Version 8.0.0

* Sanitizing variation tables is always enabled now.
* Support CFF2 table, including variations support.
* Add some error messages to the CFF table parsing.
* Disallow multiple fonts in CFF table, per spec.
* Check for invalid glyph indices in CFF/CFF2 FDSelect.
* ignore VarRegionList.RegionAxisCount when RegionCount == 0 in
  variation tables.
* Remove version dependent reserved value checks from Graphite Silf
  table.
* Fix some compiler and Coverity warnings.
* Fix incorrect comparison in test code.
* Various code and build scripts cleanups.
Release 8.0.0
1 file changed
tree: 02712cd3896d60a0365a1dfacad2f3d06d122b38
  1. docs/
  2. include/
  3. src/
  4. subprojects/
  5. tests/
  6. third_party/
  7. util/
  8. .appveyor.yml
  9. .gitignore
  10. .gitmodules
  11. .travis.yml
  12. LICENSE
  13. meson.build
  14. meson_options.txt
  15. README.md
README.md

Build Status Build status OSS-Fuzz Status

OpenType Sanitizer

The OpenType Sanitizer (OTS) parses and serializes OpenType files (OTF, TTF) and WOFF and WOFF2 font files, validating them and sanitizing them as it goes.

The C library is integrated into Chromium and Firefox, and also simple command line tools to check files offline in a Terminal.

The CSS font-face property is great for web typography. Having to use images in order to get the correct typeface is a great sadness; one should be able to use vectors.

However, on many platforms the system-level TrueType font renderers have never been part of the attack surface before, and putting them on the front line is a scary proposition... Especially on platforms like Windows, where it's a closed-source blob running with high privilege.

Building from source

Instructions below are for building standalone OTS utilities, if you want to use OTS as a library then the recommended way is to copy the source code and integrate it into your existing build system. Our build system does not build a shared library intentionally.

Build OTS:

$ meson build
$ ninja -C build

Run the tests (if you wish):

$ ninja -C build test

Usage

See docs


Thanks to Alex Russell for the original idea.