Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Remove LEFontInstance::getFontTable(LETag)

Description

When we fixed the security issue with the getFontTable(LETag):

http://site.icu-project.org/download/51#TOC-Known-Issues

we left existing clients vulnerable until they switched to getFontTable(LETag, size_t&). That was wrong. I wish we had removed getFontTable(LETag) completely such that clients wouldn't compile until they fixed the security issue.

Please do that. Otherwise no one will know how many vulnerabilities will stay unfixed forever. Just finished debugging one bug that came down to a rogue client.

I'm going to remove the single arg version in icu-le-hb, and remove default implementation of the two-arg version.

behdad

Activity

UnicodeBot 
June 30, 2018 at 11:43 PM

Trac Comment 1 by behdad@1d5920f4b44b27a8—2014-12-19T00:16:30.045Z

icu-le-hb change is here:
https://github.com/behdad/icu-le-hb/commit/a45016db107ee79fbdc562a821c42f7791a34d05

Fixed

Details

Assignee

Reporter

Components

Priority

Fix versions

Created June 28, 2018 at 5:23 PM
Updated July 1, 2018 at 8:41 PM
Resolved July 1, 2018 at 8:41 PM