search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / third_party / ots / src / ots.cc
blob8aa441ea476fffb532462b0b8a09ee03133b73ea
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "ots.h"
6
7 #include <sys/types.h>
8 #include <zlib.h>
9
10 #include <algorithm>
11 #include <cstdlib>
12 #include <cstring>
13 #include <limits>
14 #include <map>
15 #include <vector>
16
17 #include "woff2.h"
18
19 // The OpenType Font File
20 // http://www.microsoft.com/typography/otspec/cmap.htm
21
22 namespace {
23
24 // Generate a message with or without a table tag, when 'header' is the OpenTypeFile pointer
25 #define OTS_FAILURE_MSG_TAG(msg_,tag_) OTS_FAILURE_MSG_TAG_(header, msg_, tag_)
26 #define OTS_FAILURE_MSG_HDR(msg_) OTS_FAILURE_MSG_(header, msg_)
27 #define OTS_WARNING_MSG_HDR(msg_) OTS_WARNING_MSG_(header, msg_)
28
29
30 struct OpenTypeTable {
31 uint32_t tag;
32 uint32_t chksum;
33 uint32_t offset;
34 uint32_t length;
35 uint32_t uncompressed_length;
36 };
37
38 bool CheckTag(uint32_t tag_value) {
39 for (unsigned i = 0; i < 4; ++i) {
40 const uint32_t check = tag_value & 0xff;
41 if (check < 32 || check > 126) {
42 return false; // non-ASCII character found.
43 }
44 tag_value >>= 8;
45 }
46 return true;
47 }
48
49 struct Arena {
50 public:
51 ~Arena() {
52 for (std::vector<uint8_t*>::iterator
53 i = hunks_.begin(); i != hunks_.end(); ++i) {
54 delete[] *i;
55 }
56 }
57
58 uint8_t* Allocate(size_t length) {
59 uint8_t* p = new uint8_t[length];
60 hunks_.push_back(p);
61 return p;
62 }
63
64 private:
65 std::vector<uint8_t*> hunks_;
66 };
67
68 const struct {
69 uint32_t tag;
70 bool (*parse)(ots::Font *font, const uint8_t *data, size_t length);
71 bool (*serialise)(ots::OTSStream *out, ots::Font *font);
72 bool (*should_serialise)(ots::Font *font);
73 void (*reuse)(ots::Font *font, ots::Font *other);
74 void (*free)(ots::Font *font);
75 bool required;
76 } table_parsers[] = {
77 { OTS_TAG('m','a','x','p'), ots::ots_maxp_parse, ots::ots_maxp_serialise,
78 ots::ots_maxp_should_serialise, ots::ots_maxp_reuse, ots::ots_maxp_free,
79 true },
80 { OTS_TAG('h','e','a','d'), ots::ots_head_parse, ots::ots_head_serialise,
81 ots::ots_head_should_serialise, ots::ots_head_reuse, ots::ots_head_free,
82 true },
83 { OTS_TAG('O','S','/','2'), ots::ots_os2_parse, ots::ots_os2_serialise,
84 ots::ots_os2_should_serialise, ots::ots_os2_reuse, ots::ots_os2_free,
85 true },
86 { OTS_TAG('c','m','a','p'), ots::ots_cmap_parse, ots::ots_cmap_serialise,
87 ots::ots_cmap_should_serialise, ots::ots_cmap_reuse, ots::ots_cmap_free,
88 true },
89 { OTS_TAG('h','h','e','a'), ots::ots_hhea_parse, ots::ots_hhea_serialise,
90 ots::ots_hhea_should_serialise, ots::ots_hhea_reuse, ots::ots_hhea_free,
91 true },
92 { OTS_TAG('h','m','t','x'), ots::ots_hmtx_parse, ots::ots_hmtx_serialise,
93 ots::ots_hmtx_should_serialise, ots::ots_hmtx_reuse, ots::ots_hmtx_free,
94 true },
95 { OTS_TAG('n','a','m','e'), ots::ots_name_parse, ots::ots_name_serialise,
96 ots::ots_name_should_serialise, ots::ots_name_reuse, ots::ots_name_free,
97 true },
98 { OTS_TAG('p','o','s','t'), ots::ots_post_parse, ots::ots_post_serialise,
99 ots::ots_post_should_serialise, ots::ots_post_reuse, ots::ots_post_free,
100 true },
101 { OTS_TAG('l','o','c','a'), ots::ots_loca_parse, ots::ots_loca_serialise,
102 ots::ots_loca_should_serialise, ots::ots_loca_reuse, ots::ots_loca_free,
103 false },
104 { OTS_TAG('g','l','y','f'), ots::ots_glyf_parse, ots::ots_glyf_serialise,
105 ots::ots_glyf_should_serialise, ots::ots_glyf_reuse, ots::ots_glyf_free,
106 false },
107 { OTS_TAG('C','F','F',' '), ots::ots_cff_parse, ots::ots_cff_serialise,
108 ots::ots_cff_should_serialise, ots::ots_cff_reuse, ots::ots_cff_free,
109 false },
110 { OTS_TAG('V','D','M','X'), ots::ots_vdmx_parse, ots::ots_vdmx_serialise,
111 ots::ots_vdmx_should_serialise, ots::ots_vdmx_reuse, ots::ots_vdmx_free,
112 false },
113 { OTS_TAG('h','d','m','x'), ots::ots_hdmx_parse, ots::ots_hdmx_serialise,
114 ots::ots_hdmx_should_serialise, ots::ots_hdmx_reuse, ots::ots_hdmx_free,
115 false },
116 { OTS_TAG('g','a','s','p'), ots::ots_gasp_parse, ots::ots_gasp_serialise,
117 ots::ots_gasp_should_serialise, ots::ots_gasp_reuse, ots::ots_gasp_free,
118 false },
119 { OTS_TAG('c','v','t',' '), ots::ots_cvt_parse, ots::ots_cvt_serialise,
120 ots::ots_cvt_should_serialise, ots::ots_cvt_reuse, ots::ots_cvt_free,
121 false },
122 { OTS_TAG('f','p','g','m'), ots::ots_fpgm_parse, ots::ots_fpgm_serialise,
123 ots::ots_fpgm_should_serialise, ots::ots_fpgm_reuse, ots::ots_fpgm_free,
124 false },
125 { OTS_TAG('p','r','e','p'), ots::ots_prep_parse, ots::ots_prep_serialise,
126 ots::ots_prep_should_serialise, ots::ots_prep_reuse, ots::ots_prep_free,
127 false },
128 { OTS_TAG('L','T','S','H'), ots::ots_ltsh_parse, ots::ots_ltsh_serialise,
129 ots::ots_ltsh_should_serialise, ots::ots_ltsh_reuse, ots::ots_ltsh_free,
130 false },
131 { OTS_TAG('V','O','R','G'), ots::ots_vorg_parse, ots::ots_vorg_serialise,
132 ots::ots_vorg_should_serialise, ots::ots_vorg_reuse, ots::ots_vorg_free,
133 false },
134 { OTS_TAG('k','e','r','n'), ots::ots_kern_parse, ots::ots_kern_serialise,
135 ots::ots_kern_should_serialise, ots::ots_kern_reuse, ots::ots_kern_free,
136 false },
137 // We need to parse GDEF table in advance of parsing GSUB/GPOS tables
138 // because they could refer GDEF table.
139 { OTS_TAG('G','D','E','F'), ots::ots_gdef_parse, ots::ots_gdef_serialise,
140 ots::ots_gdef_should_serialise, ots::ots_gdef_reuse, ots::ots_gdef_free,
141 false },
142 { OTS_TAG('G','P','O','S'), ots::ots_gpos_parse, ots::ots_gpos_serialise,
143 ots::ots_gpos_should_serialise, ots::ots_gpos_reuse, ots::ots_gpos_free,
144 false },
145 { OTS_TAG('G','S','U','B'), ots::ots_gsub_parse, ots::ots_gsub_serialise,
146 ots::ots_gsub_should_serialise, ots::ots_gsub_reuse, ots::ots_gsub_free,
147 false },
148 { OTS_TAG('v','h','e','a'), ots::ots_vhea_parse, ots::ots_vhea_serialise,
149 ots::ots_vhea_should_serialise, ots::ots_vhea_reuse, ots::ots_vhea_free,
150 false },
151 { OTS_TAG('v','m','t','x'), ots::ots_vmtx_parse, ots::ots_vmtx_serialise,
152 ots::ots_vmtx_should_serialise, ots::ots_vmtx_reuse, ots::ots_vmtx_free,
153 false },
154 { OTS_TAG('M','A','T','H'), ots::ots_math_parse, ots::ots_math_serialise,
155 ots::ots_math_should_serialise, ots::ots_math_reuse, ots::ots_math_free,
156 false },
157 { 0, NULL, NULL, NULL, NULL, NULL, false },
158 };
159
160 bool ProcessGeneric(ots::OpenTypeFile *header,
161 ots::Font *font,
162 uint32_t signature,
163 ots::OTSStream *output,
164 const uint8_t *data, size_t length,
165 const std::vector<OpenTypeTable>& tables,
166 ots::Buffer& file);
167
168 bool ProcessTTF(ots::OpenTypeFile *header,
169 ots::Font *font,
170 ots::OTSStream *output, const uint8_t *data, size_t length,
171 uint32_t offset = 0) {
172 ots::Buffer file(data + offset, length - offset);
173
174 if (offset > length) {
175 return OTS_FAILURE_MSG_HDR("offset beyond end of file");
176 }
177
178 // we disallow all files > 1GB in size for sanity.
179 if (length > 1024 * 1024 * 1024) {
180 return OTS_FAILURE_MSG_HDR("file exceeds 1GB");
181 }
182
183 if (!file.ReadU32(&font->version)) {
184 return OTS_FAILURE_MSG_HDR("error reading version tag");
185 }
186 if (!ots::IsValidVersionTag(font->version)) {
187 return OTS_FAILURE_MSG_HDR("invalid version tag");
188 }
189
190 if (!file.ReadU16(&font->num_tables) ||
191 !file.ReadU16(&font->search_range) ||
192 !file.ReadU16(&font->entry_selector) ||
193 !file.ReadU16(&font->range_shift)) {
194 return OTS_FAILURE_MSG_HDR("error reading table directory search header");
195 }
196
197 // search_range is (Maximum power of 2 <= numTables) x 16. Thus, to avoid
198 // overflow num_tables is, at most, 2^16 / 16 = 2^12
199 if (font->num_tables >= 4096 || font->num_tables < 1) {
200 return OTS_FAILURE_MSG_HDR("excessive (or zero) number of tables");
201 }
202
203 unsigned max_pow2 = 0;
204 while (1u << (max_pow2 + 1) <= font->num_tables) {
205 max_pow2++;
206 }
207 const uint16_t expected_search_range = (1u << max_pow2) << 4;
208
209 // Don't call ots_failure() here since ~25% of fonts (250+ fonts) in
210 // http://www.princexml.com/fonts/ have unexpected search_range value.
211 if (font->search_range != expected_search_range) {
212 OTS_WARNING_MSG_HDR("bad search range");
213 font->search_range = expected_search_range; // Fix the value.
214 }
215
216 // entry_selector is Log2(maximum power of 2 <= numTables)
217 if (font->entry_selector != max_pow2) {
218 return OTS_FAILURE_MSG_HDR("incorrect entrySelector for table directory");
219 }
220
221 // range_shift is NumTables x 16-searchRange. We know that 16*num_tables
222 // doesn't over flow because we range checked it above. Also, we know that
223 // it's > font->search_range by construction of search_range.
224 const uint16_t expected_range_shift =
225 16 * font->num_tables - font->search_range;
226 if (font->range_shift != expected_range_shift) {
227 OTS_WARNING_MSG_HDR("bad range shift");
228 font->range_shift = expected_range_shift; // the same as above.
229 }
230
231 // Next up is the list of tables.
232 std::vector<OpenTypeTable> tables;
233
234 for (unsigned i = 0; i < font->num_tables; ++i) {
235 OpenTypeTable table;
236 if (!file.ReadU32(&table.tag) ||
237 !file.ReadU32(&table.chksum) ||
238 !file.ReadU32(&table.offset) ||
239 !file.ReadU32(&table.length)) {
240 return OTS_FAILURE_MSG_HDR("error reading table directory");
241 }
242
243 table.uncompressed_length = table.length;
244 tables.push_back(table);
245 }
246
247 return ProcessGeneric(header, font, font->version, output, data, length,
248 tables, file);
249 }
250
251 bool ProcessTTC(ots::OpenTypeFile *header,
252 ots::OTSStream *output,
253 const uint8_t *data,
254 size_t length,
255 uint32_t index) {
256 ots::Buffer file(data, length);
257
258 // we disallow all files > 1GB in size for sanity.
259 if (length > 1024 * 1024 * 1024) {
260 return OTS_FAILURE_MSG_HDR("file exceeds 1GB");
261 }
262
263 uint32_t ttc_tag;
264 if (!file.ReadU32(&ttc_tag)) {
265 return OTS_FAILURE_MSG_HDR("Error reading TTC tag");
266 }
267 if (ttc_tag != OTS_TAG('t','t','c','f')) {
268 return OTS_FAILURE_MSG_HDR("Invalid TTC tag");
269 }
270
271 uint32_t ttc_version;
272 if (!file.ReadU32(&ttc_version)) {
273 return OTS_FAILURE_MSG_HDR("Error reading TTC version");
274 }
275 if (ttc_version != 0x00010000 && ttc_version != 0x00020000) {
276 return OTS_FAILURE_MSG_HDR("Invalid TTC version");
277 }
278
279 uint32_t num_fonts;
280 if (!file.ReadU32(&num_fonts)) {
281 return OTS_FAILURE_MSG_HDR("Error reading number of TTC fonts");
282 }
283 // Limit the allowed number of subfonts to have same memory allocation.
284 if (num_fonts > 0x10000) {
285 return OTS_FAILURE_MSG_HDR("Too many fonts in TTC");
286 }
287
288 std::vector<uint32_t> offsets(num_fonts);
289 for (unsigned i = 0; i < num_fonts; i++) {
290 if (!file.ReadU32(&offsets[i])) {
291 return OTS_FAILURE_MSG_HDR("Error reading offset to OffsetTable");
292 }
293 }
294
295 if (ttc_version == 0x00020000) {
296 // We don't care about these fields of the header:
297 // uint32_t dsig_tag, dsig_length, dsig_offset
298 if (!file.Skip(3 * 4)) {
299 return OTS_FAILURE_MSG_HDR("Error reading DSIG offset and length in TTC font");
300 }
301 }
302
303 if (index == static_cast<uint32_t>(-1)) {
304 if (!output->WriteU32(ttc_tag) ||
305 !output->WriteU32(0x00010000) ||
306 !output->WriteU32(num_fonts) ||
307 !output->Seek((3 + num_fonts) * 4)) {
308 return OTS_FAILURE_MSG_HDR("Error writing output");
309 }
310
311 // Keep references to the fonts processed in the loop below, as we need
312 // them for reused tables.
313 std::vector<ots::Font> fonts(num_fonts, ots::Font(header));
314
315 for (unsigned i = 0; i < num_fonts; i++) {
316 uint32_t out_offset = output->Tell();
317 if (!output->Seek((3 + i) * 4) ||
318 !output->WriteU32(out_offset) ||
319 !output->Seek(out_offset)) {
320 return OTS_FAILURE_MSG_HDR("Error writing output");
321 }
322 if (!ProcessTTF(header, &fonts[i], output, data, length, offsets[i])) {
323 return false;
324 }
325 }
326
327 return true;
328 } else {
329 if (index >= num_fonts) {
330 return OTS_FAILURE_MSG_HDR("Requested font index is bigger than the number of fonts in the TTC file");
331 }
332
333 ots::Font font(header);
334 return ProcessTTF(header, &font, output, data, length, offsets[index]);
335 }
336 }
337
338 bool ProcessWOFF(ots::OpenTypeFile *header,
339 ots::Font *font,
340 ots::OTSStream *output, const uint8_t *data, size_t length) {
341 ots::Buffer file(data, length);
342
343 // we disallow all files > 1GB in size for sanity.
344 if (length > 1024 * 1024 * 1024) {
345 return OTS_FAILURE_MSG_HDR("file exceeds 1GB");
346 }
347
348 uint32_t woff_tag;
349 if (!file.ReadU32(&woff_tag)) {
350 return OTS_FAILURE_MSG_HDR("error reading WOFF marker");
351 }
352
353 if (woff_tag != OTS_TAG('w','O','F','F')) {
354 return OTS_FAILURE_MSG_HDR("invalid WOFF marker");
355 }
356
357 if (!file.ReadU32(&font->version)) {
358 return OTS_FAILURE_MSG_HDR("error reading version tag");
359 }
360 if (!ots::IsValidVersionTag(font->version)) {
361 return OTS_FAILURE_MSG_HDR("invalid version tag");
362 }
363
364 font->search_range = 0;
365 font->entry_selector = 0;
366 font->range_shift = 0;
367
368 uint32_t reported_length;
369 if (!file.ReadU32(&reported_length) || length != reported_length) {
370 return OTS_FAILURE_MSG_HDR("incorrect file size in WOFF header");
371 }
372
373 if (!file.ReadU16(&font->num_tables) || !font->num_tables) {
374 return OTS_FAILURE_MSG_HDR("error reading number of tables");
375 }
376
377 uint16_t reserved_value;
378 if (!file.ReadU16(&reserved_value) || reserved_value) {
379 return OTS_FAILURE_MSG_HDR("error in reserved field of WOFF header");
380 }
381
382 uint32_t reported_total_sfnt_size;
383 if (!file.ReadU32(&reported_total_sfnt_size)) {
384 return OTS_FAILURE_MSG_HDR("error reading total sfnt size");
385 }
386
387 // We don't care about these fields of the header:
388 // uint16_t major_version, minor_version
389 if (!file.Skip(2 * 2)) {
390 return OTS_FAILURE_MSG_HDR("Failed to read 'majorVersion' or 'minorVersion'");
391 }
392
393 // Checks metadata block size.
394 uint32_t meta_offset;
395 uint32_t meta_length;
396 uint32_t meta_length_orig;
397 if (!file.ReadU32(&meta_offset) ||
398 !file.ReadU32(&meta_length) ||
399 !file.ReadU32(&meta_length_orig)) {
400 return OTS_FAILURE_MSG_HDR("Failed to read header metadata block fields");
401 }
402 if (meta_offset) {
403 if (meta_offset >= length || length - meta_offset < meta_length) {
404 return OTS_FAILURE_MSG_HDR("Invalid metadata block offset or length");
405 }
406 }
407
408 // Checks private data block size.
409 uint32_t priv_offset;
410 uint32_t priv_length;
411 if (!file.ReadU32(&priv_offset) ||
412 !file.ReadU32(&priv_length)) {
413 return OTS_FAILURE_MSG_HDR("Failed to read header private block fields");
414 }
415 if (priv_offset) {
416 if (priv_offset >= length || length - priv_offset < priv_length) {
417 return OTS_FAILURE_MSG_HDR("Invalid private block offset or length");
418 }
419 }
420
421 // Next up is the list of tables.
422 std::vector<OpenTypeTable> tables;
423
424 uint32_t first_index = 0;
425 uint32_t last_index = 0;
426 // Size of sfnt header plus size of table records.
427 uint64_t total_sfnt_size = 12 + 16 * font->num_tables;
428 for (unsigned i = 0; i < font->num_tables; ++i) {
429 OpenTypeTable table;
430 if (!file.ReadU32(&table.tag) ||
431 !file.ReadU32(&table.offset) ||
432 !file.ReadU32(&table.length) ||
433 !file.ReadU32(&table.uncompressed_length) ||
434 !file.ReadU32(&table.chksum)) {
435 return OTS_FAILURE_MSG_HDR("error reading table directory");
436 }
437
438 total_sfnt_size += ots::Round4(table.uncompressed_length);
439 if (total_sfnt_size > std::numeric_limits<uint32_t>::max()) {
440 return OTS_FAILURE_MSG_HDR("sfnt size overflow");
441 }
442 tables.push_back(table);
443 if (i == 0 || tables[first_index].offset > table.offset)
444 first_index = i;
445 if (i == 0 || tables[last_index].offset < table.offset)
446 last_index = i;
447 }
448
449 if (reported_total_sfnt_size != total_sfnt_size) {
450 return OTS_FAILURE_MSG_HDR("uncompressed sfnt size mismatch");
451 }
452
453 // Table data must follow immediately after the header.
454 if (tables[first_index].offset != ots::Round4(file.offset())) {
455 return OTS_FAILURE_MSG_HDR("junk before tables in WOFF file");
456 }
457
458 if (tables[last_index].offset >= length ||
459 length - tables[last_index].offset < tables[last_index].length) {
460 return OTS_FAILURE_MSG_HDR("invalid table location/size");
461 }
462 // Blocks must follow immediately after the previous block.
463 // (Except for padding with a maximum of three null bytes)
464 uint64_t block_end = ots::Round4(
465 static_cast<uint64_t>(tables[last_index].offset) +
466 static_cast<uint64_t>(tables[last_index].length));
467 if (block_end > std::numeric_limits<uint32_t>::max()) {
468 return OTS_FAILURE_MSG_HDR("invalid table location/size");
469 }
470 if (meta_offset) {
471 if (block_end != meta_offset) {
472 return OTS_FAILURE_MSG_HDR("Invalid metadata block offset");
473 }
474 block_end = ots::Round4(static_cast<uint64_t>(meta_offset) +
475 static_cast<uint64_t>(meta_length));
476 if (block_end > std::numeric_limits<uint32_t>::max()) {
477 return OTS_FAILURE_MSG_HDR("Invalid metadata block length");
478 }
479 }
480 if (priv_offset) {
481 if (block_end != priv_offset) {
482 return OTS_FAILURE_MSG_HDR("Invalid private block offset");
483 }
484 block_end = ots::Round4(static_cast<uint64_t>(priv_offset) +
485 static_cast<uint64_t>(priv_length));
486 if (block_end > std::numeric_limits<uint32_t>::max()) {
487 return OTS_FAILURE_MSG_HDR("Invalid private block length");
488 }
489 }
490 if (block_end != ots::Round4(length)) {
491 return OTS_FAILURE_MSG_HDR("File length mismatch (trailing junk?)");
492 }
493
494 return ProcessGeneric(header, font, woff_tag, output, data, length, tables, file);
495 }
496
497 bool ProcessWOFF2(ots::OpenTypeFile *header,
498 ots::Font *font,
499 ots::OTSStream *output, const uint8_t *data, size_t length) {
500 size_t decompressed_size = ots::ComputeWOFF2FinalSize(data, length);
501
502 if (decompressed_size == 0) {
503 return OTS_FAILURE_MSG_HDR("Size of decompressed WOFF 2.0 is set to 0");
504 }
505 // decompressed font must be <= 30MB
506 if (decompressed_size > 30 * 1024 * 1024) {
507 return OTS_FAILURE_MSG_HDR("Size of decompressed WOFF 2.0 font exceeds 30MB");
508 }
509
510 std::vector<uint8_t> decompressed_buffer(decompressed_size);
511 if (!ots::ConvertWOFF2ToSFNT(font, &decompressed_buffer[0], decompressed_size,
512 data, length)) {
513 return OTS_FAILURE_MSG_HDR("Failed to convert WOFF 2.0 font to SFNT");
514 }
515 return ProcessTTF(header, font, output, &decompressed_buffer[0], decompressed_size);
516 }
517
518 ots::TableAction GetTableAction(ots::OpenTypeFile *header, uint32_t tag) {
519 ots::TableAction action = ots::TABLE_ACTION_DEFAULT;
520
521 action = header->context->GetTableAction(htonl(tag));
522
523 if (action == ots::TABLE_ACTION_DEFAULT) {
524 action = ots::TABLE_ACTION_DROP;
525
526 for (unsigned i = 0; ; ++i) {
527 if (table_parsers[i].parse == NULL) break;
528
529 if (table_parsers[i].tag == tag) {
530 action = ots::TABLE_ACTION_SANITIZE;
531 break;
532 }
533 }
534 }
535
536 assert(action != ots::TABLE_ACTION_DEFAULT); // Should never return this.
537 return action;
538 }
539
540 bool GetTableData(const uint8_t *data,
541 const OpenTypeTable table,
542 Arena *arena,
543 size_t *table_length,
544 const uint8_t **table_data) {
545 if (table.uncompressed_length != table.length) {
546 // Compressed table. Need to uncompress into memory first.
547 *table_length = table.uncompressed_length;
548 *table_data = (*arena).Allocate(*table_length);
549 uLongf dest_len = *table_length;
550 int r = uncompress((Bytef*) *table_data, &dest_len,
551 data + table.offset, table.length);
552 if (r != Z_OK || dest_len != *table_length) {
553 return false;
554 }
555 } else {
556 // Uncompressed table. We can process directly from memory.
557 *table_data = data + table.offset;
558 *table_length = table.length;
559 }
560
561 return true;
562 }
563
564 bool ProcessGeneric(ots::OpenTypeFile *header,
565 ots::Font *font,
566 uint32_t signature,
567 ots::OTSStream *output,
568 const uint8_t *data, size_t length,
569 const std::vector<OpenTypeTable>& tables,
570 ots::Buffer& file) {
571 const size_t data_offset = file.offset();
572
573 uint32_t uncompressed_sum = 0;
574
575 for (unsigned i = 0; i < font->num_tables; ++i) {
576 // the tables must be sorted by tag (when taken as big-endian numbers).
577 // This also remove the possibility of duplicate tables.
578 if (i) {
579 const uint32_t this_tag = tables[i].tag;
580 const uint32_t prev_tag = tables[i - 1].tag;
581 if (this_tag <= prev_tag) {
582 OTS_WARNING_MSG_HDR("Table directory is not correctly ordered");
583 }
584 }
585
586 // all tag names must be built from printable ASCII characters
587 if (!CheckTag(tables[i].tag)) {
588 return OTS_FAILURE_MSG_TAG("invalid table tag", tables[i].tag);
589 }
590
591 // tables must be 4-byte aligned
592 if (tables[i].offset & 3) {
593 return OTS_FAILURE_MSG_TAG("misaligned table", tables[i].tag);
594 }
595
596 // and must be within the file
597 if (tables[i].offset < data_offset || tables[i].offset >= length) {
598 return OTS_FAILURE_MSG_TAG("invalid table offset", tables[i].tag);
599 }
600 // disallow all tables with a zero length
601 if (tables[i].length < 1) {
602 // Note: malayalam.ttf has zero length CVT table...
603 return OTS_FAILURE_MSG_TAG("zero-length table", tables[i].tag);
604 }
605 // disallow all tables with a length > 1GB
606 if (tables[i].length > 1024 * 1024 * 1024) {
607 return OTS_FAILURE_MSG_TAG("table length exceeds 1GB", tables[i].tag);
608 }
609 // disallow tables where the uncompressed size is < the compressed size.
610 if (tables[i].uncompressed_length < tables[i].length) {
611 return OTS_FAILURE_MSG_TAG("invalid compressed table", tables[i].tag);
612 }
613 if (tables[i].uncompressed_length > tables[i].length) {
614 // We'll probably be decompressing this table.
615
616 // disallow all tables which uncompress to > 30 MB
617 if (tables[i].uncompressed_length > 30 * 1024 * 1024) {
618 return OTS_FAILURE_MSG_TAG("uncompressed length exceeds 30MB", tables[i].tag);
619 }
620 if (uncompressed_sum + tables[i].uncompressed_length < uncompressed_sum) {
621 return OTS_FAILURE_MSG_TAG("overflow of uncompressed sum", tables[i].tag);
622 }
623
624 uncompressed_sum += tables[i].uncompressed_length;
625 }
626 // since we required that the file be < 1GB in length, and that the table
627 // length is < 1GB, the following addtion doesn't overflow
628 uint32_t end_byte = tables[i].offset + tables[i].length;
629 // Tables in the WOFF file must be aligned 4-byte boundary.
630 if (signature == OTS_TAG('w','O','F','F')) {
631 end_byte = ots::Round4(end_byte);
632 }
633 if (!end_byte || end_byte > length) {
634 return OTS_FAILURE_MSG_TAG("table overruns end of file", tables[i].tag);
635 }
636 }
637
638 // All decompressed tables uncompressed must be <= 30MB.
639 if (uncompressed_sum > 30 * 1024 * 1024) {
640 return OTS_FAILURE_MSG_HDR("uncompressed sum exceeds 30MB");
641 }
642
643 std::map<uint32_t, OpenTypeTable> table_map;
644 for (unsigned i = 0; i < font->num_tables; ++i) {
645 table_map[tables[i].tag] = tables[i];
646 }
647
648 // check that the tables are not overlapping.
649 std::vector<std::pair<uint32_t, uint8_t> > overlap_checker;
650 for (unsigned i = 0; i < font->num_tables; ++i) {
651 overlap_checker.push_back(
652 std::make_pair(tables[i].offset, static_cast<uint8_t>(1) /* start */));
653 overlap_checker.push_back(
654 std::make_pair(tables[i].offset + tables[i].length,
655 static_cast<uint8_t>(0) /* end */));
656 }
657 std::sort(overlap_checker.begin(), overlap_checker.end());
658 int overlap_count = 0;
659 for (unsigned i = 0; i < overlap_checker.size(); ++i) {
660 overlap_count += (overlap_checker[i].second ? 1 : -1);
661 if (overlap_count > 1) {
662 return OTS_FAILURE_MSG_HDR("overlapping tables");
663 }
664 }
665
666 Arena arena;
667
668 for (unsigned i = 0; ; ++i) {
669 if (table_parsers[i].parse == NULL) break;
670
671 uint32_t tag = table_parsers[i].tag;
672 const std::map<uint32_t, OpenTypeTable>::const_iterator it = table_map.find(tag);
673
674 ots::TableAction action = GetTableAction(header, tag);
675 if (it == table_map.end()) {
676 if (table_parsers[i].required && action == ots::TABLE_ACTION_SANITIZE) {
677 return OTS_FAILURE_MSG_TAG("missing required table", table_parsers[i].tag);
678 }
679 continue;
680 }
681
682 uint32_t input_offset = it->second.offset;
683 const ots::TableMap::const_iterator ot = header->tables.find(input_offset);
684 if (ot == header->tables.end()) {
685 const uint8_t* table_data;
686 size_t table_length;
687
688 if (!GetTableData(data, it->second, &arena, &table_length, &table_data)) {
689 return OTS_FAILURE_MSG_TAG("uncompress failed", table_parsers[i].tag);
690 }
691
692 if (action == ots::TABLE_ACTION_SANITIZE &&
693 !table_parsers[i].parse(font, table_data, table_length)) {
694 // TODO: parsers should generate specific messages detailing the failure;
695 // once those are all added, we won't need a generic failure message here
696 return OTS_FAILURE_MSG_TAG("failed to parse table", table_parsers[i].tag);
697 }
698 } else if (action == ots::TABLE_ACTION_SANITIZE) {
699 table_parsers[i].reuse(font, ot->second.first);
700 }
701 }
702
703 if (font->cff) {
704 // font with PostScript glyph
705 if (font->version != OTS_TAG('O','T','T','O')) {
706 return OTS_FAILURE_MSG_HDR("wrong font version for PostScript glyph data");
707 }
708 if (font->glyf || font->loca) {
709 // mixing outline formats is not recommended
710 return OTS_FAILURE_MSG_HDR("font contains both PS and TT glyphs");
711 }
712 } else {
713 if (!font->glyf || !font->loca) {
714 // No TrueType glyph found.
715 #define PASSTHRU_TABLE(tag_) (table_map.find(tag_) != table_map.end() && \
716 GetTableAction(header, tag_) == ots::TABLE_ACTION_PASSTHRU)
717 // We don't sanitise bitmap table, but don't reject bitmap-only fonts if
718 // we keep the tables.
719 if (!PASSTHRU_TABLE(OTS_TAG('C','B','D','T')) ||
720 !PASSTHRU_TABLE(OTS_TAG('C','B','L','C'))) {
721 return OTS_FAILURE_MSG_HDR("no supported glyph shapes table(s) present");
722 }
723 #undef PASSTHRU_TABLE
724 }
725 }
726
727 uint16_t num_output_tables = 0;
728 for (std::map<uint32_t, OpenTypeTable>::const_iterator it = table_map.begin();
729 it != table_map.end(); ++it) {
730 ots::TableAction action = GetTableAction(header, it->first);
731 if (action == ots::TABLE_ACTION_PASSTHRU) {
732 num_output_tables++;
733 } else {
734 for (unsigned i = 0; table_parsers[i].parse != NULL; ++i) {
735 if (table_parsers[i].tag == it->first &&
736 table_parsers[i].should_serialise(font)) {
737 num_output_tables++;
738 break;
739 }
740 }
741 }
742 }
743
744 uint16_t max_pow2 = 0;
745 while (1u << (max_pow2 + 1) <= num_output_tables) {
746 max_pow2++;
747 }
748 const uint16_t output_search_range = (1u << max_pow2) << 4;
749
750 // most of the errors here are highly unlikely - they'd only occur if the
751 // output stream returns a failure, e.g. lack of space to write
752 output->ResetChecksum();
753 if (!output->WriteU32(font->version) ||
754 !output->WriteU16(num_output_tables) ||
755 !output->WriteU16(output_search_range) ||
756 !output->WriteU16(max_pow2) ||
757 !output->WriteU16((num_output_tables << 4) - output_search_range)) {
758 return OTS_FAILURE_MSG_HDR("error writing output");
759 }
760 const uint32_t offset_table_chksum = output->chksum();
761
762 const size_t table_record_offset = output->Tell();
763 if (!output->Pad(16 * num_output_tables)) {
764 return OTS_FAILURE_MSG_HDR("error writing output");
765 }
766
767 std::vector<ots::OutputTable> out_tables;
768
769 size_t head_table_offset = 0;
770 for (std::map<uint32_t, OpenTypeTable>::const_iterator it = table_map.begin();
771 it != table_map.end(); ++it) {
772 uint32_t input_offset = it->second.offset;
773 const ots::TableMap::const_iterator ot = header->tables.find(input_offset);
774 if (ot != header->tables.end()) {
775 ots::OutputTable out = ot->second.second;
776 if (out.tag == OTS_TAG('h','e','a','d')) {
777 head_table_offset = out.offset;
778 }
779 out_tables.push_back(out);
780 } else {
781 ots::OutputTable out;
782 out.tag = it->first;
783 out.offset = output->Tell();
784
785 if (out.tag == OTS_TAG('h','e','a','d')) {
786 head_table_offset = out.offset;
787 }
788
789 ots::TableAction action = GetTableAction(header, it->first);
790 if (action == ots::TABLE_ACTION_PASSTHRU) {
791 output->ResetChecksum();
792 const uint8_t* table_data;
793 size_t table_length;
794
795 if (!GetTableData(data, it->second, &arena, &table_length, &table_data)) {
796 return OTS_FAILURE_MSG_HDR("Failed to uncompress table");
797 }
798
799 if (!output->Write(table_data, table_length)) {
800 return OTS_FAILURE_MSG_HDR("Failed to serialize table");
801 }
802
803 const size_t end_offset = output->Tell();
804 if (end_offset <= out.offset) {
805 // paranoid check. |end_offset| is supposed to be greater than the offset,
806 // as long as the Tell() interface is implemented correctly.
807 return OTS_FAILURE_MSG_HDR("error writing output");
808 }
809 out.length = end_offset - out.offset;
810
811 // align tables to four bytes
812 if (!output->Pad((4 - (end_offset & 3)) % 4)) {
813 return OTS_FAILURE_MSG_HDR("error writing output");
814 }
815 out.chksum = output->chksum();
816 out_tables.push_back(out);
817 header->tables[input_offset] = std::make_pair(font, out);
818 } else {
819 for (unsigned i = 0; table_parsers[i].parse != NULL; ++i) {
820 if (table_parsers[i].tag == it->first &&
821 table_parsers[i].should_serialise(font)) {
822 output->ResetChecksum();
823 if (!table_parsers[i].serialise(output, font)) {
824 return OTS_FAILURE_MSG_TAG("failed to serialize table", table_parsers[i].tag);
825 }
826
827 const size_t end_offset = output->Tell();
828 if (end_offset <= out.offset) {
829 // paranoid check. |end_offset| is supposed to be greater than the offset,
830 // as long as the Tell() interface is implemented correctly.
831 return OTS_FAILURE_MSG_HDR("error writing output");
832 }
833 out.length = end_offset - out.offset;
834
835 // align tables to four bytes
836 if (!output->Pad((4 - (end_offset & 3)) % 4)) {
837 return OTS_FAILURE_MSG_HDR("error writing output");
838 }
839 out.chksum = output->chksum();
840 out_tables.push_back(out);
841 header->tables[input_offset] = std::make_pair(font, out);
842
843 break;
844 }
845 }
846 }
847 }
848 }
849
850 const size_t end_of_file = output->Tell();
851
852 // Need to sort the output tables for inclusion in the file
853 std::sort(out_tables.begin(), out_tables.end());
854 if (!output->Seek(table_record_offset)) {
855 return OTS_FAILURE_MSG_HDR("error writing output");
856 }
857
858 output->ResetChecksum();
859 uint32_t tables_chksum = 0;
860 for (unsigned i = 0; i < out_tables.size(); ++i) {
861 if (!output->WriteU32(out_tables[i].tag) ||
862 !output->WriteU32(out_tables[i].chksum) ||
863 !output->WriteU32(out_tables[i].offset) ||
864 !output->WriteU32(out_tables[i].length)) {
865 return OTS_FAILURE_MSG_HDR("error writing output");
866 }
867 tables_chksum += out_tables[i].chksum;
868 }
869 const uint32_t table_record_chksum = output->chksum();
870
871 // http://www.microsoft.com/typography/otspec/otff.htm
872 const uint32_t file_chksum
873 = offset_table_chksum + tables_chksum + table_record_chksum;
874 const uint32_t chksum_magic = static_cast<uint32_t>(0xb1b0afba) - file_chksum;
875
876 // seek into the 'head' table and write in the checksum magic value
877 if (!head_table_offset) {
878 return OTS_FAILURE_MSG_HDR("internal error!");
879 }
880 if (!output->Seek(head_table_offset + 8)) {
881 return OTS_FAILURE_MSG_HDR("error writing output");
882 }
883 if (!output->WriteU32(chksum_magic)) {
884 return OTS_FAILURE_MSG_HDR("error writing output");
885 }
886
887 if (!output->Seek(end_of_file)) {
888 return OTS_FAILURE_MSG_HDR("error writing output");
889 }
890
891 return true;
892 }
893
894 } // namespace
895
896 namespace ots {
897
898 bool IsValidVersionTag(uint32_t tag) {
899 return tag == 0x000010000 ||
900 // OpenType fonts with CFF data have 'OTTO' tag.
901 tag == OTS_TAG('O','T','T','O') ||
902 // Older Mac fonts might have 'true' or 'typ1' tag.
903 tag == OTS_TAG('t','r','u','e') ||
904 tag == OTS_TAG('t','y','p','1');
905 }
906
907 bool OTSContext::Process(OTSStream *output,
908 const uint8_t *data,
909 size_t length,
910 uint32_t index) {
911 OpenTypeFile header;
912 Font font(&header);
913 header.context = this;
914
915 if (length < 4) {
916 return OTS_FAILURE_MSG_(&header, "file less than 4 bytes");
917 }
918
919 bool result;
920 if (data[0] == 'w' && data[1] == 'O' && data[2] == 'F' && data[3] == 'F') {
921 result = ProcessWOFF(&header, &font, output, data, length);
922 } else if (data[0] == 'w' && data[1] == 'O' && data[2] == 'F' && data[3] == '2') {
923 result = ProcessWOFF2(&header, &font, output, data, length);
924 } else if (data[0] == 't' && data[1] == 't' && data[2] == 'c' && data[3] == 'f') {
925 result = ProcessTTC(&header, output, data, length, index);
926 } else {
927 result = ProcessTTF(&header, &font, output, data, length);
928 }
929
930 return result;
931 }
932
933 } // namespace ots