> out of curiosity, has Apple contacted the FreeType dev group
> concerning http://www.vupen.com/english/advisories/2010/2018
> ("FreeType Compact Font Format Two Buffer Overflow
> Vulnerabilities")?
Yes. Fixed in 2.4.2.
> Even if it's not a serious problem on anything that isn't iOS,
It is a serious problem on all platforms.
> a problem with opcode parsing might also lead to the incorrect
> execution of opcode-based CFF glyph rendering; it would be nice to
> know where it's going wrong, so that normal fonts (i.e., not created
> specifically to exploit the problem) that make use of the
> problematic opcode patterns can be identified.
Normal fonts will *never* encounter this particular bug. It relies on
opcodes which push data on the stack without consuming arguments, for
example, repeatedly calling `random'.
Werner
_______________________________________________
Freetype mailing list
Freetype@nongnu.org
http://lists.nongnu.org/mailman/listinfo/freetype
