Revert 268405 "Make sure that ScratchBuffer::Allocate() always r..."
[chromium-blink-merge.git] / content / common / child_process_sandbox_support_impl_linux.cc
bloba810e5c42c005f2bb600ca27af2763ec7c3ebe25
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/common/child_process_sandbox_support_impl_linux.h"
7 #include <sys/stat.h>
9 #include "base/debug/trace_event.h"
10 #include "base/memory/scoped_ptr.h"
11 #include "base/numerics/safe_conversions.h"
12 #include "base/pickle.h"
13 #include "base/posix/eintr_wrapper.h"
14 #include "base/posix/unix_domain_socket_linux.h"
15 #include "base/sys_byteorder.h"
16 #include "content/common/sandbox_linux/sandbox_linux.h"
17 #include "third_party/WebKit/public/platform/linux/WebFontFamily.h"
18 #include "third_party/WebKit/public/platform/linux/WebFontRenderStyle.h"
20 namespace content {
22 void GetFontFamilyForCharacter(int32_t character,
23 const char* preferred_locale,
24 blink::WebFontFamily* family) {
25 TRACE_EVENT0("sandbox_ipc", "GetFontFamilyForCharacter");
27 Pickle request;
28 request.WriteInt(LinuxSandbox::METHOD_GET_FONT_FAMILY_FOR_CHAR);
29 request.WriteInt(character);
30 request.WriteString(preferred_locale);
32 uint8_t buf[512];
33 const ssize_t n = UnixDomainSocket::SendRecvMsg(GetSandboxFD(), buf,
34 sizeof(buf), NULL, request);
36 std::string family_name;
37 bool isBold = false;
38 bool isItalic = false;
39 if (n != -1) {
40 Pickle reply(reinterpret_cast<char*>(buf), n);
41 PickleIterator pickle_iter(reply);
42 if (reply.ReadString(&pickle_iter, &family_name) &&
43 reply.ReadBool(&pickle_iter, &isBold) &&
44 reply.ReadBool(&pickle_iter, &isItalic)) {
45 family->name = family_name;
46 family->isBold = isBold;
47 family->isItalic = isItalic;
52 void GetRenderStyleForStrike(const char* family, int sizeAndStyle,
53 blink::WebFontRenderStyle* out) {
54 TRACE_EVENT0("sandbox_ipc", "GetRenderStyleForStrike");
56 Pickle request;
57 request.WriteInt(LinuxSandbox::METHOD_GET_STYLE_FOR_STRIKE);
58 request.WriteString(family);
59 request.WriteInt(sizeAndStyle);
61 uint8_t buf[512];
62 const ssize_t n = UnixDomainSocket::SendRecvMsg(GetSandboxFD(), buf,
63 sizeof(buf), NULL, request);
65 out->setDefaults();
66 if (n == -1) {
67 return;
70 Pickle reply(reinterpret_cast<char*>(buf), n);
71 PickleIterator pickle_iter(reply);
72 int useBitmaps, useAutoHint, useHinting, hintStyle, useAntiAlias;
73 int useSubpixelRendering, useSubpixelPositioning;
74 if (reply.ReadInt(&pickle_iter, &useBitmaps) &&
75 reply.ReadInt(&pickle_iter, &useAutoHint) &&
76 reply.ReadInt(&pickle_iter, &useHinting) &&
77 reply.ReadInt(&pickle_iter, &hintStyle) &&
78 reply.ReadInt(&pickle_iter, &useAntiAlias) &&
79 reply.ReadInt(&pickle_iter, &useSubpixelRendering) &&
80 reply.ReadInt(&pickle_iter, &useSubpixelPositioning)) {
81 out->useBitmaps = useBitmaps;
82 out->useAutoHint = useAutoHint;
83 out->useHinting = useHinting;
84 out->hintStyle = hintStyle;
85 out->useAntiAlias = useAntiAlias;
86 out->useSubpixelRendering = useSubpixelRendering;
87 out->useSubpixelPositioning = useSubpixelPositioning;
91 int MatchFontWithFallback(const std::string& face,
92 bool bold,
93 bool italic,
94 int charset,
95 PP_BrowserFont_Trusted_Family fallback_family) {
96 TRACE_EVENT0("sandbox_ipc", "MatchFontWithFallback");
98 Pickle request;
99 request.WriteInt(LinuxSandbox::METHOD_MATCH_WITH_FALLBACK);
100 request.WriteString(face);
101 request.WriteBool(bold);
102 request.WriteBool(italic);
103 request.WriteUInt32(charset);
104 request.WriteUInt32(fallback_family);
105 uint8_t reply_buf[64];
106 int fd = -1;
107 UnixDomainSocket::SendRecvMsg(GetSandboxFD(), reply_buf, sizeof(reply_buf),
108 &fd, request);
109 return fd;
112 bool GetFontTable(int fd, uint32_t table_tag, off_t offset,
113 uint8_t* output, size_t* output_length) {
114 if (offset < 0)
115 return false;
117 size_t data_length = 0; // the length of the file data.
118 off_t data_offset = 0; // the offset of the data in the file.
119 if (table_tag == 0) {
120 // Get the entire font file.
121 struct stat st;
122 if (fstat(fd, &st) < 0)
123 return false;
124 data_length = base::checked_cast<size_t>(st.st_size);
125 } else {
126 // Get a font table. Read the header to find its offset in the file.
127 uint16_t num_tables;
128 ssize_t n = HANDLE_EINTR(pread(fd, &num_tables, sizeof(num_tables),
129 4 /* skip the font type */));
130 if (n != sizeof(num_tables))
131 return false;
132 // Font data is stored in net (big-endian) order.
133 num_tables = base::NetToHost16(num_tables);
135 // Read the table directory.
136 static const size_t kTableEntrySize = 16;
137 const size_t directory_size = num_tables * kTableEntrySize;
138 scoped_ptr<uint8_t[]> table_entries(new uint8_t[directory_size]);
139 n = HANDLE_EINTR(pread(fd, table_entries.get(), directory_size,
140 12 /* skip the SFNT header */));
141 if (n != base::checked_cast<ssize_t>(directory_size))
142 return false;
144 for (uint16_t i = 0; i < num_tables; ++i) {
145 uint8_t* entry = table_entries.get() + i * kTableEntrySize;
146 uint32_t tag = *reinterpret_cast<uint32_t*>(entry);
147 if (tag == table_tag) {
148 // Font data is stored in net (big-endian) order.
149 data_offset =
150 base::NetToHost32(*reinterpret_cast<uint32_t*>(entry + 8));
151 data_length =
152 base::NetToHost32(*reinterpret_cast<uint32_t*>(entry + 12));
153 break;
158 if (!data_length)
159 return false;
160 // Clamp |offset| inside the allowable range. This allows the read to succeed
161 // but return 0 bytes.
162 offset = std::min(offset, base::checked_cast<off_t>(data_length));
163 // Make sure it's safe to add the data offset and the caller's logical offset.
164 // Define the maximum positive offset on 32 bit systems.
165 static const off_t kMaxPositiveOffset32 = 0x7FFFFFFF; // 2 GB - 1.
166 if ((offset > kMaxPositiveOffset32 / 2) ||
167 (data_offset > kMaxPositiveOffset32 / 2))
168 return false;
169 data_offset += offset;
170 data_length -= offset;
172 if (output) {
173 // 'output_length' holds the maximum amount of data the caller can accept.
174 data_length = std::min(data_length, *output_length);
175 ssize_t n = HANDLE_EINTR(pread(fd, output, data_length, data_offset));
176 if (n != base::checked_cast<ssize_t>(data_length))
177 return false;
179 *output_length = data_length;
181 return true;
184 } // namespace content