michael@0: // Copyright (c) 2009 The Chromium Authors. All rights reserved. michael@0: // Use of this source code is governed by a BSD-style license that can be michael@0: // found in the LICENSE file. michael@0: michael@0: #include "ots.h" michael@0: michael@0: #include michael@0: #include michael@0: michael@0: #include michael@0: #include michael@0: #include michael@0: #include michael@0: #include michael@0: #include michael@0: michael@0: #ifdef MOZ_OTS_WOFF2 michael@0: #include "woff2.h" michael@0: #endif michael@0: michael@0: // The OpenType Font File michael@0: // http://www.microsoft.com/typography/otspec/cmap.htm michael@0: michael@0: namespace { michael@0: michael@0: bool g_debug_output = true; michael@0: #ifdef MOZ_OTS_WOFF2 michael@0: bool g_enable_woff2 = false; michael@0: #endif michael@0: michael@0: ots::MessageFunc g_message_func = NULL; michael@0: void *g_message_user_data = NULL; michael@0: michael@0: ots::TableActionFunc g_table_action_func = NULL; michael@0: void *g_table_action_user_data = NULL; michael@0: michael@0: // Generate a message with or without a table tag, when 'header' is the OpenTypeFile pointer michael@0: #define OTS_FAILURE_MSG_TAG(msg_,tag_) OTS_FAILURE_MSG_TAG_(header, msg_, tag_) michael@0: #define OTS_FAILURE_MSG_HDR(msg_) OTS_FAILURE_MSG_(header, msg_) michael@0: michael@0: michael@0: struct OpenTypeTable { michael@0: uint32_t tag; michael@0: uint32_t chksum; michael@0: uint32_t offset; michael@0: uint32_t length; michael@0: uint32_t uncompressed_length; michael@0: }; michael@0: michael@0: bool CheckTag(uint32_t tag_value) { michael@0: for (unsigned i = 0; i < 4; ++i) { michael@0: const uint32_t check = tag_value & 0xff; michael@0: if (check < 32 || check > 126) { michael@0: return false; // non-ASCII character found. michael@0: } michael@0: tag_value >>= 8; michael@0: } michael@0: return true; michael@0: } michael@0: michael@0: uint32_t Tag(const char *tag_str) { michael@0: uint32_t ret; michael@0: std::memcpy(&ret, tag_str, 4); michael@0: return ret; michael@0: } michael@0: michael@0: struct OutputTable { michael@0: uint32_t tag; michael@0: size_t offset; michael@0: size_t length; michael@0: uint32_t chksum; michael@0: michael@0: static bool SortByTag(const OutputTable& a, const OutputTable& b) { michael@0: const uint32_t atag = ntohl(a.tag); michael@0: const uint32_t btag = ntohl(b.tag); michael@0: return atag < btag; michael@0: } michael@0: }; michael@0: michael@0: struct Arena { michael@0: public: michael@0: ~Arena() { michael@0: for (std::vector::iterator michael@0: i = hunks_.begin(); i != hunks_.end(); ++i) { michael@0: delete[] *i; michael@0: } michael@0: } michael@0: michael@0: uint8_t* Allocate(size_t length) { michael@0: uint8_t* p = new uint8_t[length]; michael@0: hunks_.push_back(p); michael@0: return p; michael@0: } michael@0: michael@0: private: michael@0: std::vector hunks_; michael@0: }; michael@0: michael@0: const struct { michael@0: const char* tag; michael@0: bool (*parse)(ots::OpenTypeFile *otf, const uint8_t *data, size_t length); michael@0: bool (*serialise)(ots::OTSStream *out, ots::OpenTypeFile *file); michael@0: bool (*should_serialise)(ots::OpenTypeFile *file); michael@0: void (*free)(ots::OpenTypeFile *file); michael@0: bool required; michael@0: } table_parsers[] = { michael@0: { "maxp", ots::ots_maxp_parse, ots::ots_maxp_serialise, michael@0: ots::ots_maxp_should_serialise, ots::ots_maxp_free, true }, michael@0: { "head", ots::ots_head_parse, ots::ots_head_serialise, michael@0: ots::ots_head_should_serialise, ots::ots_head_free, true }, michael@0: { "OS/2", ots::ots_os2_parse, ots::ots_os2_serialise, michael@0: ots::ots_os2_should_serialise, ots::ots_os2_free, true }, michael@0: { "cmap", ots::ots_cmap_parse, ots::ots_cmap_serialise, michael@0: ots::ots_cmap_should_serialise, ots::ots_cmap_free, true }, michael@0: { "hhea", ots::ots_hhea_parse, ots::ots_hhea_serialise, michael@0: ots::ots_hhea_should_serialise, ots::ots_hhea_free, true }, michael@0: { "hmtx", ots::ots_hmtx_parse, ots::ots_hmtx_serialise, michael@0: ots::ots_hmtx_should_serialise, ots::ots_hmtx_free, true }, michael@0: { "name", ots::ots_name_parse, ots::ots_name_serialise, michael@0: ots::ots_name_should_serialise, ots::ots_name_free, true }, michael@0: { "post", ots::ots_post_parse, ots::ots_post_serialise, michael@0: ots::ots_post_should_serialise, ots::ots_post_free, true }, michael@0: { "loca", ots::ots_loca_parse, ots::ots_loca_serialise, michael@0: ots::ots_loca_should_serialise, ots::ots_loca_free, false }, michael@0: { "glyf", ots::ots_glyf_parse, ots::ots_glyf_serialise, michael@0: ots::ots_glyf_should_serialise, ots::ots_glyf_free, false }, michael@0: { "CFF ", ots::ots_cff_parse, ots::ots_cff_serialise, michael@0: ots::ots_cff_should_serialise, ots::ots_cff_free, false }, michael@0: { "VDMX", ots::ots_vdmx_parse, ots::ots_vdmx_serialise, michael@0: ots::ots_vdmx_should_serialise, ots::ots_vdmx_free, false }, michael@0: { "hdmx", ots::ots_hdmx_parse, ots::ots_hdmx_serialise, michael@0: ots::ots_hdmx_should_serialise, ots::ots_hdmx_free, false }, michael@0: { "gasp", ots::ots_gasp_parse, ots::ots_gasp_serialise, michael@0: ots::ots_gasp_should_serialise, ots::ots_gasp_free, false }, michael@0: { "cvt ", ots::ots_cvt_parse, ots::ots_cvt_serialise, michael@0: ots::ots_cvt_should_serialise, ots::ots_cvt_free, false }, michael@0: { "fpgm", ots::ots_fpgm_parse, ots::ots_fpgm_serialise, michael@0: ots::ots_fpgm_should_serialise, ots::ots_fpgm_free, false }, michael@0: { "prep", ots::ots_prep_parse, ots::ots_prep_serialise, michael@0: ots::ots_prep_should_serialise, ots::ots_prep_free, false }, michael@0: { "LTSH", ots::ots_ltsh_parse, ots::ots_ltsh_serialise, michael@0: ots::ots_ltsh_should_serialise, ots::ots_ltsh_free, false }, michael@0: { "VORG", ots::ots_vorg_parse, ots::ots_vorg_serialise, michael@0: ots::ots_vorg_should_serialise, ots::ots_vorg_free, false }, michael@0: { "kern", ots::ots_kern_parse, ots::ots_kern_serialise, michael@0: ots::ots_kern_should_serialise, ots::ots_kern_free, false }, michael@0: // We need to parse GDEF table in advance of parsing GSUB/GPOS tables michael@0: // because they could refer GDEF table. michael@0: { "GDEF", ots::ots_gdef_parse, ots::ots_gdef_serialise, michael@0: ots::ots_gdef_should_serialise, ots::ots_gdef_free, false }, michael@0: { "GPOS", ots::ots_gpos_parse, ots::ots_gpos_serialise, michael@0: ots::ots_gpos_should_serialise, ots::ots_gpos_free, false }, michael@0: { "GSUB", ots::ots_gsub_parse, ots::ots_gsub_serialise, michael@0: ots::ots_gsub_should_serialise, ots::ots_gsub_free, false }, michael@0: { "vhea", ots::ots_vhea_parse, ots::ots_vhea_serialise, michael@0: ots::ots_vhea_should_serialise, ots::ots_vhea_free, false }, michael@0: { "vmtx", ots::ots_vmtx_parse, ots::ots_vmtx_serialise, michael@0: ots::ots_vmtx_should_serialise, ots::ots_vmtx_free, false }, michael@0: { "MATH", ots::ots_math_parse, ots::ots_math_serialise, michael@0: ots::ots_math_should_serialise, ots::ots_math_free, false }, michael@0: // TODO(bashi): Support mort, base, and jstf tables. michael@0: { 0, NULL, NULL, NULL, NULL, false }, michael@0: }; michael@0: michael@0: bool ProcessGeneric(ots::OpenTypeFile *header, michael@0: uint32_t signature, michael@0: ots::OTSStream *output, michael@0: const uint8_t *data, size_t length, michael@0: const std::vector& tables, michael@0: ots::Buffer& file); michael@0: michael@0: bool ProcessTTF(ots::OpenTypeFile *header, michael@0: ots::OTSStream *output, const uint8_t *data, size_t length) { michael@0: ots::Buffer file(data, length); michael@0: michael@0: // we disallow all files > 1GB in size for sanity. michael@0: if (length > 1024 * 1024 * 1024) { michael@0: return OTS_FAILURE_MSG_HDR("file exceeds 1GB"); michael@0: } michael@0: michael@0: if (!file.ReadTag(&header->version)) { michael@0: return OTS_FAILURE_MSG_HDR("error reading version tag"); michael@0: } michael@0: if (!ots::IsValidVersionTag(header->version)) { michael@0: return OTS_FAILURE_MSG_HDR("invalid version tag"); michael@0: } michael@0: michael@0: if (!file.ReadU16(&header->num_tables) || michael@0: !file.ReadU16(&header->search_range) || michael@0: !file.ReadU16(&header->entry_selector) || michael@0: !file.ReadU16(&header->range_shift)) { michael@0: return OTS_FAILURE_MSG_HDR("error reading table directory search header"); michael@0: } michael@0: michael@0: // search_range is (Maximum power of 2 <= numTables) x 16. Thus, to avoid michael@0: // overflow num_tables is, at most, 2^16 / 16 = 2^12 michael@0: if (header->num_tables >= 4096 || header->num_tables < 1) { michael@0: return OTS_FAILURE_MSG_HDR("excessive (or zero) number of tables"); michael@0: } michael@0: michael@0: unsigned max_pow2 = 0; michael@0: while (1u << (max_pow2 + 1) <= header->num_tables) { michael@0: max_pow2++; michael@0: } michael@0: const uint16_t expected_search_range = (1u << max_pow2) << 4; michael@0: michael@0: // Don't call ots_failure() here since ~25% of fonts (250+ fonts) in michael@0: // http://www.princexml.com/fonts/ have unexpected search_range value. michael@0: if (header->search_range != expected_search_range) { michael@0: OTS_WARNING("bad search range"); michael@0: header->search_range = expected_search_range; // Fix the value. michael@0: } michael@0: michael@0: // entry_selector is Log2(maximum power of 2 <= numTables) michael@0: if (header->entry_selector != max_pow2) { michael@0: return OTS_FAILURE_MSG_HDR("incorrect entrySelector for table directory"); michael@0: } michael@0: michael@0: // range_shift is NumTables x 16-searchRange. We know that 16*num_tables michael@0: // doesn't over flow because we range checked it above. Also, we know that michael@0: // it's > header->search_range by construction of search_range. michael@0: const uint32_t expected_range_shift michael@0: = 16 * header->num_tables - header->search_range; michael@0: if (header->range_shift != expected_range_shift) { michael@0: OTS_WARNING("bad range shift"); michael@0: header->range_shift = expected_range_shift; // the same as above. michael@0: } michael@0: michael@0: // Next up is the list of tables. michael@0: std::vector tables; michael@0: michael@0: for (unsigned i = 0; i < header->num_tables; ++i) { michael@0: OpenTypeTable table; michael@0: if (!file.ReadTag(&table.tag) || michael@0: !file.ReadU32(&table.chksum) || michael@0: !file.ReadU32(&table.offset) || michael@0: !file.ReadU32(&table.length)) { michael@0: return OTS_FAILURE_MSG_HDR("error reading table directory"); michael@0: } michael@0: michael@0: table.uncompressed_length = table.length; michael@0: tables.push_back(table); michael@0: } michael@0: michael@0: return ProcessGeneric(header, header->version, output, data, length, michael@0: tables, file); michael@0: } michael@0: michael@0: bool ProcessWOFF(ots::OpenTypeFile *header, michael@0: ots::OTSStream *output, const uint8_t *data, size_t length) { michael@0: ots::Buffer file(data, length); michael@0: michael@0: // we disallow all files > 1GB in size for sanity. michael@0: if (length > 1024 * 1024 * 1024) { michael@0: return OTS_FAILURE_MSG_HDR("file exceeds 1GB"); michael@0: } michael@0: michael@0: uint32_t woff_tag; michael@0: if (!file.ReadTag(&woff_tag)) { michael@0: return OTS_FAILURE_MSG_HDR("error reading WOFF marker"); michael@0: } michael@0: michael@0: if (woff_tag != Tag("wOFF")) { michael@0: return OTS_FAILURE_MSG_HDR("invalid WOFF marker"); michael@0: } michael@0: michael@0: if (!file.ReadTag(&header->version)) { michael@0: return OTS_FAILURE_MSG_HDR("error reading version tag"); michael@0: } michael@0: if (!ots::IsValidVersionTag(header->version)) { michael@0: return OTS_FAILURE_MSG_HDR("invalid version tag"); michael@0: } michael@0: michael@0: header->search_range = 0; michael@0: header->entry_selector = 0; michael@0: header->range_shift = 0; michael@0: michael@0: uint32_t reported_length; michael@0: if (!file.ReadU32(&reported_length) || length != reported_length) { michael@0: return OTS_FAILURE_MSG_HDR("incorrect file size in WOFF header"); michael@0: } michael@0: michael@0: if (!file.ReadU16(&header->num_tables) || !header->num_tables) { michael@0: return OTS_FAILURE_MSG_HDR("error reading number of tables"); michael@0: } michael@0: michael@0: uint16_t reserved_value; michael@0: if (!file.ReadU16(&reserved_value) || reserved_value) { michael@0: return OTS_FAILURE_MSG_HDR("error in reserved field of WOFF header"); michael@0: } michael@0: michael@0: uint32_t reported_total_sfnt_size; michael@0: if (!file.ReadU32(&reported_total_sfnt_size)) { michael@0: return OTS_FAILURE_MSG_HDR("error reading total sfnt size"); michael@0: } michael@0: michael@0: // We don't care about these fields of the header: michael@0: // uint16_t major_version, minor_version michael@0: if (!file.Skip(2 * 2)) { michael@0: return OTS_FAILURE_MSG_HDR("error skipping WOFF header fields"); michael@0: } michael@0: michael@0: // Checks metadata block size. michael@0: uint32_t meta_offset; michael@0: uint32_t meta_length; michael@0: uint32_t meta_length_orig; michael@0: if (!file.ReadU32(&meta_offset) || michael@0: !file.ReadU32(&meta_length) || michael@0: !file.ReadU32(&meta_length_orig)) { michael@0: return OTS_FAILURE_MSG_HDR("error reading WOFF header fields"); michael@0: } michael@0: if (meta_offset) { michael@0: if (meta_offset >= length || length - meta_offset < meta_length) { michael@0: return OTS_FAILURE_MSG_HDR("invalid metadata block location/size"); michael@0: } michael@0: } michael@0: michael@0: // Checks private data block size. michael@0: uint32_t priv_offset; michael@0: uint32_t priv_length; michael@0: if (!file.ReadU32(&priv_offset) || michael@0: !file.ReadU32(&priv_length)) { michael@0: return OTS_FAILURE_MSG_HDR("error reading WOFF header fields"); michael@0: } michael@0: if (priv_offset) { michael@0: if (priv_offset >= length || length - priv_offset < priv_length) { michael@0: return OTS_FAILURE_MSG_HDR("invalid private block location/size"); michael@0: } michael@0: } michael@0: michael@0: // Next up is the list of tables. michael@0: std::vector tables; michael@0: michael@0: uint32_t first_index = 0; michael@0: uint32_t last_index = 0; michael@0: // Size of sfnt header plus size of table records. michael@0: uint64_t total_sfnt_size = 12 + 16 * header->num_tables; michael@0: for (unsigned i = 0; i < header->num_tables; ++i) { michael@0: OpenTypeTable table; michael@0: if (!file.ReadTag(&table.tag) || michael@0: !file.ReadU32(&table.offset) || michael@0: !file.ReadU32(&table.length) || michael@0: !file.ReadU32(&table.uncompressed_length) || michael@0: !file.ReadU32(&table.chksum)) { michael@0: return OTS_FAILURE_MSG_HDR("error reading table directory"); michael@0: } michael@0: michael@0: total_sfnt_size += ots::Round4(table.uncompressed_length); michael@0: if (total_sfnt_size > std::numeric_limits::max()) { michael@0: return OTS_FAILURE_MSG_HDR("sfnt size overflow"); michael@0: } michael@0: tables.push_back(table); michael@0: if (i == 0 || tables[first_index].offset > table.offset) michael@0: first_index = i; michael@0: if (i == 0 || tables[last_index].offset < table.offset) michael@0: last_index = i; michael@0: } michael@0: michael@0: if (reported_total_sfnt_size != total_sfnt_size) { michael@0: return OTS_FAILURE_MSG_HDR("uncompressed sfnt size mismatch"); michael@0: } michael@0: michael@0: // Table data must follow immediately after the header. michael@0: if (tables[first_index].offset != ots::Round4(file.offset())) { michael@0: return OTS_FAILURE_MSG_HDR("junk before tables in WOFF file"); michael@0: } michael@0: michael@0: if (tables[last_index].offset >= length || michael@0: length - tables[last_index].offset < tables[last_index].length) { michael@0: return OTS_FAILURE_MSG_HDR("invalid table location/size"); michael@0: } michael@0: // Blocks must follow immediately after the previous block. michael@0: // (Except for padding with a maximum of three null bytes) michael@0: uint64_t block_end = ots::Round4( michael@0: static_cast(tables[last_index].offset) + michael@0: static_cast(tables[last_index].length)); michael@0: if (block_end > std::numeric_limits::max()) { michael@0: return OTS_FAILURE_MSG_HDR("invalid table location/size"); michael@0: } michael@0: if (meta_offset) { michael@0: if (block_end != meta_offset) { michael@0: return OTS_FAILURE_MSG_HDR("invalid metadata block location"); michael@0: } michael@0: block_end = ots::Round4(static_cast(meta_offset) + michael@0: static_cast(meta_length)); michael@0: if (block_end > std::numeric_limits::max()) { michael@0: return OTS_FAILURE_MSG_HDR("invalid metadata block size"); michael@0: } michael@0: } michael@0: if (priv_offset) { michael@0: if (block_end != priv_offset) { michael@0: return OTS_FAILURE_MSG_HDR("invalid private block location"); michael@0: } michael@0: block_end = ots::Round4(static_cast(priv_offset) + michael@0: static_cast(priv_length)); michael@0: if (block_end > std::numeric_limits::max()) { michael@0: return OTS_FAILURE_MSG_HDR("invalid private block size"); michael@0: } michael@0: } michael@0: if (block_end != ots::Round4(length)) { michael@0: return OTS_FAILURE_MSG_HDR("file length mismatch (trailing junk?)"); michael@0: } michael@0: michael@0: return ProcessGeneric(header, woff_tag, output, data, length, tables, file); michael@0: } michael@0: michael@0: #ifdef MOZ_OTS_WOFF2 michael@0: bool ProcessWOFF2(ots::OpenTypeFile *header, michael@0: ots::OTSStream *output, const uint8_t *data, size_t length) { michael@0: size_t decompressed_size = ots::ComputeWOFF2FinalSize(data, length); michael@0: if (decompressed_size == 0) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: // decompressed font must be <= 30MB michael@0: if (decompressed_size > 30 * 1024 * 1024) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: std::vector decompressed_buffer(decompressed_size); michael@0: if (!ots::ConvertWOFF2ToTTF(&decompressed_buffer[0], decompressed_size, michael@0: data, length)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: return ProcessTTF(header, output, &decompressed_buffer[0], decompressed_size); michael@0: } michael@0: #endif michael@0: michael@0: ots::TableAction GetTableAction(uint32_t tag) { michael@0: ots::TableAction action = ots::TABLE_ACTION_DEFAULT; michael@0: michael@0: if (g_table_action_func != NULL) { michael@0: action = g_table_action_func(htonl(tag), g_table_action_user_data); michael@0: } michael@0: michael@0: if (action == ots::TABLE_ACTION_DEFAULT) { michael@0: action = ots::TABLE_ACTION_DROP; michael@0: michael@0: for (unsigned i = 0; ; ++i) { michael@0: if (table_parsers[i].parse == NULL) break; michael@0: michael@0: if (Tag(table_parsers[i].tag) == tag) { michael@0: action = ots::TABLE_ACTION_SANITIZE; michael@0: break; michael@0: } michael@0: } michael@0: } michael@0: michael@0: assert(action != ots::TABLE_ACTION_DEFAULT); // Should never return this. michael@0: return action; michael@0: } michael@0: michael@0: bool GetTableData(const uint8_t *data, michael@0: const OpenTypeTable table, michael@0: Arena *arena, michael@0: size_t *table_length, michael@0: const uint8_t **table_data) { michael@0: if (table.uncompressed_length != table.length) { michael@0: // Compressed table. Need to uncompress into memory first. michael@0: *table_length = table.uncompressed_length; michael@0: *table_data = (*arena).Allocate(*table_length); michael@0: uLongf dest_len = *table_length; michael@0: int r = uncompress((Bytef*) *table_data, &dest_len, michael@0: data + table.offset, table.length); michael@0: if (r != Z_OK || dest_len != *table_length) { michael@0: return false; michael@0: } michael@0: } else { michael@0: // Uncompressed table. We can process directly from memory. michael@0: *table_data = data + table.offset; michael@0: *table_length = table.length; michael@0: } michael@0: michael@0: return true; michael@0: } michael@0: michael@0: bool ProcessGeneric(ots::OpenTypeFile *header, uint32_t signature, michael@0: ots::OTSStream *output, michael@0: const uint8_t *data, size_t length, michael@0: const std::vector& tables, michael@0: ots::Buffer& file) { michael@0: const size_t data_offset = file.offset(); michael@0: michael@0: uint32_t uncompressed_sum = 0; michael@0: michael@0: for (unsigned i = 0; i < header->num_tables; ++i) { michael@0: // the tables must be sorted by tag (when taken as big-endian numbers). michael@0: // This also remove the possibility of duplicate tables. michael@0: if (i) { michael@0: const uint32_t this_tag = ntohl(tables[i].tag); michael@0: const uint32_t prev_tag = ntohl(tables[i - 1].tag); michael@0: if (this_tag <= prev_tag) { michael@0: return OTS_FAILURE_MSG_HDR("table directory not correctly ordered"); michael@0: } michael@0: } michael@0: michael@0: // all tag names must be built from printable ASCII characters michael@0: if (!CheckTag(tables[i].tag)) { michael@0: return OTS_FAILURE_MSG_TAG("invalid table tag", &tables[i].tag); michael@0: } michael@0: michael@0: // tables must be 4-byte aligned michael@0: if (tables[i].offset & 3) { michael@0: return OTS_FAILURE_MSG_TAG("misaligned table", &tables[i].tag); michael@0: } michael@0: michael@0: // and must be within the file michael@0: if (tables[i].offset < data_offset || tables[i].offset >= length) { michael@0: return OTS_FAILURE_MSG_TAG("invalid table offset", &tables[i].tag); michael@0: } michael@0: // disallow all tables with a zero length michael@0: if (tables[i].length < 1) { michael@0: // Note: malayalam.ttf has zero length CVT table... michael@0: return OTS_FAILURE_MSG_TAG("zero-length table", &tables[i].tag); michael@0: } michael@0: // disallow all tables with a length > 1GB michael@0: if (tables[i].length > 1024 * 1024 * 1024) { michael@0: return OTS_FAILURE_MSG_TAG("table length exceeds 1GB", &tables[i].tag); michael@0: } michael@0: // disallow tables where the uncompressed size is < the compressed size. michael@0: if (tables[i].uncompressed_length < tables[i].length) { michael@0: return OTS_FAILURE_MSG_TAG("invalid compressed table", &tables[i].tag); michael@0: } michael@0: if (tables[i].uncompressed_length > tables[i].length) { michael@0: // We'll probably be decompressing this table. michael@0: michael@0: // disallow all tables which uncompress to > 30 MB michael@0: if (tables[i].uncompressed_length > 30 * 1024 * 1024) { michael@0: return OTS_FAILURE_MSG_TAG("uncompressed length exceeds 30MB", &tables[i].tag); michael@0: } michael@0: if (uncompressed_sum + tables[i].uncompressed_length < uncompressed_sum) { michael@0: return OTS_FAILURE_MSG_TAG("overflow of uncompressed sum", &tables[i].tag); michael@0: } michael@0: michael@0: uncompressed_sum += tables[i].uncompressed_length; michael@0: } michael@0: // since we required that the file be < 1GB in length, and that the table michael@0: // length is < 1GB, the following addtion doesn't overflow michael@0: uint32_t end_byte = tables[i].offset + tables[i].length; michael@0: // Tables in the WOFF file must be aligned 4-byte boundary. michael@0: if (signature == Tag("wOFF")) { michael@0: end_byte = ots::Round4(end_byte); michael@0: } michael@0: if (!end_byte || end_byte > length) { michael@0: return OTS_FAILURE_MSG_TAG("table overruns end of file", &tables[i].tag); michael@0: } michael@0: } michael@0: michael@0: // All decompressed tables uncompressed must be <= 30MB. michael@0: if (uncompressed_sum > 30 * 1024 * 1024) { michael@0: return OTS_FAILURE_MSG_HDR("uncompressed sum exceeds 30MB"); michael@0: } michael@0: michael@0: std::map table_map; michael@0: for (unsigned i = 0; i < header->num_tables; ++i) { michael@0: table_map[tables[i].tag] = tables[i]; michael@0: } michael@0: michael@0: // check that the tables are not overlapping. michael@0: std::vector > overlap_checker; michael@0: for (unsigned i = 0; i < header->num_tables; ++i) { michael@0: overlap_checker.push_back( michael@0: std::make_pair(tables[i].offset, static_cast(1) /* start */)); michael@0: overlap_checker.push_back( michael@0: std::make_pair(tables[i].offset + tables[i].length, michael@0: static_cast(0) /* end */)); michael@0: } michael@0: std::sort(overlap_checker.begin(), overlap_checker.end()); michael@0: int overlap_count = 0; michael@0: for (unsigned i = 0; i < overlap_checker.size(); ++i) { michael@0: overlap_count += (overlap_checker[i].second ? 1 : -1); michael@0: if (overlap_count > 1) { michael@0: return OTS_FAILURE_MSG_HDR("overlapping tables"); michael@0: } michael@0: } michael@0: michael@0: Arena arena; michael@0: michael@0: for (unsigned i = 0; ; ++i) { michael@0: if (table_parsers[i].parse == NULL) break; michael@0: michael@0: const std::map::const_iterator it michael@0: = table_map.find(Tag(table_parsers[i].tag)); michael@0: michael@0: ots::TableAction action = GetTableAction(Tag(table_parsers[i].tag)); michael@0: if (it == table_map.end()) { michael@0: if (table_parsers[i].required && action == ots::TABLE_ACTION_SANITIZE) { michael@0: return OTS_FAILURE_MSG_TAG("missing required table", table_parsers[i].tag); michael@0: } michael@0: continue; michael@0: } michael@0: michael@0: const uint8_t* table_data; michael@0: size_t table_length; michael@0: michael@0: if (!GetTableData(data, it->second, &arena, &table_length, &table_data)) { michael@0: return OTS_FAILURE_MSG_TAG("uncompress failed", table_parsers[i].tag); michael@0: } michael@0: michael@0: if (action == ots::TABLE_ACTION_SANITIZE && michael@0: !table_parsers[i].parse(header, table_data, table_length)) { michael@0: // TODO: parsers should generate specific messages detailing the failure; michael@0: // once those are all added, we won't need a generic failure message here michael@0: return OTS_FAILURE_MSG_TAG("failed to parse table", table_parsers[i].tag); michael@0: } michael@0: } michael@0: michael@0: if (header->cff) { michael@0: // font with PostScript glyph michael@0: if (header->version != Tag("OTTO")) { michael@0: return OTS_FAILURE_MSG_HDR("wrong font version for PostScript glyph data"); michael@0: } michael@0: if (header->glyf || header->loca) { michael@0: // mixing outline formats is not recommended michael@0: return OTS_FAILURE_MSG_HDR("font contains both PS and TT glyphs"); michael@0: } michael@0: } else { michael@0: if (!header->glyf || !header->loca) { michael@0: // No TrueType glyph found. michael@0: // Note: bitmap-only fonts are not supported. michael@0: return OTS_FAILURE_MSG_HDR("neither PS nor TT glyphs present"); michael@0: } michael@0: } michael@0: michael@0: unsigned num_output_tables = 0; michael@0: for (unsigned i = 0; ; ++i) { michael@0: if (table_parsers[i].parse == NULL) { michael@0: break; michael@0: } michael@0: michael@0: if (table_parsers[i].should_serialise(header)) { michael@0: num_output_tables++; michael@0: } michael@0: } michael@0: michael@0: for (std::map::const_iterator it = table_map.begin(); michael@0: it != table_map.end(); ++it) { michael@0: ots::TableAction action = GetTableAction(it->first); michael@0: if (action == ots::TABLE_ACTION_PASSTHRU) { michael@0: num_output_tables++; michael@0: } michael@0: } michael@0: michael@0: unsigned max_pow2 = 0; michael@0: while (1u << (max_pow2 + 1) <= num_output_tables) { michael@0: max_pow2++; michael@0: } michael@0: const uint16_t output_search_range = (1u << max_pow2) << 4; michael@0: michael@0: // most of the errors here are highly unlikely - they'd only occur if the michael@0: // output stream returns a failure, e.g. lack of space to write michael@0: output->ResetChecksum(); michael@0: if (!output->WriteTag(header->version) || michael@0: !output->WriteU16(num_output_tables) || michael@0: !output->WriteU16(output_search_range) || michael@0: !output->WriteU16(max_pow2) || michael@0: !output->WriteU16((num_output_tables << 4) - output_search_range)) { michael@0: return OTS_FAILURE_MSG_HDR("error writing output"); michael@0: } michael@0: const uint32_t offset_table_chksum = output->chksum(); michael@0: michael@0: const size_t table_record_offset = output->Tell(); michael@0: if (!output->Pad(16 * num_output_tables)) { michael@0: return OTS_FAILURE_MSG_HDR("error writing output"); michael@0: } michael@0: michael@0: std::vector out_tables; michael@0: michael@0: size_t head_table_offset = 0; michael@0: for (unsigned i = 0; ; ++i) { michael@0: if (table_parsers[i].parse == NULL) { michael@0: break; michael@0: } michael@0: michael@0: if (!table_parsers[i].should_serialise(header)) { michael@0: continue; michael@0: } michael@0: michael@0: OutputTable out; michael@0: uint32_t tag = Tag(table_parsers[i].tag); michael@0: out.tag = tag; michael@0: out.offset = output->Tell(); michael@0: michael@0: output->ResetChecksum(); michael@0: if (tag == Tag("head")) { michael@0: head_table_offset = out.offset; michael@0: } michael@0: if (!table_parsers[i].serialise(output, header)) { michael@0: return OTS_FAILURE_MSG_TAG("failed to serialize table", table_parsers[i].tag); michael@0: } michael@0: michael@0: const size_t end_offset = output->Tell(); michael@0: if (end_offset <= out.offset) { michael@0: // paranoid check. |end_offset| is supposed to be greater than the offset, michael@0: // as long as the Tell() interface is implemented correctly. michael@0: return OTS_FAILURE_MSG_HDR("error writing output"); michael@0: } michael@0: out.length = end_offset - out.offset; michael@0: michael@0: // align tables to four bytes michael@0: if (!output->Pad((4 - (end_offset & 3)) % 4)) { michael@0: return OTS_FAILURE_MSG_HDR("error writing output"); michael@0: } michael@0: out.chksum = output->chksum(); michael@0: out_tables.push_back(out); michael@0: } michael@0: michael@0: for (std::map::const_iterator it = table_map.begin(); michael@0: it != table_map.end(); ++it) { michael@0: ots::TableAction action = GetTableAction(it->first); michael@0: if (action == ots::TABLE_ACTION_PASSTHRU) { michael@0: OutputTable out; michael@0: out.tag = it->second.tag; michael@0: out.offset = output->Tell(); michael@0: michael@0: output->ResetChecksum(); michael@0: if (it->second.tag == Tag("head")) { michael@0: head_table_offset = out.offset; michael@0: } michael@0: michael@0: const uint8_t* table_data; michael@0: size_t table_length; michael@0: michael@0: if (!GetTableData(data, it->second, &arena, &table_length, &table_data)) { michael@0: return OTS_FAILURE_MSG_HDR("Failed to uncompress table"); michael@0: } michael@0: michael@0: if (!output->Write(table_data, table_length)) { michael@0: return OTS_FAILURE_MSG_HDR("Failed to serialize table"); michael@0: } michael@0: michael@0: const size_t end_offset = output->Tell(); michael@0: if (end_offset <= out.offset) { michael@0: // paranoid check. |end_offset| is supposed to be greater than the offset, michael@0: // as long as the Tell() interface is implemented correctly. michael@0: return OTS_FAILURE_MSG_HDR("error writing output"); michael@0: } michael@0: out.length = end_offset - out.offset; michael@0: michael@0: // align tables to four bytes michael@0: if (!output->Pad((4 - (end_offset & 3)) % 4)) { michael@0: return OTS_FAILURE_MSG_HDR("error writing output"); michael@0: } michael@0: out.chksum = output->chksum(); michael@0: out_tables.push_back(out); michael@0: } michael@0: } michael@0: michael@0: const size_t end_of_file = output->Tell(); michael@0: michael@0: // Need to sort the output tables for inclusion in the file michael@0: std::sort(out_tables.begin(), out_tables.end(), OutputTable::SortByTag); michael@0: if (!output->Seek(table_record_offset)) { michael@0: return OTS_FAILURE_MSG_HDR("error writing output"); michael@0: } michael@0: michael@0: output->ResetChecksum(); michael@0: uint32_t tables_chksum = 0; michael@0: for (unsigned i = 0; i < out_tables.size(); ++i) { michael@0: if (!output->WriteTag(out_tables[i].tag) || michael@0: !output->WriteU32(out_tables[i].chksum) || michael@0: !output->WriteU32(out_tables[i].offset) || michael@0: !output->WriteU32(out_tables[i].length)) { michael@0: return OTS_FAILURE_MSG_HDR("error writing output"); michael@0: } michael@0: tables_chksum += out_tables[i].chksum; michael@0: } michael@0: const uint32_t table_record_chksum = output->chksum(); michael@0: michael@0: // http://www.microsoft.com/typography/otspec/otff.htm michael@0: const uint32_t file_chksum michael@0: = offset_table_chksum + tables_chksum + table_record_chksum; michael@0: const uint32_t chksum_magic = static_cast(0xb1b0afba) - file_chksum; michael@0: michael@0: // seek into the 'head' table and write in the checksum magic value michael@0: if (!head_table_offset) { michael@0: return OTS_FAILURE_MSG_HDR("internal error!"); michael@0: } michael@0: if (!output->Seek(head_table_offset + 8)) { michael@0: return OTS_FAILURE_MSG_HDR("error writing output"); michael@0: } michael@0: if (!output->WriteU32(chksum_magic)) { michael@0: return OTS_FAILURE_MSG_HDR("error writing output"); michael@0: } michael@0: michael@0: if (!output->Seek(end_of_file)) { michael@0: return OTS_FAILURE_MSG_HDR("error writing output"); michael@0: } michael@0: michael@0: return true; michael@0: } michael@0: michael@0: } // namespace michael@0: michael@0: namespace ots { michael@0: michael@0: bool IsValidVersionTag(uint32_t tag) { michael@0: return tag == Tag("\x00\x01\x00\x00") || michael@0: // OpenType fonts with CFF data have 'OTTO' tag. michael@0: tag == Tag("OTTO") || michael@0: // Older Mac fonts might have 'true' or 'typ1' tag. michael@0: tag == Tag("true") || michael@0: tag == Tag("typ1"); michael@0: } michael@0: michael@0: void DisableDebugOutput() { michael@0: g_debug_output = false; michael@0: } michael@0: michael@0: #ifdef MOZ_OTS_WOFF2 michael@0: void EnableWOFF2() { michael@0: g_enable_woff2 = true; michael@0: } michael@0: #endif michael@0: michael@0: void SetMessageCallback(MessageFunc func, void *user_data) { michael@0: g_message_func = func; michael@0: g_message_user_data = user_data; michael@0: } michael@0: michael@0: void SetTableActionCallback(TableActionFunc func, void *user_data) { michael@0: g_table_action_func = func; michael@0: g_table_action_user_data = user_data; michael@0: } michael@0: michael@0: bool Process(OTSStream *output, const uint8_t *data, size_t length) { michael@0: OpenTypeFile header; michael@0: michael@0: header.message_func = g_message_func; michael@0: header.user_data = g_message_user_data; michael@0: michael@0: if (length < 4) { michael@0: return OTS_FAILURE_MSG_(&header, "file less than 4 bytes"); michael@0: } michael@0: michael@0: bool result; michael@0: if (data[0] == 'w' && data[1] == 'O' && data[2] == 'F' && data[3] == 'F') { michael@0: result = ProcessWOFF(&header, output, data, length); michael@0: #ifdef MOZ_OTS_WOFF2 michael@0: } else if (g_enable_woff2 && michael@0: data[0] == 'w' && data[1] == 'O' && data[2] == 'F' && michael@0: data[3] == '2') { michael@0: result = ProcessWOFF2(&header, output, data, length); michael@0: #endif michael@0: } else { michael@0: result = ProcessTTF(&header, output, data, length); michael@0: } michael@0: michael@0: for (unsigned i = 0; ; ++i) { michael@0: if (table_parsers[i].parse == NULL) break; michael@0: table_parsers[i].free(&header); michael@0: } michael@0: return result; michael@0: } michael@0: michael@0: #if !defined(_MSC_VER) && defined(OTS_DEBUG) michael@0: bool Failure(const char *f, int l, const char *fn) { michael@0: if (g_debug_output) { michael@0: std::fprintf(stderr, "ERROR at %s:%d (%s)\n", f, l, fn); michael@0: std::fflush(stderr); michael@0: } michael@0: return false; michael@0: } michael@0: michael@0: void Warning(const char *f, int l, const char *format, ...) { michael@0: if (g_debug_output) { michael@0: std::fprintf(stderr, "WARNING at %s:%d: ", f, l); michael@0: std::va_list va; michael@0: va_start(va, format); michael@0: std::vfprintf(stderr, format, va); michael@0: va_end(va); michael@0: std::fprintf(stderr, "\n"); michael@0: std::fflush(stderr); michael@0: } michael@0: } michael@0: #endif michael@0: michael@0: } // namespace ots