>From what I have received personally from my post, 2 * resolution_height sounds like a good idea. Jon > -----Original Message----- > From: Keith Warno [mailto:keith.warno@valaran.com] > Sent: Thursday, June 13, 2002 9:48 AM > To: 'Tom'; bugtraq@securityfocus.com > Subject: RE: remote DoS in Mozilla 1.0 > > > | -----Original Message----- > | From: Tom [mailto:tom@lemuria.org] > | Sent: Monday, June 10, 2002 4:20 AM > | To: bugtraq@securityfocus.com > | Subject: remote DoS in Mozilla 1.0 > | > > [...] > > | > | Vendor Contact > | ============== > > [...] > > | also filed with the XFree86 team, no reaction so far > | > | > > > There is chatter but the same type of question regarding "at > what point [is] > a request for a font ... clearly invalid" is being asked. > > > ---------- Forwarded message ---------- > Date: Thu, 13 Jun 2002 09:46:56 +0100 > From: Juliusz Chroboczek <jec@dcs.ed.ac.uk> > Reply-To: xpert@XFree86.Org > To: xpert@XFree86.Org > Subject: Re: [Xpert]abort() in libXfont 4.2.0 (was FW: remote DoS in > Mozilla 1.0) > > From: Juliusz Chroboczek <jec@dcs.ed.ac.uk> > Subject: Re: [bugtraq] remote DoS in Mozilla 1.0 > To: devel@xfree86.org > Date: 12 Jun 2002 08:51:49 +0100 > > MH> Interesting problem reported on bugtraq: > MH> <http://online.securityfocus.com/archive/1/276120> > > I see. Two bugs here. > > One is the dodgy error-handling in the Type 1 backend, which gives up > by calling abort() (see the very end of curves.c). I agree that this > is a bug; however, as I'm hoping to phase out the current Type 1 > backend in favour of one based on FreeType 2 in time for 4.3.0, I do > not intend to fix it. > > The other problem is that we do not fail a priori requests for very > large fonts. I do agree that this should be done, and I think it > should be done at the common layer (above the font backends); could > anyone suggest at what point a request for a font is clearly invalid? > > Juliusz > > _______________________________________________ > Xpert mailing list > Xpert@XFree86.Org > http://XFree86.Org/mailman/listinfo/xpert >
