search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update V8 to version 4.7.44.
[chromium-blink-merge.git] / third_party / ots / src / woff2.cc
blobd82310332a89d01d740fcaf8291961e026fc8cfb
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // This is the implementation of decompression of the proposed WOFF Ultra
6 // Condensed file format.
7
8 #include <cassert>
9 #include <cstdlib>
10 #include <vector>
11
12 #include "third_party/brotli/dec/decode.h"
13
14 #include "opentype-sanitiser.h"
15 #include "ots-memory-stream.h"
16 #include "ots.h"
17 #include "woff2.h"
18
19 #define TABLE_NAME "WOFF2"
20
21 namespace {
22
23 // simple glyph flags
24 const uint8_t kGlyfOnCurve = 1 << 0;
25 const uint8_t kGlyfXShort = 1 << 1;
26 const uint8_t kGlyfYShort = 1 << 2;
27 const uint8_t kGlyfRepeat = 1 << 3;
28 const uint8_t kGlyfThisXIsSame = 1 << 4;
29 const uint8_t kGlyfThisYIsSame = 1 << 5;
30
31 // composite glyph flags
32 const int FLAG_ARG_1_AND_2_ARE_WORDS = 1 << 0;
33 const int FLAG_WE_HAVE_A_SCALE = 1 << 3;
34 const int FLAG_MORE_COMPONENTS = 1 << 5;
35 const int FLAG_WE_HAVE_AN_X_AND_Y_SCALE = 1 << 6;
36 const int FLAG_WE_HAVE_A_TWO_BY_TWO = 1 << 7;
37 const int FLAG_WE_HAVE_INSTRUCTIONS = 1 << 8;
38
39 const size_t kSfntHeaderSize = 12;
40 const size_t kSfntEntrySize = 16;
41 const size_t kCheckSumAdjustmentOffset = 8;
42
43 const size_t kEndPtsOfContoursOffset = 10;
44 const size_t kCompositeGlyphBegin = 10;
45
46 const unsigned int kWoff2FlagsTransform = 1 << 5;
47
48 const uint32_t kKnownTags[] = {
49 OTS_TAG('c','m','a','p'), // 0
50 OTS_TAG('h','e','a','d'), // 1
51 OTS_TAG('h','h','e','a'), // 2
52 OTS_TAG('h','m','t','x'), // 3
53 OTS_TAG('m','a','x','p'), // 4
54 OTS_TAG('n','a','m','e'), // 5
55 OTS_TAG('O','S','/','2'), // 6
56 OTS_TAG('p','o','s','t'), // 7
57 OTS_TAG('c','v','t',' '), // 8
58 OTS_TAG('f','p','g','m'), // 9
59 OTS_TAG('g','l','y','f'), // 10
60 OTS_TAG('l','o','c','a'), // 11
61 OTS_TAG('p','r','e','p'), // 12
62 OTS_TAG('C','F','F',' '), // 13
63 OTS_TAG('V','O','R','G'), // 14
64 OTS_TAG('E','B','D','T'), // 15
65 OTS_TAG('E','B','L','C'), // 16
66 OTS_TAG('g','a','s','p'), // 17
67 OTS_TAG('h','d','m','x'), // 18
68 OTS_TAG('k','e','r','n'), // 19
69 OTS_TAG('L','T','S','H'), // 20
70 OTS_TAG('P','C','L','T'), // 21
71 OTS_TAG('V','D','M','X'), // 22
72 OTS_TAG('v','h','e','a'), // 23
73 OTS_TAG('v','m','t','x'), // 24
74 OTS_TAG('B','A','S','E'), // 25
75 OTS_TAG('G','D','E','F'), // 26
76 OTS_TAG('G','P','O','S'), // 27
77 OTS_TAG('G','S','U','B'), // 28
78 OTS_TAG('E','B','S','C'), // 29
79 OTS_TAG('J','S','T','F'), // 30
80 OTS_TAG('M','A','T','H'), // 31
81 OTS_TAG('C','B','D','T'), // 32
82 OTS_TAG('C','B','L','C'), // 33
83 OTS_TAG('C','O','L','R'), // 34
84 OTS_TAG('C','P','A','L'), // 35
85 OTS_TAG('S','V','G',' '), // 36
86 OTS_TAG('s','b','i','x'), // 37
87 OTS_TAG('a','c','n','t'), // 38
88 OTS_TAG('a','v','a','r'), // 39
89 OTS_TAG('b','d','a','t'), // 40
90 OTS_TAG('b','l','o','c'), // 41
91 OTS_TAG('b','s','l','n'), // 42
92 OTS_TAG('c','v','a','r'), // 43
93 OTS_TAG('f','d','s','c'), // 44
94 OTS_TAG('f','e','a','t'), // 45
95 OTS_TAG('f','m','t','x'), // 46
96 OTS_TAG('f','v','a','r'), // 47
97 OTS_TAG('g','v','a','r'), // 48
98 OTS_TAG('h','s','t','y'), // 49
99 OTS_TAG('j','u','s','t'), // 50
100 OTS_TAG('l','c','a','r'), // 51
101 OTS_TAG('m','o','r','t'), // 52
102 OTS_TAG('m','o','r','x'), // 53
103 OTS_TAG('o','p','b','d'), // 54
104 OTS_TAG('p','r','o','p'), // 55
105 OTS_TAG('t','r','a','k'), // 56
106 OTS_TAG('Z','a','p','f'), // 57
107 OTS_TAG('S','i','l','f'), // 58
108 OTS_TAG('G','l','a','t'), // 59
109 OTS_TAG('G','l','o','c'), // 60
110 OTS_TAG('F','e','a','t'), // 61
111 OTS_TAG('S','i','l','l'), // 62
112 };
113
114 struct Point {
115 int16_t x;
116 int16_t y;
117 bool on_curve;
118 };
119
120 struct Table {
121 uint32_t tag;
122 uint32_t flags;
123
124 uint32_t transform_length;
125
126 uint32_t dst_offset;
127 uint32_t dst_length;
128
129 Table()
130 : tag(0),
131 flags(0),
132 transform_length(0),
133 dst_offset(0),
134 dst_length(0) {}
135
136 bool operator<(const Table& other) const {
137 return tag < other.tag;
138 }
139 };
140
141 // Based on section 6.1.1 of MicroType Express draft spec
142 bool Read255UShort(ots::Buffer* buf, uint16_t* value) {
143 static const uint8_t kWordCode = 253;
144 static const uint8_t kOneMoreByteCode2 = 254;
145 static const uint8_t kOneMoreByteCode1 = 255;
146 static const uint8_t kLowestUCode = 253;
147 uint8_t code = 0;
148 if (!buf->ReadU8(&code)) {
149 return OTS_FAILURE();
150 }
151 if (code == kWordCode) {
152 uint16_t result = 0;
153 if (!buf->ReadU16(&result)) {
154 return OTS_FAILURE();
155 }
156 *value = result;
157 return true;
158 } else if (code == kOneMoreByteCode1) {
159 uint8_t result = 0;
160 if (!buf->ReadU8(&result)) {
161 return OTS_FAILURE();
162 }
163 *value = result + kLowestUCode;
164 return true;
165 } else if (code == kOneMoreByteCode2) {
166 uint8_t result = 0;
167 if (!buf->ReadU8(&result)) {
168 return OTS_FAILURE();
169 }
170 *value = result + kLowestUCode * 2;
171 return true;
172 } else {
173 *value = code;
174 return true;
175 }
176 }
177
178 bool ReadBase128(ots::Buffer* buf, uint32_t* value) {
179 uint32_t result = 0;
180 for (size_t i = 0; i < 5; ++i) {
181 uint8_t code = 0;
182 if (!buf->ReadU8(&code)) {
183 return OTS_FAILURE();
184 }
185 if (i == 0 && code == 0x80) {
186 return OTS_FAILURE();
187 }
188 // If any of the top seven bits are set then we're about to overflow.
189 if (result & 0xfe000000U) {
190 return OTS_FAILURE();
191 }
192 result = (result << 7) | (code & 0x7f);
193 if ((code & 0x80) == 0) {
194 *value = result;
195 return true;
196 }
197 }
198 // Make sure not to exceed the size bound
199 return OTS_FAILURE();
200 }
201
202 // Caller must ensure that buffer overrun won't happen.
203 // TODO(ksakamaoto): Consider creating 'writer' version of the Buffer class
204 // and use it across the code.
205 size_t StoreU32(uint8_t* dst, size_t offset, uint32_t x) {
206 dst[offset] = x >> 24;
207 dst[offset + 1] = (x >> 16) & 0xff;
208 dst[offset + 2] = (x >> 8) & 0xff;
209 dst[offset + 3] = x & 0xff;
210 return offset + 4;
211 }
212
213 size_t StoreU16(uint8_t* dst, size_t offset, uint16_t x) {
214 dst[offset] = x >> 8;
215 dst[offset + 1] = x & 0xff;
216 return offset + 2;
217 }
218
219 int WithSign(int flag, int baseval) {
220 assert(0 <= baseval && baseval < 65536);
221 return (flag & 1) ? baseval : -baseval;
222 }
223
224 bool TripletDecode(const uint8_t* flags_in, const uint8_t* in, size_t in_size,
225 unsigned int n_points, std::vector<Point>* result,
226 size_t* in_bytes_consumed) {
227 int x = 0;
228 int y = 0;
229
230 // Early return if |in| buffer is too small. Each point consumes 1-4 bytes.
231 if (n_points > in_size) {
232 return OTS_FAILURE();
233 }
234 unsigned int triplet_index = 0;
235
236 for (unsigned int i = 0; i < n_points; ++i) {
237 uint8_t flag = flags_in[i];
238 bool on_curve = !(flag >> 7);
239 flag &= 0x7f;
240 unsigned int n_data_bytes;
241 if (flag < 84) {
242 n_data_bytes = 1;
243 } else if (flag < 120) {
244 n_data_bytes = 2;
245 } else if (flag < 124) {
246 n_data_bytes = 3;
247 } else {
248 n_data_bytes = 4;
249 }
250 if (triplet_index + n_data_bytes > in_size ||
251 triplet_index + n_data_bytes < triplet_index) {
252 return OTS_FAILURE();
253 }
254 int dx, dy;
255 if (flag < 10) {
256 dx = 0;
257 dy = WithSign(flag, ((flag & 14) << 7) + in[triplet_index]);
258 } else if (flag < 20) {
259 dx = WithSign(flag, (((flag - 10) & 14) << 7) + in[triplet_index]);
260 dy = 0;
261 } else if (flag < 84) {
262 int b0 = flag - 20;
263 int b1 = in[triplet_index];
264 dx = WithSign(flag, 1 + (b0 & 0x30) + (b1 >> 4));
265 dy = WithSign(flag >> 1, 1 + ((b0 & 0x0c) << 2) + (b1 & 0x0f));
266 } else if (flag < 120) {
267 int b0 = flag - 84;
268 dx = WithSign(flag, 1 + ((b0 / 12) << 8) + in[triplet_index]);
269 dy = WithSign(flag >> 1,
270 1 + (((b0 % 12) >> 2) << 8) + in[triplet_index + 1]);
271 } else if (flag < 124) {
272 int b2 = in[triplet_index + 1];
273 dx = WithSign(flag, (in[triplet_index] << 4) + (b2 >> 4));
274 dy = WithSign(flag >> 1, ((b2 & 0x0f) << 8) + in[triplet_index + 2]);
275 } else {
276 dx = WithSign(flag, (in[triplet_index] << 8) + in[triplet_index + 1]);
277 dy = WithSign(flag >> 1,
278 (in[triplet_index + 2] << 8) + in[triplet_index + 3]);
279 }
280 triplet_index += n_data_bytes;
281 // Possible overflow but coordinate values are not security sensitive
282 x += dx;
283 y += dy;
284 result->push_back(Point());
285 Point& back = result->back();
286 back.x = static_cast<int16_t>(x);
287 back.y = static_cast<int16_t>(y);
288 back.on_curve = on_curve;
289 }
290 *in_bytes_consumed = triplet_index;
291 return true;
292 }
293
294 // This function stores just the point data. On entry, dst points to the
295 // beginning of a simple glyph. Returns true on success.
296 bool StorePoints(const std::vector<Point>& points,
297 unsigned int n_contours, unsigned int instruction_length,
298 uint8_t* dst, size_t dst_size, size_t* glyph_size) {
299 // I believe that n_contours < 65536, in which case this is safe. However, a
300 // comment and/or an assert would be good.
301 unsigned int flag_offset = kEndPtsOfContoursOffset + 2 * n_contours + 2 +
302 instruction_length;
303 uint8_t last_flag = 0xff;
304 uint8_t repeat_count = 0;
305 int last_x = 0;
306 int last_y = 0;
307 unsigned int x_bytes = 0;
308 unsigned int y_bytes = 0;
309
310 for (size_t i = 0; i < points.size(); ++i) {
311 const Point& point = points.at(i);
312 uint8_t flag = point.on_curve ? kGlyfOnCurve : 0;
313 int dx = point.x - last_x;
314 int dy = point.y - last_y;
315 if (dx == 0) {
316 flag |= kGlyfThisXIsSame;
317 } else if (dx > -256 && dx < 256) {
318 flag |= kGlyfXShort | (dx > 0 ? kGlyfThisXIsSame : 0);
319 x_bytes += 1;
320 } else {
321 x_bytes += 2;
322 }
323 if (dy == 0) {
324 flag |= kGlyfThisYIsSame;
325 } else if (dy > -256 && dy < 256) {
326 flag |= kGlyfYShort | (dy > 0 ? kGlyfThisYIsSame : 0);
327 y_bytes += 1;
328 } else {
329 y_bytes += 2;
330 }
331
332 if (flag == last_flag && repeat_count != 255) {
333 dst[flag_offset - 1] |= kGlyfRepeat;
334 repeat_count++;
335 } else {
336 if (repeat_count != 0) {
337 if (flag_offset >= dst_size) {
338 return OTS_FAILURE();
339 }
340 dst[flag_offset++] = repeat_count;
341 }
342 if (flag_offset >= dst_size) {
343 return OTS_FAILURE();
344 }
345 dst[flag_offset++] = flag;
346 repeat_count = 0;
347 }
348 last_x = point.x;
349 last_y = point.y;
350 last_flag = flag;
351 }
352
353 if (repeat_count != 0) {
354 if (flag_offset >= dst_size) {
355 return OTS_FAILURE();
356 }
357 dst[flag_offset++] = repeat_count;
358 }
359 unsigned int xy_bytes = x_bytes + y_bytes;
360 if (xy_bytes < x_bytes ||
361 flag_offset + xy_bytes < flag_offset ||
362 flag_offset + xy_bytes > dst_size) {
363 return OTS_FAILURE();
364 }
365
366 int x_offset = flag_offset;
367 int y_offset = flag_offset + x_bytes;
368 last_x = 0;
369 last_y = 0;
370 for (size_t i = 0; i < points.size(); ++i) {
371 int dx = points.at(i).x - last_x;
372 if (dx == 0) {
373 // pass
374 } else if (dx > -256 && dx < 256) {
375 dst[x_offset++] = static_cast<uint8_t>(std::abs(dx));
376 } else {
377 // will always fit for valid input, but overflow is harmless
378 x_offset = StoreU16(dst, x_offset, static_cast<uint16_t>(dx));
379 }
380 last_x += dx;
381 int dy = points.at(i).y - last_y;
382 if (dy == 0) {
383 // pass
384 } else if (dy > -256 && dy < 256) {
385 dst[y_offset++] = static_cast<uint8_t>(std::abs(dy));
386 } else {
387 y_offset = StoreU16(dst, y_offset, static_cast<uint16_t>(dy));
388 }
389 last_y += dy;
390 }
391 *glyph_size = y_offset;
392 return true;
393 }
394
395 // Compute the bounding box of the coordinates, and store into a glyf buffer.
396 // A precondition is that there are at least 10 bytes available.
397 void ComputeBbox(const std::vector<Point>& points, uint8_t* dst) {
398 int16_t x_min = 0;
399 int16_t y_min = 0;
400 int16_t x_max = 0;
401 int16_t y_max = 0;
402
403 for (size_t i = 0; i < points.size(); ++i) {
404 int16_t x = points.at(i).x;
405 int16_t y = points.at(i).y;
406 if (i == 0 || x < x_min) x_min = x;
407 if (i == 0 || x > x_max) x_max = x;
408 if (i == 0 || y < y_min) y_min = y;
409 if (i == 0 || y > y_max) y_max = y;
410 }
411 size_t offset = 2;
412 offset = StoreU16(dst, offset, x_min);
413 offset = StoreU16(dst, offset, y_min);
414 offset = StoreU16(dst, offset, x_max);
415 offset = StoreU16(dst, offset, y_max);
416 }
417
418 // Process entire bbox stream. This is done as a separate pass to allow for
419 // composite bbox computations (an optional more aggressive transform).
420 bool ProcessBboxStream(ots::Buffer* bbox_stream, unsigned int n_glyphs,
421 const std::vector<uint32_t>& loca_values, uint8_t* glyf_buf,
422 size_t glyf_buf_length) {
423 const uint8_t* buf = bbox_stream->buffer();
424 if (n_glyphs >= 65536 || loca_values.size() != n_glyphs + 1) {
425 return OTS_FAILURE();
426 }
427 // Safe because n_glyphs is bounded
428 unsigned int bitmap_length = ((n_glyphs + 31) >> 5) << 2;
429 if (!bbox_stream->Skip(bitmap_length)) {
430 return OTS_FAILURE();
431 }
432 for (unsigned int i = 0; i < n_glyphs; ++i) {
433 if (buf[i >> 3] & (0x80 >> (i & 7))) {
434 uint32_t loca_offset = loca_values.at(i);
435 if (loca_values.at(i + 1) - loca_offset < kEndPtsOfContoursOffset) {
436 return OTS_FAILURE();
437 }
438 if (glyf_buf_length < 2 + 10 ||
439 loca_offset > glyf_buf_length - 2 - 10) {
440 return OTS_FAILURE();
441 }
442 if (!bbox_stream->Read(glyf_buf + loca_offset + 2, 8)) {
443 return OTS_FAILURE();
444 }
445 }
446 }
447 return true;
448 }
449
450 bool ProcessComposite(ots::Buffer* composite_stream, uint8_t* dst,
451 size_t dst_size, size_t* glyph_size, bool* have_instructions) {
452 size_t start_offset = composite_stream->offset();
453 bool we_have_instructions = false;
454
455 uint16_t flags = FLAG_MORE_COMPONENTS;
456 while (flags & FLAG_MORE_COMPONENTS) {
457 if (!composite_stream->ReadU16(&flags)) {
458 return OTS_FAILURE();
459 }
460 we_have_instructions |= (flags & FLAG_WE_HAVE_INSTRUCTIONS) != 0;
461 size_t arg_size = 2; // glyph index
462 if (flags & FLAG_ARG_1_AND_2_ARE_WORDS) {
463 arg_size += 4;
464 } else {
465 arg_size += 2;
466 }
467 if (flags & FLAG_WE_HAVE_A_SCALE) {
468 arg_size += 2;
469 } else if (flags & FLAG_WE_HAVE_AN_X_AND_Y_SCALE) {
470 arg_size += 4;
471 } else if (flags & FLAG_WE_HAVE_A_TWO_BY_TWO) {
472 arg_size += 8;
473 }
474 if (!composite_stream->Skip(arg_size)) {
475 return OTS_FAILURE();
476 }
477 }
478 size_t composite_glyph_size = composite_stream->offset() - start_offset;
479 if (composite_glyph_size + kCompositeGlyphBegin > dst_size) {
480 return OTS_FAILURE();
481 }
482 StoreU16(dst, 0, 0xffff); // nContours = -1 for composite glyph
483 std::memcpy(dst + kCompositeGlyphBegin,
484 composite_stream->buffer() + start_offset,
485 composite_glyph_size);
486 *glyph_size = kCompositeGlyphBegin + composite_glyph_size;
487 *have_instructions = we_have_instructions;
488 return true;
489 }
490
491 // Build TrueType loca table
492 bool StoreLoca(const std::vector<uint32_t>& loca_values, int index_format,
493 uint8_t* dst, size_t dst_size) {
494 const uint64_t loca_size = loca_values.size();
495 const uint64_t offset_size = index_format ? 4 : 2;
496 if ((loca_size << 2) >> 2 != loca_size) {
497 return OTS_FAILURE();
498 }
499 // No integer overflow here (loca_size <= 2^16).
500 if (offset_size * loca_size > dst_size) {
501 return OTS_FAILURE();
502 }
503 size_t offset = 0;
504 for (size_t i = 0; i < loca_values.size(); ++i) {
505 uint32_t value = loca_values.at(i);
506 if (index_format) {
507 offset = StoreU32(dst, offset, value);
508 } else {
509 offset = StoreU16(dst, offset, static_cast<uint16_t>(value >> 1));
510 }
511 }
512 return true;
513 }
514
515 // Reconstruct entire glyf table based on transformed original
516 bool ReconstructGlyf(ots::Font *font,
517 const uint8_t* data, size_t data_size,
518 uint8_t* dst, size_t dst_size,
519 uint8_t* loca_buf, size_t loca_size) {
520 static const int kNumSubStreams = 7;
521 ots::Buffer buffer(data, data_size);
522 uint32_t version;
523 std::vector<std::pair<const uint8_t*, size_t> > substreams(kNumSubStreams);
524
525 if (!buffer.ReadU32(&version)) {
526 return OTS_FAILURE_MSG("Failed to read 'version' of transformed 'glyf' table");
527 }
528 uint16_t num_glyphs;
529 if (!buffer.ReadU16(&num_glyphs)) {
530 return OTS_FAILURE_MSG("Failed to read 'numGlyphs' from transformed 'glyf' table");
531 }
532 uint16_t index_format;
533 if (!buffer.ReadU16(&index_format)) {
534 return OTS_FAILURE_MSG("Failed to read 'indexFormat' from transformed 'glyf' table");
535 }
536 unsigned int offset = (2 + kNumSubStreams) * 4;
537 if (offset > data_size) {
538 return OTS_FAILURE_MSG("Size of transformed 'glyf' table is too small to fit its data");
539 }
540 // Invariant from here on: data_size >= offset
541 for (int i = 0; i < kNumSubStreams; ++i) {
542 uint32_t substream_size;
543 if (!buffer.ReadU32(&substream_size)) {
544 return OTS_FAILURE_MSG("Failed to read substream size %d of transformed 'glyf' table", i);
545 }
546 if (substream_size > data_size - offset) {
547 return OTS_FAILURE_MSG("Size of substream %d of transformed 'glyf' table does not fit in table size");
548 }
549 substreams.at(i) = std::make_pair(data + offset, substream_size);
550 offset += substream_size;
551 }
552 ots::Buffer n_contour_stream(substreams.at(0).first, substreams.at(0).second);
553 ots::Buffer n_points_stream(substreams.at(1).first, substreams.at(1).second);
554 ots::Buffer flag_stream(substreams.at(2).first, substreams.at(2).second);
555 ots::Buffer glyph_stream(substreams.at(3).first, substreams.at(3).second);
556 ots::Buffer composite_stream(substreams.at(4).first, substreams.at(4).second);
557 ots::Buffer bbox_stream(substreams.at(5).first, substreams.at(5).second);
558 ots::Buffer instruction_stream(substreams.at(6).first,
559 substreams.at(6).second);
560
561 std::vector<uint32_t> loca_values;
562 loca_values.reserve(num_glyphs + 1);
563 std::vector<uint16_t> n_points_vec;
564 std::vector<Point> points;
565 uint32_t loca_offset = 0;
566 const uint8_t* bbox_bitmap = bbox_stream.buffer();
567 for (unsigned int i = 0; i < num_glyphs; ++i) {
568 size_t glyph_size = 0;
569 uint16_t n_contours = 0;
570 if (!n_contour_stream.ReadU16(&n_contours)) {
571 return OTS_FAILURE_MSG("Filed to read 'numberOfContours' of glyph %d from transformed 'glyf' table", i);
572 }
573 uint8_t* glyf_dst = dst + loca_offset;
574 size_t glyf_dst_size = dst_size - loca_offset;
575 if (n_contours == 0xffff) {
576 // composite glyph
577 if (!(bbox_bitmap[i >> 3] & (0x80 >> (i & 7)))) {
578 return OTS_FAILURE_MSG("Composite glyph %d without bbox", i);
579 }
580 bool have_instructions = false;
581 uint16_t instruction_size = 0;
582 if (!ProcessComposite(&composite_stream, glyf_dst, glyf_dst_size,
583 &glyph_size, &have_instructions)) {
584 return OTS_FAILURE_MSG("Filed to process composite glyph %d from transformed 'glyf' table", i);
585 }
586 if (have_instructions) {
587 if (!Read255UShort(&glyph_stream, &instruction_size)) {
588 return OTS_FAILURE_MSG("Failed to read 'instructionLength' of glyph %d from transformed 'glyf' table", i);
589 }
590 // No integer overflow here (instruction_size < 2^16).
591 if (instruction_size + 2U > glyf_dst_size - glyph_size) {
592 return OTS_FAILURE_MSG("'instructionLength' of glyph %d from transformed 'glyf' table does not fit in the destination glyph size", i);
593 }
594 StoreU16(glyf_dst, glyph_size, instruction_size);
595 if (!instruction_stream.Read(glyf_dst + glyph_size + 2,
596 instruction_size)) {
597 return OTS_FAILURE_MSG("Filed to read instructions of glyph %d from transformed 'glyf' table", i);
598 }
599 glyph_size += instruction_size + 2;
600 }
601 } else if (n_contours > 0) {
602 // simple glyph
603 n_points_vec.clear();
604 points.clear();
605 uint32_t total_n_points = 0;
606 uint16_t n_points_contour;
607 for (uint32_t j = 0; j < n_contours; ++j) {
608 if (!Read255UShort(&n_points_stream, &n_points_contour)) {
609 return OTS_FAILURE_MSG("Filed to read number of points of contour %d of glyph %d from transformed 'glyf' table", j, i);
610 }
611 n_points_vec.push_back(n_points_contour);
612 if (total_n_points + n_points_contour < total_n_points) {
613 return OTS_FAILURE_MSG("Negative number of points of contour %d of glyph %d from transformed 'glyf' table", j, i);
614 }
615 total_n_points += n_points_contour;
616 }
617 uint32_t flag_size = total_n_points;
618 if (flag_size > flag_stream.length() - flag_stream.offset()) {
619 return OTS_FAILURE();
620 }
621 const uint8_t* flags_buf = flag_stream.buffer() + flag_stream.offset();
622 const uint8_t* triplet_buf = glyph_stream.buffer() +
623 glyph_stream.offset();
624 size_t triplet_size = glyph_stream.length() - glyph_stream.offset();
625 size_t triplet_bytes_consumed = 0;
626 if (!TripletDecode(flags_buf, triplet_buf, triplet_size, total_n_points,
627 &points, &triplet_bytes_consumed)) {
628 return OTS_FAILURE();
629 }
630 const uint32_t header_and_endpts_contours_size =
631 kEndPtsOfContoursOffset + 2 * n_contours;
632 if (glyf_dst_size < header_and_endpts_contours_size) {
633 return OTS_FAILURE();
634 }
635 StoreU16(glyf_dst, 0, n_contours);
636 ComputeBbox(points, glyf_dst);
637 size_t endpts_offset = kEndPtsOfContoursOffset;
638 int end_point = -1;
639 for (unsigned int contour_ix = 0; contour_ix < n_contours; ++contour_ix) {
640 end_point += n_points_vec.at(contour_ix);
641 if (end_point >= 65536) {
642 return OTS_FAILURE();
643 }
644 endpts_offset = StoreU16(glyf_dst, endpts_offset, static_cast<uint16_t>(end_point));
645 }
646 if (!flag_stream.Skip(flag_size)) {
647 return OTS_FAILURE();
648 }
649 if (!glyph_stream.Skip(triplet_bytes_consumed)) {
650 return OTS_FAILURE();
651 }
652 uint16_t instruction_size;
653 if (!Read255UShort(&glyph_stream, &instruction_size)) {
654 return OTS_FAILURE();
655 }
656 // No integer overflow here (instruction_size < 2^16).
657 if (glyf_dst_size - header_and_endpts_contours_size <
658 instruction_size + 2U) {
659 return OTS_FAILURE();
660 }
661 uint8_t* instruction_dst = glyf_dst + header_and_endpts_contours_size;
662 StoreU16(instruction_dst, 0, instruction_size);
663 if (!instruction_stream.Read(instruction_dst + 2, instruction_size)) {
664 return OTS_FAILURE();
665 }
666 if (!StorePoints(points, n_contours, instruction_size,
667 glyf_dst, glyf_dst_size, &glyph_size)) {
668 return OTS_FAILURE_MSG("Failed to store points of glyph %d from the transformed 'glyf' table", i);
669 }
670 } else {
671 glyph_size = 0;
672 }
673 loca_values.push_back(loca_offset);
674 if (glyph_size + 3 < glyph_size) {
675 return OTS_FAILURE();
676 }
677 glyph_size = ots::Round2(glyph_size);
678 if (glyph_size > dst_size - loca_offset) {
679 // This shouldn't happen, but this test defensively maintains the
680 // invariant that loca_offset <= dst_size.
681 return OTS_FAILURE();
682 }
683 loca_offset += glyph_size;
684 }
685 loca_values.push_back(loca_offset);
686 assert(loca_values.size() == static_cast<size_t>(num_glyphs + 1));
687 if (!ProcessBboxStream(&bbox_stream, num_glyphs, loca_values,
688 dst, dst_size)) {
689 return OTS_FAILURE_MSG("Filed to process 'bboxStream' from the transformed 'glyf' table");
690 }
691 return StoreLoca(loca_values, index_format, loca_buf, loca_size);
692 }
693
694 // This is linear search, but could be changed to binary because we
695 // do have a guarantee that the tables are sorted by tag. But the total
696 // cpu time is expected to be very small in any case.
697 const Table* FindTable(const std::vector<Table>& tables, uint32_t tag) {
698 size_t n_tables = tables.size();
699 for (size_t i = 0; i < n_tables; ++i) {
700 if (tables.at(i).tag == tag) {
701 return &tables.at(i);
702 }
703 }
704 return NULL;
705 }
706
707 bool ReconstructTransformed(ots::Font *font,
708 const std::vector<Table>& tables, uint32_t tag,
709 const uint8_t* transformed_buf, size_t transformed_size,
710 uint8_t* dst, size_t dst_length) {
711 if (tag == OTS_TAG('g','l','y','f')) {
712 const Table* glyf_table = FindTable(tables, tag);
713 const Table* loca_table = FindTable(tables, OTS_TAG('l','o','c','a'));
714 if (glyf_table == NULL || loca_table == NULL) {
715 return OTS_FAILURE();
716 }
717 if (static_cast<uint64_t>(glyf_table->dst_offset) + glyf_table->dst_length >
718 dst_length) {
719 return OTS_FAILURE();
720 }
721 if (static_cast<uint64_t>(loca_table->dst_offset) + loca_table->dst_length >
722 dst_length) {
723 return OTS_FAILURE();
724 }
725 return ReconstructGlyf(font, transformed_buf, transformed_size,
726 dst + glyf_table->dst_offset, glyf_table->dst_length,
727 dst + loca_table->dst_offset, loca_table->dst_length);
728 } else if (tag == OTS_TAG('l','o','c','a')) {
729 // processing was already done by glyf table, but validate
730 if (!FindTable(tables, OTS_TAG('g','l','y','f'))) {
731 return OTS_FAILURE();
732 }
733 } else {
734 // transform for the tag is not known
735 return OTS_FAILURE();
736 }
737 return true;
738 }
739
740 uint32_t ComputeChecksum(const uint8_t* buf, size_t size) {
741 uint32_t checksum = 0;
742 for (size_t i = 0; i < size; i += 4) {
743 // We assume the addition is mod 2^32, which is valid because unsigned
744 checksum += (buf[i] << 24) | (buf[i + 1] << 16) |
745 (buf[i + 2] << 8) | buf[i + 3];
746 }
747 return checksum;
748 }
749
750 bool FixChecksums(const std::vector<Table>& tables, uint8_t* dst) {
751 const Table* head_table = FindTable(tables, OTS_TAG('h','e','a','d'));
752 if (head_table == NULL ||
753 head_table->dst_length < kCheckSumAdjustmentOffset + 4) {
754 return OTS_FAILURE();
755 }
756 size_t adjustment_offset = head_table->dst_offset + kCheckSumAdjustmentOffset;
757 if (adjustment_offset < head_table->dst_offset) {
758 return OTS_FAILURE();
759 }
760 StoreU32(dst, adjustment_offset, 0);
761 size_t n_tables = tables.size();
762 uint32_t file_checksum = 0;
763 for (size_t i = 0; i < n_tables; ++i) {
764 const Table* table = &tables.at(i);
765 size_t table_length = table->dst_length;
766 uint8_t* table_data = dst + table->dst_offset;
767 uint32_t checksum = ComputeChecksum(table_data, table_length);
768 StoreU32(dst, kSfntHeaderSize + i * kSfntEntrySize + 4, checksum);
769 file_checksum += checksum; // The addition is mod 2^32
770 }
771 file_checksum += ComputeChecksum(dst,
772 kSfntHeaderSize + kSfntEntrySize * n_tables);
773 uint32_t checksum_adjustment = 0xb1b0afba - file_checksum;
774 StoreU32(dst, adjustment_offset, checksum_adjustment);
775 return true;
776 }
777
778 bool ReadTableDirectory(ots::Font *font,
779 ots::Buffer* buffer, std::vector<Table>* tables,
780 size_t num_tables) {
781 for (size_t i = 0; i < num_tables; ++i) {
782 Table* table = &tables->at(i);
783 uint8_t flag_byte;
784 if (!buffer->ReadU8(&flag_byte)) {
785 return OTS_FAILURE_MSG("Failed to read the flags of table directory entry %d", i);
786 }
787 uint32_t tag;
788 if ((flag_byte & 0x3f) == 0x3f) {
789 if (!buffer->ReadU32(&tag)) {
790 return OTS_FAILURE_MSG("Failed to read the tag of table directory entry %d", i);
791 }
792 } else {
793 tag = kKnownTags[flag_byte & 0x3f];
794 }
795 // Bits 6 and 7 are reserved and must be 0.
796 if ((flag_byte & 0xc0) != 0) {
797 return OTS_FAILURE_MSG("Bits 6 and 7 are not 0 for table directory entry %d", i);
798 }
799 uint32_t flags = 0;
800 // Always transform the glyf and loca tables
801 if (tag == OTS_TAG('g','l','y','f') ||
802 tag == OTS_TAG('l','o','c','a')) {
803 flags |= kWoff2FlagsTransform;
804 }
805 uint32_t dst_length;
806 if (!ReadBase128(buffer, &dst_length)) {
807 return OTS_FAILURE_MSG("Failed to read 'origLength' for table '%c%c%c%c'", OTS_UNTAG(tag));
808 }
809 uint32_t transform_length = dst_length;
810 if ((flags & kWoff2FlagsTransform) != 0) {
811 if (!ReadBase128(buffer, &transform_length)) {
812 return OTS_FAILURE_MSG("Failed to read 'transformLength' for table '%c%c%c%c'", OTS_UNTAG(tag));
813 }
814
815 if (tag == OTS_TAG('l','o','c','a') && transform_length != 0) {
816 return OTS_FAILURE_MSG("The 'transformLength' of 'loca' table must be zero: %d", transform_length);
817 }
818 }
819 // Disallow huge numbers (> 1GB) for sanity.
820 if (transform_length > 1024 * 1024 * 1024 ||
821 dst_length > 1024 * 1024 * 1024) {
822 return OTS_FAILURE_MSG("'origLength' or 'transformLength' > 1GB");
823 }
824 table->tag = tag;
825 table->flags = flags;
826 table->transform_length = transform_length;
827 table->dst_length = dst_length;
828 }
829 return true;
830 }
831
832 } // namespace
833
834 namespace ots {
835
836 size_t ComputeWOFF2FinalSize(const uint8_t* data, size_t length) {
837 ots::Buffer file(data, length);
838 uint32_t total_length;
839
840 if (!file.Skip(16) ||
841 !file.ReadU32(&total_length)) {
842 return 0;
843 }
844 return total_length;
845 }
846
847 bool ConvertWOFF2ToSFNT(ots::Font *font,
848 uint8_t* result, size_t result_length,
849 const uint8_t* data, size_t length) {
850 static const uint32_t kWoff2Signature = 0x774f4632; // "wOF2"
851 ots::Buffer buffer(data, length);
852
853 uint32_t signature;
854 uint32_t flavor = 0;
855 if (!buffer.ReadU32(&signature) || signature != kWoff2Signature ||
856 !buffer.ReadU32(&flavor)) {
857 return OTS_FAILURE_MSG("Failed to read 'signature' or 'flavor', or not WOFF2 signature");
858 }
859
860 if (!IsValidVersionTag(flavor)) {
861 return OTS_FAILURE_MSG("Invalid 'flavor'");
862 }
863
864 uint32_t reported_length;
865 if (!buffer.ReadU32(&reported_length) || length != reported_length) {
866 return OTS_FAILURE_MSG("Failed to read 'length' or it does not match the actual file size");
867 }
868 uint16_t num_tables;
869 if (!buffer.ReadU16(&num_tables) || !num_tables) {
870 return OTS_FAILURE_MSG("Failed to read 'numTables'");
871 }
872
873 uint16_t reserved_value;
874 if (!buffer.ReadU16(&reserved_value)) {
875 return OTS_FAILURE_MSG("Failed to read 'reserved' field");
876 }
877
878 // We don't care about these fields of the header:
879 // uint32_t total_sfnt_size, the caller already passes it as result_length
880 if (!buffer.Skip(4)) {
881 return OTS_FAILURE_MSG("Failed to read 'totalSfntSize'");
882 }
883 uint32_t compressed_length;
884 if (!buffer.ReadU32(&compressed_length)) {
885 return OTS_FAILURE_MSG("Failed to read 'totalCompressedSize'");
886 }
887 if (compressed_length > std::numeric_limits<uint32_t>::max()) {
888 return OTS_FAILURE();
889 }
890
891 // We don't care about these fields of the header:
892 // uint16_t major_version, minor_version
893 if (!buffer.Skip(2 * 2)) {
894 return OTS_FAILURE_MSG("Failed to read 'majorVersion' or 'minorVersion'");
895 }
896
897 // Checks metadata block size.
898 uint32_t meta_offset;
899 uint32_t meta_length;
900 uint32_t meta_length_orig;
901 if (!buffer.ReadU32(&meta_offset) ||
902 !buffer.ReadU32(&meta_length) ||
903 !buffer.ReadU32(&meta_length_orig)) {
904 return OTS_FAILURE_MSG("Failed to read header metadata block fields");
905 }
906 if (meta_offset) {
907 if (meta_offset >= length || length - meta_offset < meta_length) {
908 return OTS_FAILURE_MSG("Invalid metadata block offset or length");
909 }
910 }
911
912 // Checks private data block size.
913 uint32_t priv_offset;
914 uint32_t priv_length;
915 if (!buffer.ReadU32(&priv_offset) ||
916 !buffer.ReadU32(&priv_length)) {
917 return OTS_FAILURE_MSG("Failed to read header private block fields");
918 }
919 if (priv_offset) {
920 if (priv_offset >= length || length - priv_offset < priv_length) {
921 return OTS_FAILURE_MSG("Invalid private block offset or length");
922 }
923 }
924
925 std::vector<Table> tables(num_tables);
926 if (!ReadTableDirectory(font, &buffer, &tables, num_tables)) {
927 return OTS_FAILURE_MSG("Failed to read table directory");
928 }
929 uint64_t compressed_offset = buffer.offset();
930 if (compressed_offset > std::numeric_limits<uint32_t>::max()) {
931 return OTS_FAILURE();
932 }
933 uint64_t dst_offset = kSfntHeaderSize +
934 kSfntEntrySize * static_cast<uint64_t>(num_tables);
935 for (uint16_t i = 0; i < num_tables; ++i) {
936 Table* table = &tables.at(i);
937 table->dst_offset = static_cast<uint32_t>(dst_offset);
938 dst_offset += table->dst_length;
939 if (dst_offset > std::numeric_limits<uint32_t>::max()) {
940 return OTS_FAILURE();
941 }
942 dst_offset = ots::Round4(dst_offset);
943 }
944
945 uint64_t block_end = ots::Round4(compressed_offset + compressed_length);
946 if (block_end > length || dst_offset != result_length) {
947 return OTS_FAILURE_MSG("Uncompressed sfnt size mismatch");
948 }
949
950 const uint32_t sfnt_header_and_table_directory_size = 12 + 16 * num_tables;
951 if (sfnt_header_and_table_directory_size > result_length) {
952 return OTS_FAILURE();
953 }
954
955 if (meta_offset) {
956 if (block_end != meta_offset) {
957 return OTS_FAILURE_MSG("Invalid metadata block offset");
958 }
959 block_end = ots::Round4(static_cast<uint64_t>(meta_offset) +
960 static_cast<uint64_t>(meta_length));
961 if (block_end > std::numeric_limits<uint32_t>::max()) {
962 return OTS_FAILURE_MSG("Invalid metadata block length");
963 }
964 }
965
966 if (priv_offset) {
967 if (block_end != priv_offset) {
968 return OTS_FAILURE_MSG("Invalid private block offset");
969 }
970 block_end = ots::Round4(static_cast<uint64_t>(priv_offset) +
971 static_cast<uint64_t>(priv_length));
972 if (block_end > std::numeric_limits<uint32_t>::max()) {
973 return OTS_FAILURE_MSG("Invalid private block length");
974 }
975 }
976
977 if (block_end != ots::Round4(length)) {
978 return OTS_FAILURE_MSG("File length mismatch (trailing junk?)");
979 }
980
981 // Start building the font
982 size_t offset = 0;
983 offset = StoreU32(result, offset, flavor);
984 offset = StoreU16(result, offset, num_tables);
985 uint8_t max_pow2 = 0;
986 while (1u << (max_pow2 + 1) <= num_tables) {
987 max_pow2++;
988 }
989 const uint16_t output_search_range = (1u << max_pow2) << 4;
990 offset = StoreU16(result, offset, output_search_range);
991 offset = StoreU16(result, offset, max_pow2);
992 offset = StoreU16(result, offset, (num_tables << 4) - output_search_range);
993
994 // sort tags in the table directory in ascending alphabetical order
995 std::vector<Table> sorted_tables(tables);
996 std::sort(sorted_tables.begin(), sorted_tables.end());
997
998 for (uint16_t i = 0; i < num_tables; ++i) {
999 const Table* table = &sorted_tables.at(i);
1000 offset = StoreU32(result, offset, table->tag);
1001 offset = StoreU32(result, offset, 0); // checksum, to fill in later
1002 offset = StoreU32(result, offset, table->dst_offset);
1003 offset = StoreU32(result, offset, table->dst_length);
1004 }
1005 std::vector<uint8_t> uncompressed_buf;
1006 const uint8_t* transform_buf = NULL;
1007 uint64_t total_size = 0;
1008
1009 for (uint16_t i = 0; i < num_tables; ++i) {
1010 total_size += tables.at(i).transform_length;
1011 if (total_size > std::numeric_limits<uint32_t>::max()) {
1012 return OTS_FAILURE();
1013 }
1014 }
1015 // Enforce same 30M limit on uncompressed tables as OTS
1016 if (total_size > 30 * 1024 * 1024) {
1017 return OTS_FAILURE();
1018 }
1019 size_t uncompressed_size = static_cast<size_t>(total_size);
1020 uncompressed_buf.resize(uncompressed_size);
1021 const uint8_t* compressed_buf = data + compressed_offset;
1022 if (!BrotliDecompressBuffer(compressed_length, compressed_buf,
1023 &uncompressed_size, &uncompressed_buf[0])) {
1024 return OTS_FAILURE_MSG("Failed to uncompress font data");
1025 }
1026 if (uncompressed_size != static_cast<size_t>(total_size)) {
1027 return OTS_FAILURE_MSG("Decompressed font data size does not match the sum of 'origLength' and 'transformLength'");
1028 }
1029 transform_buf = &uncompressed_buf[0];
1030
1031 for (uint16_t i = 0; i < num_tables; ++i) {
1032 const Table* table = &tables.at(i);
1033 uint32_t flags = table->flags;
1034 size_t transform_length = table->transform_length;
1035
1036 if ((flags & kWoff2FlagsTransform) == 0) {
1037 if (transform_length != table->dst_length) {
1038 return OTS_FAILURE();
1039 }
1040 if (static_cast<uint64_t>(table->dst_offset) + transform_length >
1041 result_length) {
1042 return OTS_FAILURE();
1043 }
1044 std::memcpy(result + table->dst_offset, transform_buf,
1045 transform_length);
1046 } else {
1047 if (!ReconstructTransformed(font, tables, table->tag,
1048 transform_buf, transform_length, result, result_length)) {
1049 return OTS_FAILURE_MSG("Failed to reconstruct '%c%c%c%c' table", OTS_UNTAG(table->tag));
1050 }
1051 }
1052
1053 transform_buf += transform_length;
1054 if (transform_buf > &uncompressed_buf[0] + uncompressed_buf.size()) {
1055 return OTS_FAILURE();
1056 }
1057 }
1058
1059 return FixChecksums(sorted_tables, result);
1060 }
1061
1062 } // namespace ots
1063
1064 #undef TABLE_NAME