Google Git
Sign in
chromium / external / github.com / khaledhosny / ots / refs/tags/v8.1.0
tagf0dec3d9aec3223988e44c09e6e93e91b56a7d1b
taggerKhaled Hosny <khaledhosny@eglug.org>Mon Oct 12 15:06:37 2020
objecte6ac199dda34e069f8e67f40f85364063675293c 
Version 8.1.0

* Update lz4 and brotli.
* Remove various spurious checks against glyph count.
* Sanitize PS names more strictly than the spec requires.
* Fix up bad entrySelector in the table directory.
* Allow for new flags in Graphite Feat table.
* If variation tables are dropped don't parse any other variation
  tables.
* Remove variation tables that don't parse.
* Fix up sfntVersion instead of rejecting the font.
* Make sure sfntVersion is always either 0x000010000 or OTTO.
* If font has both glyf/loca and CFF[2], drop CFF[2].
* Set post table version to 3 if the font have CFF table, instead of
  rejecting.
* Various oss-fuzz fixes.
commite6ac199dda34e069f8e67f40f85364063675293c[log] [tgz]
authorKhaled Hosny <khaledhosny@eglug.org>Mon Oct 12 15:01:34 2020
committerKhaled Hosny <khaledhosny@eglug.org>Mon Oct 12 15:01:34 2020
treec96aa74446a63fec89eb7e86c9ad1a38b5329706
parentda5aecf0c3bca13601c74824540b2aa40c1ebabe [diff]
[ci] New token for AppVeyor
1 file changed
tree: c96aa74446a63fec89eb7e86c9ad1a38b5329706
  1. .github/
  2. docs/
  3. include/
  4. src/
  5. subprojects/
  6. tests/
  7. third_party/
  8. util/
  9. .appveyor.yml
  10. .gitignore
  11. .gitmodules
  12. .travis.yml
  13. LICENSE
  14. meson.build
  15. meson_options.txt
  16. README.md
README.md

Build Status Build status Fuzzing Status

OpenType Sanitizer

The OpenType Sanitizer (OTS) parses and serializes OpenType files (OTF, TTF) and WOFF and WOFF2 font files, validating them and sanitizing them as it goes.

The C library is integrated into Chromium and Firefox, and also simple command line tools to check files offline in a Terminal.

The CSS font-face property is great for web typography. Having to use images in order to get the correct typeface is a great sadness; one should be able to use vectors.

However, on many platforms the system-level TrueType font renderers have never been part of the attack surface before, and putting them on the front line is a scary proposition... Especially on platforms like Windows, where it's a closed-source blob running with high privilege.

Building from source

Instructions below are for building standalone OTS utilities, if you want to use OTS as a library then the recommended way is to copy the source code and integrate it into your existing build system. Our build system does not build a shared library intentionally.

Build OTS:

$ meson build
$ ninja -C build

Run the tests (if you wish):

$ ninja -C build test

Usage

See docs

Thanks to Alex Russell for the original idea.