Audit for code that can lead to excessive runtime with malicious/malformed data

Open dfrg opened this issue 1 year ago • 3 comments

Specifically cases where we loop based on untrusted counts and/or iterate over ranges where the the sizes aren't bounded by data and thus caught during parsing.

For example, the iterator for cmap format 12 can be forced to do 2^32 iterations n times where cost is only n * 12 bytes of malicious data.

Jun 11 '24 18:06 dfrg

@behdad does HB protect against this? Have a budget for instance?

Jun 11 '24 19:06 rsheeter

Yes we have a budgets for a lot of operations. For cmap I think we skip anything outside valid Unicode range.

Jun 11 '24 19:06 behdad

To create the xref, #954 fixes this for cmap12.

Aug 20 '24 04:08 rsheeter