zlacker

[return to "Bad Apple Font"]
1. triclo+X1[view] [source] 2023-08-30 03:07:37
>>notmys+(OP)
Obviously the thought comes up of the fact that this feels unsafe to have WASM in font files, but, I'm also aware that font layout engines are already turing complete, which leads me to wonder: have there been any high profile malware font examples? That entire stack feels a lot like an attack surface to me, especially given stuff like the fact that windows used to render fonts in the kernel layer.
◧◩
2. winter+4s[view] [source] 2023-08-30 07:32:39
>>triclo+X1
Font files already have embedded code for hinting. So while this might increase the attack surface somewhat, it was already there and I honestly trust wasm execution more than the severely underdocumented and poorly understood hinting VM.

https://www.truetype-typography.com/tthints.htm

[go to top]