1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/common/child_process_sandbox_support_impl_linux.h"
9 #include "base/debug/trace_event.h"
10 #include "base/memory/scoped_ptr.h"
11 #include "base/pickle.h"
12 #include "base/posix/eintr_wrapper.h"
13 #include "base/posix/unix_domain_socket_linux.h"
14 #include "base/safe_numerics.h"
15 #include "base/sys_byteorder.h"
16 #include "content/common/sandbox_linux/sandbox_linux.h"
17 #include "third_party/WebKit/public/platform/linux/WebFontFamily.h"
18 #include "third_party/WebKit/public/platform/linux/WebFontRenderStyle.h"
22 void GetFontFamilyForCharacter(int32_t character
,
23 const char* preferred_locale
,
24 blink::WebFontFamily
* family
) {
25 TRACE_EVENT0("sandbox_ipc", "GetFontFamilyForCharacter");
28 request
.WriteInt(LinuxSandbox::METHOD_GET_FONT_FAMILY_FOR_CHAR
);
29 request
.WriteInt(character
);
30 request
.WriteString(preferred_locale
);
33 const ssize_t n
= UnixDomainSocket::SendRecvMsg(GetSandboxFD(), buf
,
34 sizeof(buf
), NULL
, request
);
36 std::string family_name
;
38 bool isItalic
= false;
40 Pickle
reply(reinterpret_cast<char*>(buf
), n
);
41 PickleIterator
pickle_iter(reply
);
42 if (reply
.ReadString(&pickle_iter
, &family_name
) &&
43 reply
.ReadBool(&pickle_iter
, &isBold
) &&
44 reply
.ReadBool(&pickle_iter
, &isItalic
)) {
45 family
->name
= family_name
;
46 family
->isBold
= isBold
;
47 family
->isItalic
= isItalic
;
52 void GetRenderStyleForStrike(const char* family
, int sizeAndStyle
,
53 blink::WebFontRenderStyle
* out
) {
54 TRACE_EVENT0("sandbox_ipc", "GetRenderStyleForStrike");
57 request
.WriteInt(LinuxSandbox::METHOD_GET_STYLE_FOR_STRIKE
);
58 request
.WriteString(family
);
59 request
.WriteInt(sizeAndStyle
);
62 const ssize_t n
= UnixDomainSocket::SendRecvMsg(GetSandboxFD(), buf
,
63 sizeof(buf
), NULL
, request
);
70 Pickle
reply(reinterpret_cast<char*>(buf
), n
);
71 PickleIterator
pickle_iter(reply
);
72 int useBitmaps
, useAutoHint
, useHinting
, hintStyle
, useAntiAlias
;
73 int useSubpixelRendering
, useSubpixelPositioning
;
74 if (reply
.ReadInt(&pickle_iter
, &useBitmaps
) &&
75 reply
.ReadInt(&pickle_iter
, &useAutoHint
) &&
76 reply
.ReadInt(&pickle_iter
, &useHinting
) &&
77 reply
.ReadInt(&pickle_iter
, &hintStyle
) &&
78 reply
.ReadInt(&pickle_iter
, &useAntiAlias
) &&
79 reply
.ReadInt(&pickle_iter
, &useSubpixelRendering
) &&
80 reply
.ReadInt(&pickle_iter
, &useSubpixelPositioning
)) {
81 out
->useBitmaps
= useBitmaps
;
82 out
->useAutoHint
= useAutoHint
;
83 out
->useHinting
= useHinting
;
84 out
->hintStyle
= hintStyle
;
85 out
->useAntiAlias
= useAntiAlias
;
86 out
->useSubpixelRendering
= useSubpixelRendering
;
87 out
->useSubpixelPositioning
= useSubpixelPositioning
;
91 int MatchFontWithFallback(const std::string
& face
, bool bold
,
92 bool italic
, int charset
) {
93 TRACE_EVENT0("sandbox_ipc", "MatchFontWithFallback");
96 request
.WriteInt(LinuxSandbox::METHOD_MATCH_WITH_FALLBACK
);
97 request
.WriteString(face
);
98 request
.WriteBool(bold
);
99 request
.WriteBool(italic
);
100 request
.WriteUInt32(charset
);
101 uint8_t reply_buf
[64];
103 UnixDomainSocket::SendRecvMsg(GetSandboxFD(), reply_buf
, sizeof(reply_buf
),
108 bool GetFontTable(int fd
, uint32_t table_tag
, off_t offset
,
109 uint8_t* output
, size_t* output_length
) {
113 size_t data_length
= 0; // the length of the file data.
114 off_t data_offset
= 0; // the offset of the data in the file.
115 if (table_tag
== 0) {
116 // Get the entire font file.
118 if (fstat(fd
, &st
) < 0)
120 data_length
= base::checked_numeric_cast
<size_t>(st
.st_size
);
122 // Get a font table. Read the header to find its offset in the file.
124 ssize_t n
= HANDLE_EINTR(pread(fd
, &num_tables
, sizeof(num_tables
),
125 4 /* skip the font type */));
126 if (n
!= sizeof(num_tables
))
128 // Font data is stored in net (big-endian) order.
129 num_tables
= base::NetToHost16(num_tables
);
131 // Read the table directory.
132 static const size_t kTableEntrySize
= 16;
133 const size_t directory_size
= num_tables
* kTableEntrySize
;
134 scoped_ptr
<uint8_t[]> table_entries(new uint8_t[directory_size
]);
135 n
= HANDLE_EINTR(pread(fd
, table_entries
.get(), directory_size
,
136 12 /* skip the SFNT header */));
137 if (n
!= base::checked_numeric_cast
<ssize_t
>(directory_size
))
140 for (uint16_t i
= 0; i
< num_tables
; ++i
) {
141 uint8_t* entry
= table_entries
.get() + i
* kTableEntrySize
;
142 uint32_t tag
= *reinterpret_cast<uint32_t*>(entry
);
143 if (tag
== table_tag
) {
144 // Font data is stored in net (big-endian) order.
146 base::NetToHost32(*reinterpret_cast<uint32_t*>(entry
+ 8));
148 base::NetToHost32(*reinterpret_cast<uint32_t*>(entry
+ 12));
156 // Clamp |offset| inside the allowable range. This allows the read to succeed
157 // but return 0 bytes.
158 offset
= std::min(offset
, base::checked_numeric_cast
<off_t
>(data_length
));
159 // Make sure it's safe to add the data offset and the caller's logical offset.
160 // Define the maximum positive offset on 32 bit systems.
161 static const off_t kMaxPositiveOffset32
= 0x7FFFFFFF; // 2 GB - 1.
162 if ((offset
> kMaxPositiveOffset32
/ 2) ||
163 (data_offset
> kMaxPositiveOffset32
/ 2))
165 data_offset
+= offset
;
166 data_length
-= offset
;
169 // 'output_length' holds the maximum amount of data the caller can accept.
170 data_length
= std::min(data_length
, *output_length
);
171 ssize_t n
= HANDLE_EINTR(pread(fd
, output
, data_length
, data_offset
));
172 if (n
!= base::checked_numeric_cast
<ssize_t
>(data_length
))
175 *output_length
= data_length
;
180 } // namespace content