ots-validator-checker is a program which is intended to validate malformed fonts. If the program detects that the font is invalid, it prints “OK” and returns with 0 (success). If it couldn’t detect any errors, the program then opens the transcoded font and renders some characters using FreeType:
transcoded_font = ValidateAndTranscode(malicious_font); if (validation_error) Print("OK"); OpenAndRenderSomeCharacters(transcoded_font); # may cause SIGSEGV Print("OK");
If SEGV doesn’t raise inside FreeType library, the program prints “OK” and returns with 0 as well. You should run this tool under the catchsegv(1) or valgrind(1) command so that you can easily verify that all transformed fonts don’t crash the library (see the example below).
$ for f in malformed/*.ttf ; do catchsegv ./ots-validator-checker "$f" ; done OK: the malicious font was filtered: malformed/1.ttf OK: the malicious font was filtered: malformed/2.ttf OK: FreeType2 didn't crash: malformed/3.ttf OK: the malicious font was filtered: malformed/4.ttf
Report bugs to <https://github.com/khaledhosny/ots/issues>
ots-idempotent(1), ots-perf(1), ots-sanitize(1), ots-side-by-side(1)
ots-idempotent(1), ots-perf(1), ots-sanitize(1), ots-side-by-side(1).