Re-subimission of https://codereview.chromium.org/1041213003/
[chromium-blink-merge.git] / content / common / child_process_sandbox_support_impl_linux.cc
blob7c9ee4e5c53d57601d53a0a8e3e92f56f8773db2
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/common/child_process_sandbox_support_impl_linux.h"
7 #include <sys/stat.h>
9 #include <limits>
11 #include "base/basictypes.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/numerics/safe_conversions.h"
14 #include "base/pickle.h"
15 #include "base/posix/eintr_wrapper.h"
16 #include "base/posix/unix_domain_socket_linux.h"
17 #include "base/sys_byteorder.h"
18 #include "base/trace_event/trace_event.h"
19 #include "content/common/sandbox_linux/sandbox_linux.h"
20 #include "third_party/WebKit/public/platform/linux/WebFallbackFont.h"
21 #include "third_party/WebKit/public/platform/linux/WebFontRenderStyle.h"
23 namespace content {
25 void GetFallbackFontForCharacter(int32_t character,
26 const char* preferred_locale,
27 blink::WebFallbackFont* fallbackFont) {
28 TRACE_EVENT0("sandbox_ipc", "GetFontFamilyForCharacter");
30 Pickle request;
31 request.WriteInt(LinuxSandbox::METHOD_GET_FALLBACK_FONT_FOR_CHAR);
32 request.WriteInt(character);
33 request.WriteString(preferred_locale);
35 uint8_t buf[512];
36 const ssize_t n = UnixDomainSocket::SendRecvMsg(GetSandboxFD(), buf,
37 sizeof(buf), NULL, request);
39 std::string family_name;
40 std::string filename;
41 int fontconfigInterfaceId = 0;
42 int ttcIndex = 0;
43 bool isBold = false;
44 bool isItalic = false;
45 if (n != -1) {
46 Pickle reply(reinterpret_cast<char*>(buf), n);
47 PickleIterator pickle_iter(reply);
48 if (pickle_iter.ReadString(&family_name) &&
49 pickle_iter.ReadString(&filename) &&
50 pickle_iter.ReadInt(&fontconfigInterfaceId) &&
51 pickle_iter.ReadInt(&ttcIndex) &&
52 pickle_iter.ReadBool(&isBold) &&
53 pickle_iter.ReadBool(&isItalic)) {
54 fallbackFont->name = family_name;
55 fallbackFont->filename = filename;
56 fallbackFont->fontconfigInterfaceId = fontconfigInterfaceId;
57 fallbackFont->ttcIndex = ttcIndex;
58 fallbackFont->isBold = isBold;
59 fallbackFont->isItalic = isItalic;
64 void GetRenderStyleForStrike(const char* family,
65 int size_and_style,
66 blink::WebFontRenderStyle* out) {
67 TRACE_EVENT0("sandbox_ipc", "GetRenderStyleForStrike");
69 out->setDefaults();
71 if (size_and_style < 0)
72 return;
74 const bool bold = size_and_style & 1;
75 const bool italic = size_and_style & 2;
76 const int pixel_size = size_and_style >> 2;
77 if (pixel_size > std::numeric_limits<uint16>::max())
78 return;
80 Pickle request;
81 request.WriteInt(LinuxSandbox::METHOD_GET_STYLE_FOR_STRIKE);
82 request.WriteString(family);
83 request.WriteBool(bold);
84 request.WriteBool(italic);
85 request.WriteUInt16(pixel_size);
87 uint8_t buf[512];
88 const ssize_t n = UnixDomainSocket::SendRecvMsg(GetSandboxFD(), buf,
89 sizeof(buf), NULL, request);
90 if (n == -1)
91 return;
93 Pickle reply(reinterpret_cast<char*>(buf), n);
94 PickleIterator pickle_iter(reply);
95 int use_bitmaps, use_autohint, use_hinting, hint_style, use_antialias;
96 int use_subpixel_rendering, use_subpixel_positioning;
97 if (pickle_iter.ReadInt(&use_bitmaps) &&
98 pickle_iter.ReadInt(&use_autohint) &&
99 pickle_iter.ReadInt(&use_hinting) &&
100 pickle_iter.ReadInt(&hint_style) &&
101 pickle_iter.ReadInt(&use_antialias) &&
102 pickle_iter.ReadInt(&use_subpixel_rendering) &&
103 pickle_iter.ReadInt(&use_subpixel_positioning)) {
104 out->useBitmaps = use_bitmaps;
105 out->useAutoHint = use_autohint;
106 out->useHinting = use_hinting;
107 out->hintStyle = hint_style;
108 out->useAntiAlias = use_antialias;
109 out->useSubpixelRendering = use_subpixel_rendering;
110 out->useSubpixelPositioning = use_subpixel_positioning;
114 int MatchFontWithFallback(const std::string& face,
115 bool bold,
116 bool italic,
117 int charset,
118 PP_BrowserFont_Trusted_Family fallback_family) {
119 TRACE_EVENT0("sandbox_ipc", "MatchFontWithFallback");
121 Pickle request;
122 request.WriteInt(LinuxSandbox::METHOD_MATCH_WITH_FALLBACK);
123 request.WriteString(face);
124 request.WriteBool(bold);
125 request.WriteBool(italic);
126 request.WriteUInt32(charset);
127 request.WriteUInt32(fallback_family);
128 uint8_t reply_buf[64];
129 int fd = -1;
130 UnixDomainSocket::SendRecvMsg(GetSandboxFD(), reply_buf, sizeof(reply_buf),
131 &fd, request);
132 return fd;
135 bool GetFontTable(int fd, uint32_t table_tag, off_t offset,
136 uint8_t* output, size_t* output_length) {
137 if (offset < 0)
138 return false;
140 size_t data_length = 0; // the length of the file data.
141 off_t data_offset = 0; // the offset of the data in the file.
142 if (table_tag == 0) {
143 // Get the entire font file.
144 struct stat st;
145 if (fstat(fd, &st) < 0)
146 return false;
147 data_length = base::checked_cast<size_t>(st.st_size);
148 } else {
149 // Get a font table. Read the header to find its offset in the file.
150 uint16_t num_tables;
151 ssize_t n = HANDLE_EINTR(pread(fd, &num_tables, sizeof(num_tables),
152 4 /* skip the font type */));
153 if (n != sizeof(num_tables))
154 return false;
155 // Font data is stored in net (big-endian) order.
156 num_tables = base::NetToHost16(num_tables);
158 // Read the table directory.
159 static const size_t kTableEntrySize = 16;
160 const size_t directory_size = num_tables * kTableEntrySize;
161 scoped_ptr<uint8_t[]> table_entries(new uint8_t[directory_size]);
162 n = HANDLE_EINTR(pread(fd, table_entries.get(), directory_size,
163 12 /* skip the SFNT header */));
164 if (n != base::checked_cast<ssize_t>(directory_size))
165 return false;
167 for (uint16_t i = 0; i < num_tables; ++i) {
168 uint8_t* entry = table_entries.get() + i * kTableEntrySize;
169 uint32_t tag = *reinterpret_cast<uint32_t*>(entry);
170 if (tag == table_tag) {
171 // Font data is stored in net (big-endian) order.
172 data_offset =
173 base::NetToHost32(*reinterpret_cast<uint32_t*>(entry + 8));
174 data_length =
175 base::NetToHost32(*reinterpret_cast<uint32_t*>(entry + 12));
176 break;
181 if (!data_length)
182 return false;
183 // Clamp |offset| inside the allowable range. This allows the read to succeed
184 // but return 0 bytes.
185 offset = std::min(offset, base::checked_cast<off_t>(data_length));
186 // Make sure it's safe to add the data offset and the caller's logical offset.
187 // Define the maximum positive offset on 32 bit systems.
188 static const off_t kMaxPositiveOffset32 = 0x7FFFFFFF; // 2 GB - 1.
189 if ((offset > kMaxPositiveOffset32 / 2) ||
190 (data_offset > kMaxPositiveOffset32 / 2))
191 return false;
192 data_offset += offset;
193 data_length -= offset;
195 if (output) {
196 // 'output_length' holds the maximum amount of data the caller can accept.
197 data_length = std::min(data_length, *output_length);
198 ssize_t n = HANDLE_EINTR(pread(fd, output, data_length, data_offset));
199 if (n != base::checked_cast<ssize_t>(data_length))
200 return false;
202 *output_length = data_length;
204 return true;
207 } // namespace content