1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/public/renderer/render_font_warmup_win.h"
9 #include "base/debug/alias.h"
10 #include "base/logging.h"
11 #include "base/win/iat_patch_function.h"
12 #include "base/win/windows_version.h"
13 #include "content/renderer/renderer_font_platform_win.h"
14 #include "third_party/WebKit/public/web/win/WebFontRendering.h"
15 #include "third_party/skia/include/core/SkPaint.h"
16 #include "third_party/skia/include/ports/SkFontMgr.h"
17 #include "third_party/skia/include/ports/SkTypeface_win.h"
23 SkFontMgr
* g_warmup_fontmgr
= NULL
;
25 base::win::IATPatchFunction g_iat_patch_open_sc_manager
;
26 base::win::IATPatchFunction g_iat_patch_close_service_handle
;
27 base::win::IATPatchFunction g_iat_patch_open_service
;
28 base::win::IATPatchFunction g_iat_patch_start_service
;
29 base::win::IATPatchFunction g_iat_patch_nt_connect_port
;
31 // These are from ntddk.h
32 #if !defined(STATUS_ACCESS_DENIED)
33 #define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L)
36 typedef LONG NTSTATUS
;
38 SC_HANDLE WINAPI
OpenSCManagerWPatch(const wchar_t* machine_name
,
39 const wchar_t* database_name
,
42 return reinterpret_cast<SC_HANDLE
>(0xdeadbeef);
45 SC_HANDLE WINAPI
OpenServiceWPatch(SC_HANDLE sc_manager
,
46 const wchar_t* service_name
,
49 return reinterpret_cast<SC_HANDLE
>(0xdeadbabe);
52 BOOL WINAPI
CloseServiceHandlePatch(SC_HANDLE service_handle
) {
53 if (service_handle
!= reinterpret_cast<SC_HANDLE
>(0xdeadbabe) &&
54 service_handle
!= reinterpret_cast<SC_HANDLE
>(0xdeadbeef))
60 BOOL WINAPI
StartServiceWPatch(SC_HANDLE service
,
62 const wchar_t** arg_vectors
) {
63 if (service
!= reinterpret_cast<SC_HANDLE
>(0xdeadbabe))
65 ::SetLastError(ERROR_ACCESS_DENIED
);
69 NTSTATUS WINAPI
NtALpcConnectPortPatch(HANDLE
* port_handle
,
77 void* out_message_attributes
,
78 void* in_message_attributes
,
80 return STATUS_ACCESS_DENIED
;
83 // Directwrite connects to the font cache service to retrieve information about
84 // fonts installed on the system etc. This works well outside the sandbox and
85 // within the sandbox as long as the lpc connection maintained by the current
86 // process with the font cache service remains valid. It appears that there
87 // are cases when this connection is dropped after which directwrite is unable
88 // to connect to the font cache service which causes problems with characters
90 // Directwrite has fallback code to enumerate fonts if it is unable to connect
91 // to the font cache service. We need to intercept the following APIs to
92 // ensure that it does not connect to the font cache service.
97 // CloseServiceHandle.
98 // These are all IAT patched.
99 void PatchServiceManagerCalls() {
100 static bool is_patched
= false;
103 const char* service_provider_dll
=
104 (base::win::GetVersion() >= base::win::VERSION_WIN8
?
105 "api-ms-win-service-management-l1-1-0.dll" : "advapi32.dll");
109 DWORD patched
= g_iat_patch_open_sc_manager
.Patch(L
"dwrite.dll",
110 service_provider_dll
, "OpenSCManagerW", OpenSCManagerWPatch
);
111 DCHECK(patched
== 0);
113 patched
= g_iat_patch_close_service_handle
.Patch(L
"dwrite.dll",
114 service_provider_dll
, "CloseServiceHandle", CloseServiceHandlePatch
);
115 DCHECK(patched
== 0);
117 patched
= g_iat_patch_open_service
.Patch(L
"dwrite.dll",
118 service_provider_dll
, "OpenServiceW", OpenServiceWPatch
);
119 DCHECK(patched
== 0);
121 patched
= g_iat_patch_start_service
.Patch(L
"dwrite.dll",
122 service_provider_dll
, "StartServiceW", StartServiceWPatch
);
123 DCHECK(patched
== 0);
125 patched
= g_iat_patch_nt_connect_port
.Patch(L
"dwrite.dll",
126 "ntdll.dll", "NtAlpcConnectPort", NtALpcConnectPortPatch
);
127 DCHECK(patched
== 0);
130 // Windows-only DirectWrite support. These warm up the DirectWrite paths
131 // before sandbox lock down to allow Skia access to the Font Manager service.
132 void CreateDirectWriteFactory(IDWriteFactory
** factory
) {
133 typedef decltype(DWriteCreateFactory
)* DWriteCreateFactoryProc
;
134 HMODULE dwrite_dll
= LoadLibraryW(L
"dwrite.dll");
135 // TODO(scottmg): Temporary code to track crash in http://crbug.com/387867.
137 DWORD load_library_get_last_error
= GetLastError();
138 base::debug::Alias(&dwrite_dll
);
139 base::debug::Alias(&load_library_get_last_error
);
143 PatchServiceManagerCalls();
145 DWriteCreateFactoryProc dwrite_create_factory_proc
=
146 reinterpret_cast<DWriteCreateFactoryProc
>(
147 GetProcAddress(dwrite_dll
, "DWriteCreateFactory"));
148 // TODO(scottmg): Temporary code to track crash in http://crbug.com/387867.
149 if (!dwrite_create_factory_proc
) {
150 DWORD get_proc_address_get_last_error
= GetLastError();
151 base::debug::Alias(&dwrite_create_factory_proc
);
152 base::debug::Alias(&get_proc_address_get_last_error
);
156 dwrite_create_factory_proc(DWRITE_FACTORY_TYPE_ISOLATED
,
157 __uuidof(IDWriteFactory
),
158 reinterpret_cast<IUnknown
**>(factory
))));
161 HRESULT STDMETHODCALLTYPE
StubFontCollection(IDWriteFactory
* factory
,
162 IDWriteFontCollection
** col
,
164 // We always return pre-created font collection from here.
165 IDWriteFontCollection
* custom_collection
= GetCustomFontCollection(factory
);
166 DCHECK(custom_collection
!= NULL
);
167 *col
= custom_collection
;
171 void PatchDWriteFactory(IDWriteFactory
* factory
) {
172 const unsigned int kGetSystemFontCollectionVTableIndex
= 3;
174 PROC
* vtable
= *reinterpret_cast<PROC
**>(factory
);
175 PROC
* function_ptr
= &vtable
[kGetSystemFontCollectionVTableIndex
];
176 void* stub_function
= &StubFontCollection
;
177 base::win::ModifyCode(function_ptr
, &stub_function
, sizeof(PROC
));
182 void DoPreSandboxWarmupForTypeface(SkTypeface
* typeface
) {
183 SkPaint paint_warmup
;
184 paint_warmup
.setTypeface(typeface
);
185 wchar_t glyph
= L
'S';
186 paint_warmup
.measureText(&glyph
, 2);
189 SkFontMgr
* GetPreSandboxWarmupFontMgr() {
190 if (!g_warmup_fontmgr
) {
191 IDWriteFactory
* factory
;
192 CreateDirectWriteFactory(&factory
);
194 IDWriteFontCollection
* collection
= GetCustomFontCollection(factory
);
196 PatchDWriteFactory(factory
);
198 blink::WebFontRendering::setDirectWriteFactory(factory
);
199 g_warmup_fontmgr
= SkFontMgr_New_DirectWrite(factory
);
201 return g_warmup_fontmgr
;
204 } // namespace content