yes | Ditto. | |
| 45 | `prep` | No | Yes | Ditto. | |
| 46 | `VDMX` | No | Yes | This table is impor
tant for calculating the correct line spacing, at least on Chromium Windows and
Chromium Linux.| |
| 47 | `hdmx` | No | Yes | | |
| 48 | `gasp` | No | Yes | | |
| 49 | `VORG` | No | Yes | | |
| 50 | `LTSH` | No | Yes | | |
| 51 | `kern` | No | Yes | | |
| 52 | `GDEF` | No | Yes | | |
| 53 | `GSUB` | No | Yes | | |
| 54 | `GPOS` | No | Yes | | |
| 55 | `morx` | No | No | | |
| 56 | `jstf` | No | No | | |
| 57 | `vmtx` | No | Yes | | |
| 58 | `vhea` | No | Yes | | |
| 59 | `EBDT` | No | No | We don't support em
bedded bitmap strikes.| |
| 60 | `EBLC` | No | No | Ditto. | |
| 61 | `EBSC` | No | No | Ditto. | |
| 62 | `bdat` | No | No | Ditto. | |
| 63 | `bhed` | No | No | Ditto. | |
| 64 | `bloc` | No | No | Ditto. | |
| 65 | `DSIG` | No | No | | |
| 66 | All other tables | - | No | | |
| 67 |
| 68 Please note that OTS library does not parse "unsupported" tables. These |
| 69 unsupported tables never appear in a transcoded font. |
| 70 |
| 71 Supported cmap formats |
| 72 ---------------------- |
| 73 |
| 74 The following 9 formats are supported: |
| 75 |
| 76 * "MS Unicode" (platform 3 encoding 1 format 4) |
| 77 * BMP |
| 78 * "MS UCS-4" (platform 3 encoding 10 format 12) |
| 79 * "MS UCS-4 fallback" (platform 3 encoding 10 format 13) |
| 80 * "MS Symbol" (platform 3 encoding 0 format 4) |
| 81 * "Mac Roman" (platform 1 encoding 0 format 0) |
| 82 * 1-0-0 format is supported while 1-0-6 is not. |
| 83 * "Unicode default" format (platform 0 encoding 0 format 4) |
| 84 * treated as 3-1-4 format |
| 85 * "Unicode 1.1" format (platform 0 encoding 1 format 4) |
| 86 * ditto |
| 87 * "Unicode 2.0+" format (platform 0 encoding 3 format 4) |
| 88 * "Unicode UCS-4" format (platform 0 encoding 4 format 12) |
| 89 * treated as 3-10-12 format |
| 90 * Unicode Variation Sequences (platform 0 encoding 5 format 14) |
| 91 |
| 92 All other types of subtables are not supported and do not appear in transcoded f
onts. |
| 93 |
| 94 Validation strategies |
| 95 ===================== |
| 96 |
| 97 With regards to 8 mandatory tables, glyph-related tables (`glyf`, `loca` and `CF
F`), |
| 98 and hinting-related tables (`cvt`, `prep`, and `fpgm`): |
| 99 |
| 100 * If OTS finds table-length, table-offset, or table-alignment errors, in other |
| 101 words it cannot continue parsing, OTS treats the error as fatal. |
| 102 * If OTS finds simple value error which could be automatically fixed (e.g., |
| 103 font weight is greater than 900 - that's undefined), and if the error is |
| 104 considered common among non-malicious fonts, OTS rewrites the value and |
| 105 continues transcoding. |
| 106 * If OTS finds a value error which is hard to fix (e.g., values which should be |
| 107 sorted are left unsorted), OTS treats the error as fatal. |
| 108 |
| 109 With regards to optional tables (`VORG`, `gasp`, `hdmx`, `LTSH`, and `VDMX`): |
| 110 |
| 111 * If OTS finds table-length, table-offset, or table-alignment errors, OTS |
| 112 treats the error as fatal. |
| 113 * If OTS finds other errors, it simply drops the table from a transcoded font. |
| 114 |
| 115 Files |
| 116 ===== |
| 117 |
| 118 * include/opentype-sanitiser.h |
| 119 * Declaration for the public API, `ots::Process()`. |
| 120 * Definition of the `OTSStream` interface, a write-only memory stream. |
| 121 * include/ots-memory-stream.h |
| 122 * Definition of the `MemoryStream` class which implements the `OTSStream` |
| 123 interface above. |
| 124 * src/ots.h |
| 125 * Debug macros. |
| 126 * Definition of a `Buffer` class which is a read-only memory stream. |
| 127 * src/ots.cc |
| 128 * Definition of the `ots::Process()` function. |
| 129 * `sfnt` table parser. |
| 130 * test/\*.cc |
| 131 * test tools. see test/README for details. |
| 132 |
| 133 Known issues |
| 134 ============ |
| 135 |
| 136 Please check the [issues](https://github.com/khaledhosny/ots/issues) page. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 775893002:
Updating OTS repo from https://github.com/khaledhosny/ots.git (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master