On 2002-06-13 at 09:46 +0100, Juliusz Chroboczek uttered: | From: Juliusz Chroboczek <[EMAIL PROTECTED]> | Subject: Re: [bugtraq] remote DoS in Mozilla 1.0 | | MH> Interesting problem reported on bugtraq: | MH> <http://online.securityfocus.com/archive/1/276120> | | I see. Two bugs here. | | One is the dodgy error-handling in the Type 1 backend, which gives up | by calling abort() (see the very end of curves.c). I agree that this | is a bug; however, as I'm hoping to phase out the current Type 1 | backend in favour of one based on FreeType 2 in time for 4.3.0, I do | not intend to fix it.
:( ETA for 4.3.0? | The other problem is that we do not fail a priori requests for very | large fonts. I do agree that this should be done, and I think it | should be done at the common layer (above the font backends); could | anyone suggest at what point a request for a font is clearly invalid? | | Juliusz I forwarded this message to bugtraq and there has been moderate off-list chatter about this question (I take credit for none of it). The general idea has been that if the rendered font will be "too big" for the medium it is to be displayed on then the request should be dubbed, as you say, clearly invalid. Is such an approach feasible and doable at the common layer you speak of? kw. _______________________________________________ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
