Exit early if decompressed size exceeds OTSStream's size limit #244
Conversation
Currently we are exiting early if decompressed size exceeds OTS_MAX_DECOMPRESSED_FILE_SIZE=300MB but some callers may actually set a smaller limit. For example, Chromium uses 30MB [1] and its internal fuzzer 256kB [2]. Firefox uses a limit of 256MB [3]. [1] https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/platform/fonts/web_font_decoder.cc;l=155;drc=5863e513ede6d1f7e9a060f13635fd3916a2183c [2] https://source.chromium.org/chromium/chromium/src/+/main:third_party/ots/fuzz/ots_fuzzer.cc;l=11;drc=efffce8e2a6da2d2295472ed24ef040e0bf4ea14 [3] https://searchfox.org/mozilla-central/rev/3e1a721bce1da3ae04675539b39a4e95b25a046d/gfx/thebes/gfxOTSUtils.h#28
|
@jfkthame gfxOTSExpandingMemoryStream will need a if this is taken. |
|
I don’t like the fact that we now have two different limits, and one is configurable and the other is not. |
|
To be clear, I believe we already have two limits:
So this commit is only fixing the process functions to take into account (2), which is the limit configuration used by Firefox/Chromium. What do you suggest? |
include/opentype-sanitiser.h
Outdated
| @@ -58,6 +58,8 @@ class OTSStream { | |||
|
|
|||
| virtual ~OTSStream() {} | |||
|
|
|||
| virtual size_t SizeLimit() = 0; | |||
There was a problem hiding this comment.
Done. Existing methods in OTSStream seemed to use CamelCase but I see that the trival one chksum() does not.
Co-authored-by: خالد حسني (Khaled Hosny) <khaled@aliftype.com>
Co-authored-by: خالد حسني (Khaled Hosny) <khaled@aliftype.com>
Co-authored-by: خالد حسني (Khaled Hosny) <khaled@aliftype.com>
|
@khaledhosny thanks! |
|
mmh, I'm getting this kind of warnings when trying to port to chromium, so I guess we should use override everywhere ../../third_party/ots/src/include/ots-memory-stream.h:23:16: error: 'WriteRaw' overrides a member function but is not marked 'override' [-Werror,-Winconsistent-missing-override] |
Currently we are exiting early if decompressed size exceeds
OTS_MAX_DECOMPRESSED_FILE_SIZE=300MB but some callers may actually set a
smaller limit. For example, Chromium uses 30MB [1] and its internal
fuzzer 256kB [2]. Firefox uses a limit of 256MB [3].
[1] https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/platform/fonts/web_font_decoder.cc;l=155;drc=5863e513ede6d1f7e9a060f13635fd3916a2183c
[2] https://source.chromium.org/chromium/chromium/src/+/main:third_party/ots/fuzz/ots_fuzzer.cc;l=11;drc=efffce8e2a6da2d2295472ed24ef040e0bf4ea14
[3] https://searchfox.org/mozilla-central/rev/3e1a721bce1da3ae04675539b39a4e95b25a046d/gfx/thebes/gfxOTSUtils.h#28