Memory safety for fonts & text

[Dominik Röttsches]

Hi all,

The Chrome, Skia and Google Fonts teams are collaborating on
open-source memory-safe font libraries
(https://docs.rs/skrifa/latest/skrifa/) for parsing, reading metadata
and paths and producing and writing fonts. The goal is to create an
additional backend for the SkTypeface Skia API (sibling to the
SkTypeface backed by FreeType) and use it in Chrome.

We had a videochat with Werner Lemberg about the project, and would
now like to share the idea with this list. We have shipped FreeType
successfully to billions of users courtesy of the efforts of the
FreeType maintainers and key contributors. We would like to
specifically thank Werner Lemberg and Alexei Podtelezhnikov for their
extensive efforts over many years.

Our motivation is to improve memory safety for font processing in
Chrome by use of Rust as a memory-safe language. We base this decision
on our own research into the safety of code written in C and the
ongoing effort required to keep the FreeType code base secure. We also
observe industry momentum for usage of Rust as a memory-safe language
[1], [2].

You can track our work
* on the SkTypeface backend based on Fontations in Skia bug:
https://bugs.chromium.org/p/skia/issues/detail?id=14259
* on the integration of this newly written backend into Chromium in
Chromium bug: https://bugs.chromium.org/p/chromium/issues/detail?id=1446251

We invite you to collaborate with us on the fontations libraries, try
them out for yourself, and send feedback. PRs are also most welcome.
If there are things you'd approach differently given the opportunity
to start again, lessons learned over the years, we would deeply
appreciate it if you could take a moment to write us a note about it.

Dominik

[1] 
https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html
[2] 
https://github.com/dwizzzle/Presentations/blob/master/David%20Weston%20-%20Windows%2011%20Security%20by-default%20-%20Bluehat%20IL%202023.pdf