Font loading and security

[sherief]

Font formats have commonly been used as an attack vector and parsing an untrusted font is a security risk. I've been wanting to integrate imgui into a project with above average security requirements and that also benefits greatly from having user-loadable fonts. The bundled STB library for font handling is a very convenient, single-file solution for loading fonts, having the option to supply another font loader (like FreeType2) would be great, and even better if it can be some interface the client can provide so I can implement more in-depth schemes like font parsing in a separate process.

Would there be interest in adding such functionality to imgui?

[ocornut]

Also see #618

To clarify ImGui isn't designed to be secure using untrusted data (since it was designed for games and games tools). It's designed to handle 99% cases well but I'm pretty sure one could craft strings or data that would lead to applications misbehaving. I am not aware of any known crash within a correctly formed program but nobody really tried to investigate for that.

Since performances are an important part of the library, if ever somebody stumbled on a rare crash triggered by intentionally-malformed data, and the only possible fix would involve a non-negligible performance penalty, I would rather not fix it. I don't realistically see this situation happening but this is to let you know what are the priorities of this project.

[ocornut]

@sherief Closing this. If you want to specifically work on supporting FreeType2 natively please refer to #618.