Prerequisites

You can use your Ubuntu box (>= 8.04. 9.10 is recommended) to test OTS library.

First, install TrueType and OpenType fonts to the Ubuntu box as many as possible.

% sudo apt-get install ttf-.*[^0]$

Then, put malicious TrueType fonts on ~/malicious/. For details, please check http://code.google.com/p/chromium/issues/detail?id=27139#c2. Currently access to the issue is limited to chromium-security team members for security reasons.

% cd
% tar xjf ~/ttf-testsuite.tar.bz2

Test

In order to verify that:

1. OTS does not reject these unmalicious fonts.
2. and transcoded fonts OTS generates can be loaded by a system font renderer (FreeType2).

Run test_unmalicious_fonts.sh script:

% cd /path/to/ots/tests
% ./test_unmalicious_fonts.sh
...............................................  (verify that no FAIL: is displayed)

Then in order to verify that:

1. OTS can reject malicious fonts
2. or transcoded fonts generated by OTS do not crash a system font renderer (FreeType2).

Run test_malicious_fonts.sh script:

% cd /path/to/ots/tests
% ./test_malicious_fonts.sh
...............................................  (verify that no FAIL: is displayed)

Command line tools

We have some command line tools for tests. To build them:

• On Linux:

    % gyp --depth=. -f make ots-standalone.gyp
    % make
    (tool is located at build/Default directory)
  

• On Windows (VC++ is needed):

    % gyp --depth=. -f msvs ots-standalone.gyp
    % devenv.exe /build Default ots-standalone.sln /project idempotent.vcproj
    (tool is located at Default directory)
  

• On Mac (XCode is needed):

    % gyp --depth=. -f xcode ots-standalone.gyp
    % xcodebuild -configuration Default -project ots-standalone.xcodeproj -target All
    (tool is located at build/Default directory)
  

You can use idempotent tool to check whether a font will be rejected or not. You can also use ot-sanitise tool to get sanitised font (it is available on Linux for now). See README file in the test directory for more details.