michael@0: // Copyright (c) 2012 The Chromium Authors. All rights reserved. michael@0: // Use of this source code is governed by a BSD-style license that can be michael@0: // found in the LICENSE file. michael@0: michael@0: #include "cff.h" michael@0: michael@0: #include michael@0: #include michael@0: #include michael@0: michael@0: #include "cff_type2_charstring.h" michael@0: michael@0: // CFF - PostScript font program (Compact Font Format) table michael@0: // http://www.microsoft.com/typography/otspec/cff.htm michael@0: // http://www.microsoft.com/typography/otspec/cffspec.htm michael@0: michael@0: #define TABLE_NAME "CFF" michael@0: michael@0: namespace { michael@0: michael@0: enum DICT_OPERAND_TYPE { michael@0: DICT_OPERAND_INTEGER, michael@0: DICT_OPERAND_REAL, michael@0: DICT_OPERATOR, michael@0: }; michael@0: michael@0: enum DICT_DATA_TYPE { michael@0: DICT_DATA_TOPLEVEL, michael@0: DICT_DATA_FDARRAY, michael@0: }; michael@0: michael@0: enum FONT_FORMAT { michael@0: FORMAT_UNKNOWN, michael@0: FORMAT_CID_KEYED, michael@0: FORMAT_OTHER, // Including synthetic fonts michael@0: }; michael@0: michael@0: // see Appendix. A michael@0: const size_t kNStdString = 390; michael@0: michael@0: bool ReadOffset(ots::Buffer *table, uint8_t off_size, uint32_t *offset) { michael@0: if (off_size > 4) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: uint32_t tmp32 = 0; michael@0: for (unsigned i = 0; i < off_size; ++i) { michael@0: uint8_t tmp8 = 0; michael@0: if (!table->ReadU8(&tmp8)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: tmp32 <<= 8; michael@0: tmp32 += tmp8; michael@0: } michael@0: *offset = tmp32; michael@0: return true; michael@0: } michael@0: michael@0: bool ParseIndex(ots::Buffer *table, ots::CFFIndex *index) { michael@0: index->off_size = 0; michael@0: index->offsets.clear(); michael@0: michael@0: if (!table->ReadU16(&(index->count))) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (index->count == 0) { michael@0: // An empty INDEX. michael@0: index->offset_to_next = table->offset(); michael@0: return true; michael@0: } michael@0: michael@0: if (!table->ReadU8(&(index->off_size))) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if ((index->off_size == 0) || michael@0: (index->off_size > 4)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: const size_t array_size = (index->count + 1) * index->off_size; michael@0: // less than ((64k + 1) * 4), thus does not overflow. michael@0: const size_t object_data_offset = table->offset() + array_size; michael@0: // does not overflow too, since offset() <= 1GB. michael@0: michael@0: if (object_data_offset >= table->length()) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: for (unsigned i = 0; i <= index->count; ++i) { // '<=' is not a typo. michael@0: uint32_t rel_offset = 0; michael@0: if (!ReadOffset(table, index->off_size, &rel_offset)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (rel_offset < 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (i == 0 && rel_offset != 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: if (rel_offset > table->length()) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: // does not underflow. michael@0: if (object_data_offset > table->length() - (rel_offset - 1)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: index->offsets.push_back( michael@0: object_data_offset + (rel_offset - 1)); // less than length(), 1GB. michael@0: } michael@0: michael@0: for (unsigned i = 1; i < index->offsets.size(); ++i) { michael@0: // We allow consecutive identical offsets here for zero-length strings. michael@0: // See http://crbug.com/69341 for more details. michael@0: if (index->offsets[i] < index->offsets[i - 1]) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: } michael@0: michael@0: index->offset_to_next = index->offsets.back(); michael@0: return true; michael@0: } michael@0: michael@0: bool ParseNameData( michael@0: ots::Buffer *table, const ots::CFFIndex &index, std::string* out_name) { michael@0: uint8_t name[256] = {0}; michael@0: if (index.offsets.size() == 0) { // just in case. michael@0: return OTS_FAILURE(); michael@0: } michael@0: for (unsigned i = 1; i < index.offsets.size(); ++i) { michael@0: const size_t length = index.offsets[i] - index.offsets[i - 1]; michael@0: // font names should be no longer than 127 characters. michael@0: if (length > 127) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: table->set_offset(index.offsets[i - 1]); michael@0: if (!table->Read(name, length)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: for (size_t j = 0; j < length; ++j) { michael@0: // setting the first byte to NUL is allowed. michael@0: if (j == 0 && name[j] == 0) continue; michael@0: // non-ASCII characters are not recommended (except the first character). michael@0: if (name[j] < 33 || name[j] > 126) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: // [, ], ... are not allowed. michael@0: if (std::strchr("[](){}<>/% ", name[j])) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: } michael@0: } michael@0: michael@0: *out_name = reinterpret_cast(name); michael@0: return true; michael@0: } michael@0: michael@0: bool CheckOffset(const std::pair& operand, michael@0: size_t table_length) { michael@0: if (operand.second != DICT_OPERAND_INTEGER) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operand.first >= table_length) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: return true; michael@0: } michael@0: michael@0: bool CheckSid(const std::pair& operand, michael@0: size_t sid_max) { michael@0: if (operand.second != DICT_OPERAND_INTEGER) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operand.first > sid_max) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: return true; michael@0: } michael@0: michael@0: bool ParseDictDataBcd( michael@0: ots::Buffer *table, michael@0: std::vector > *operands) { michael@0: bool read_decimal_point = false; michael@0: bool read_e = false; michael@0: michael@0: uint8_t nibble = 0; michael@0: size_t count = 0; michael@0: while (true) { michael@0: if (!table->ReadU8(&nibble)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if ((nibble & 0xf0) == 0xf0) { michael@0: if ((nibble & 0xf) == 0xf) { michael@0: // TODO(yusukes): would be better to store actual double value, michael@0: // rather than the dummy integer. michael@0: operands->push_back(std::make_pair(static_cast(0), michael@0: DICT_OPERAND_REAL)); michael@0: return true; michael@0: } michael@0: return OTS_FAILURE(); michael@0: } michael@0: if ((nibble & 0x0f) == 0x0f) { michael@0: operands->push_back(std::make_pair(static_cast(0), michael@0: DICT_OPERAND_REAL)); michael@0: return true; michael@0: } michael@0: michael@0: // check number format michael@0: uint8_t nibbles[2]; michael@0: nibbles[0] = (nibble & 0xf0) >> 8; michael@0: nibbles[1] = (nibble & 0x0f); michael@0: for (unsigned i = 0; i < 2; ++i) { michael@0: if (nibbles[i] == 0xd) { // reserved number michael@0: return OTS_FAILURE(); michael@0: } michael@0: if ((nibbles[i] == 0xe) && // minus michael@0: ((count > 0) || (i > 0))) { michael@0: return OTS_FAILURE(); // minus sign should be the first character. michael@0: } michael@0: if (nibbles[i] == 0xa) { // decimal point michael@0: if (!read_decimal_point) { michael@0: read_decimal_point = true; michael@0: } else { michael@0: return OTS_FAILURE(); // two or more points. michael@0: } michael@0: } michael@0: if ((nibbles[i] == 0xb) || // E+ michael@0: (nibbles[i] == 0xc)) { // E- michael@0: if (!read_e) { michael@0: read_e = true; michael@0: } else { michael@0: return OTS_FAILURE(); // two or more E's. michael@0: } michael@0: } michael@0: } michael@0: ++count; michael@0: } michael@0: } michael@0: michael@0: bool ParseDictDataEscapedOperator( michael@0: ots::Buffer *table, michael@0: std::vector > *operands) { michael@0: uint8_t op = 0; michael@0: if (!table->ReadU8(&op)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: if ((op <= 14) || michael@0: (op >= 17 && op <= 23) || michael@0: (op >= 30 && op <= 38)) { michael@0: operands->push_back(std::make_pair((12U << 8) + op, DICT_OPERATOR)); michael@0: return true; michael@0: } michael@0: michael@0: // reserved area. michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: bool ParseDictDataNumber( michael@0: ots::Buffer *table, uint8_t b0, michael@0: std::vector > *operands) { michael@0: uint8_t b1 = 0; michael@0: uint8_t b2 = 0; michael@0: uint8_t b3 = 0; michael@0: uint8_t b4 = 0; michael@0: michael@0: switch (b0) { michael@0: case 28: // shortint michael@0: if (!table->ReadU8(&b1) || michael@0: !table->ReadU8(&b2)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: operands->push_back(std::make_pair( michael@0: static_cast((b1 << 8) + b2), DICT_OPERAND_INTEGER)); michael@0: return true; michael@0: michael@0: case 29: // longint michael@0: if (!table->ReadU8(&b1) || michael@0: !table->ReadU8(&b2) || michael@0: !table->ReadU8(&b3) || michael@0: !table->ReadU8(&b4)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: operands->push_back(std::make_pair( michael@0: static_cast((b1 << 24) + (b2 << 16) + (b3 << 8) + b4), michael@0: DICT_OPERAND_INTEGER)); michael@0: return true; michael@0: michael@0: case 30: // binary coded decimal michael@0: return ParseDictDataBcd(table, operands); michael@0: michael@0: default: michael@0: break; michael@0: } michael@0: michael@0: uint32_t result; michael@0: if (b0 >=32 && b0 <=246) { michael@0: result = b0 - 139; michael@0: } else if (b0 >=247 && b0 <= 250) { michael@0: if (!table->ReadU8(&b1)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: result = (b0 - 247) * 256 + b1 + 108; michael@0: } else if (b0 >= 251 && b0 <= 254) { michael@0: if (!table->ReadU8(&b1)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: result = -(b0 - 251) * 256 + b1 - 108; michael@0: } else { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: operands->push_back(std::make_pair(result, DICT_OPERAND_INTEGER)); michael@0: return true; michael@0: } michael@0: michael@0: bool ParseDictDataReadNext( michael@0: ots::Buffer *table, michael@0: std::vector > *operands) { michael@0: uint8_t op = 0; michael@0: if (!table->ReadU8(&op)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (op <= 21) { michael@0: if (op == 12) { michael@0: return ParseDictDataEscapedOperator(table, operands); michael@0: } michael@0: operands->push_back(std::make_pair( michael@0: static_cast(op), DICT_OPERATOR)); michael@0: return true; michael@0: } else if (op <= 27 || op == 31 || op == 255) { michael@0: // reserved area. michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: return ParseDictDataNumber(table, op, operands); michael@0: } michael@0: michael@0: bool ParsePrivateDictData( michael@0: const uint8_t *data, michael@0: size_t table_length, size_t offset, size_t dict_length, michael@0: DICT_DATA_TYPE type, ots::OpenTypeCFF *out_cff) { michael@0: ots::Buffer table(data + offset, dict_length); michael@0: std::vector > operands; michael@0: michael@0: // Since a Private DICT for FDArray might not have a Local Subr (e.g. Hiragino michael@0: // Kaku Gothic Std W8), we create an empty Local Subr here to match the size michael@0: // of FDArray the size of |local_subrs_per_font|. michael@0: if (type == DICT_DATA_FDARRAY) { michael@0: out_cff->local_subrs_per_font.push_back(new ots::CFFIndex); michael@0: } michael@0: michael@0: while (table.offset() < dict_length) { michael@0: if (!ParseDictDataReadNext(&table, &operands)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.empty()) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.size() > 48) { michael@0: // An operator may be preceded by up to a maximum of 48 operands. michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.back().second != DICT_OPERATOR) { michael@0: continue; michael@0: } michael@0: michael@0: // got operator michael@0: const uint32_t op = operands.back().first; michael@0: operands.pop_back(); michael@0: michael@0: switch (op) { michael@0: // array michael@0: case 6: // BlueValues michael@0: case 7: // OtherBlues michael@0: case 8: // FamilyBlues michael@0: case 9: // FamilyOtherBlues michael@0: case (12U << 8) + 12: // StemSnapH (delta) michael@0: case (12U << 8) + 13: // StemSnapV (delta) michael@0: if (operands.empty()) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: break; michael@0: michael@0: // number michael@0: case 10: // StdHW michael@0: case 11: // StdVW michael@0: case 20: // defaultWidthX michael@0: case 21: // nominalWidthX michael@0: case (12U << 8) + 9: // BlueScale michael@0: case (12U << 8) + 10: // BlueShift michael@0: case (12U << 8) + 11: // BlueFuzz michael@0: case (12U << 8) + 17: // LanguageGroup michael@0: case (12U << 8) + 18: // ExpansionFactor michael@0: case (12U << 8) + 19: // initialRandomSeed michael@0: if (operands.size() != 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: break; michael@0: michael@0: // Local Subrs INDEX, offset(self) michael@0: case 19: { michael@0: if (operands.size() != 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.back().second != DICT_OPERAND_INTEGER) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.back().first >= 1024 * 1024 * 1024) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.back().first + offset >= table_length) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: // parse "16. Local Subrs INDEX" michael@0: ots::Buffer cff_table(data, table_length); michael@0: cff_table.set_offset(operands.back().first + offset); michael@0: ots::CFFIndex *local_subrs_index = NULL; michael@0: if (type == DICT_DATA_FDARRAY) { michael@0: if (out_cff->local_subrs_per_font.empty()) { michael@0: return OTS_FAILURE(); // not reached. michael@0: } michael@0: local_subrs_index = out_cff->local_subrs_per_font.back(); michael@0: } else { // type == DICT_DATA_TOPLEVEL michael@0: if (out_cff->local_subrs) { michael@0: return OTS_FAILURE(); // two or more local_subrs? michael@0: } michael@0: local_subrs_index = new ots::CFFIndex; michael@0: out_cff->local_subrs = local_subrs_index; michael@0: } michael@0: if (!ParseIndex(&cff_table, local_subrs_index)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: break; michael@0: } michael@0: michael@0: // boolean michael@0: case (12U << 8) + 14: // ForceBold michael@0: if (operands.size() != 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.back().second != DICT_OPERAND_INTEGER) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.back().first >= 2) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: break; michael@0: michael@0: default: michael@0: return OTS_FAILURE(); michael@0: } michael@0: operands.clear(); michael@0: } michael@0: michael@0: return true; michael@0: } michael@0: michael@0: bool ParseDictData(const uint8_t *data, size_t table_length, michael@0: const ots::CFFIndex &index, size_t sid_max, michael@0: DICT_DATA_TYPE type, ots::OpenTypeCFF *out_cff) { michael@0: for (unsigned i = 1; i < index.offsets.size(); ++i) { michael@0: if (type == DICT_DATA_TOPLEVEL) { michael@0: out_cff->char_strings_array.push_back(new ots::CFFIndex); michael@0: } michael@0: size_t dict_length = index.offsets[i] - index.offsets[i - 1]; michael@0: ots::Buffer table(data + index.offsets[i - 1], dict_length); michael@0: michael@0: std::vector > operands; michael@0: michael@0: FONT_FORMAT font_format = FORMAT_UNKNOWN; michael@0: bool have_ros = false; michael@0: size_t glyphs = 0; michael@0: size_t charset_offset = 0; michael@0: michael@0: while (table.offset() < dict_length) { michael@0: if (!ParseDictDataReadNext(&table, &operands)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.empty()) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.size() > 48) { michael@0: // An operator may be preceded by up to a maximum of 48 operands. michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.back().second != DICT_OPERATOR) continue; michael@0: michael@0: // got operator michael@0: const uint32_t op = operands.back().first; michael@0: operands.pop_back(); michael@0: michael@0: switch (op) { michael@0: // SID michael@0: case 0: // version michael@0: case 1: // Notice michael@0: case 2: // Copyright michael@0: case 3: // FullName michael@0: case 4: // FamilyName michael@0: case (12U << 8) + 0: // Copyright michael@0: case (12U << 8) + 21: // PostScript michael@0: case (12U << 8) + 22: // BaseFontName michael@0: case (12U << 8) + 38: // FontName michael@0: if (operands.size() != 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (!CheckSid(operands.back(), sid_max)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: break; michael@0: michael@0: // array michael@0: case 5: // FontBBox michael@0: case 14: // XUID michael@0: case (12U << 8) + 7: // FontMatrix michael@0: case (12U << 8) + 23: // BaseFontBlend (delta) michael@0: if (operands.empty()) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: break; michael@0: michael@0: // number michael@0: case 13: // UniqueID michael@0: case (12U << 8) + 2: // ItalicAngle michael@0: case (12U << 8) + 3: // UnderlinePosition michael@0: case (12U << 8) + 4: // UnderlineThickness michael@0: case (12U << 8) + 5: // PaintType michael@0: case (12U << 8) + 8: // StrokeWidth michael@0: case (12U << 8) + 20: // SyntheticBase michael@0: if (operands.size() != 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: break; michael@0: case (12U << 8) + 31: // CIDFontVersion michael@0: case (12U << 8) + 32: // CIDFontRevision michael@0: case (12U << 8) + 33: // CIDFontType michael@0: case (12U << 8) + 34: // CIDCount michael@0: case (12U << 8) + 35: // UIDBase michael@0: if (operands.size() != 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (font_format != FORMAT_CID_KEYED) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: break; michael@0: case (12U << 8) + 6: // CharstringType michael@0: if (operands.size() != 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if(operands.back().second != DICT_OPERAND_INTEGER) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.back().first != 2) { michael@0: // We only support the "Type 2 Charstring Format." michael@0: // TODO(yusukes): Support Type 1 format? Is that still in use? michael@0: return OTS_FAILURE(); michael@0: } michael@0: break; michael@0: michael@0: // boolean michael@0: case (12U << 8) + 1: // isFixedPitch michael@0: if (operands.size() != 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.back().second != DICT_OPERAND_INTEGER) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.back().first >= 2) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: break; michael@0: michael@0: // offset(0) michael@0: case 15: // charset michael@0: if (operands.size() != 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.back().first <= 2) { michael@0: // predefined charset, ISOAdobe, Expert or ExpertSubset, is used. michael@0: break; michael@0: } michael@0: if (!CheckOffset(operands.back(), table_length)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (charset_offset) { michael@0: return OTS_FAILURE(); // multiple charset tables? michael@0: } michael@0: charset_offset = operands.back().first; michael@0: break; michael@0: michael@0: case 16: { // Encoding michael@0: if (operands.size() != 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.back().first <= 1) { michael@0: break; // predefined encoding, "Standard" or "Expert", is used. michael@0: } michael@0: if (!CheckOffset(operands.back(), table_length)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: // parse sub dictionary INDEX. michael@0: ots::Buffer cff_table(data, table_length); michael@0: cff_table.set_offset(operands.back().first); michael@0: uint8_t format = 0; michael@0: if (!cff_table.ReadU8(&format)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (format & 0x80) { michael@0: // supplemental encoding is not supported at the moment. michael@0: return OTS_FAILURE(); michael@0: } michael@0: // TODO(yusukes): support & parse supplemental encoding tables. michael@0: break; michael@0: } michael@0: michael@0: case 17: { // CharStrings michael@0: if (type != DICT_DATA_TOPLEVEL) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.size() != 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (!CheckOffset(operands.back(), table_length)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: // parse "14. CharStrings INDEX" michael@0: ots::Buffer cff_table(data, table_length); michael@0: cff_table.set_offset(operands.back().first); michael@0: ots::CFFIndex *charstring_index = out_cff->char_strings_array.back(); michael@0: if (!ParseIndex(&cff_table, charstring_index)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (charstring_index->count < 2) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (glyphs) { michael@0: return OTS_FAILURE(); // multiple charstring tables? michael@0: } michael@0: glyphs = charstring_index->count; michael@0: break; michael@0: } michael@0: michael@0: case (12U << 8) + 36: { // FDArray michael@0: if (type != DICT_DATA_TOPLEVEL) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.size() != 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (!CheckOffset(operands.back(), table_length)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: // parse sub dictionary INDEX. michael@0: ots::Buffer cff_table(data, table_length); michael@0: cff_table.set_offset(operands.back().first); michael@0: ots::CFFIndex sub_dict_index; michael@0: if (!ParseIndex(&cff_table, &sub_dict_index)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (!ParseDictData(data, table_length, michael@0: sub_dict_index, sid_max, DICT_DATA_FDARRAY, michael@0: out_cff)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (out_cff->font_dict_length != 0) { michael@0: return OTS_FAILURE(); // two or more FDArray found. michael@0: } michael@0: out_cff->font_dict_length = sub_dict_index.count; michael@0: break; michael@0: } michael@0: michael@0: case (12U << 8) + 37: { // FDSelect michael@0: if (type != DICT_DATA_TOPLEVEL) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.size() != 1) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (!CheckOffset(operands.back(), table_length)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: // parse FDSelect data structure michael@0: ots::Buffer cff_table(data, table_length); michael@0: cff_table.set_offset(operands.back().first); michael@0: uint8_t format = 0; michael@0: if (!cff_table.ReadU8(&format)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (format == 0) { michael@0: for (size_t j = 0; j < glyphs; ++j) { michael@0: uint8_t fd_index = 0; michael@0: if (!cff_table.ReadU8(&fd_index)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: (out_cff->fd_select)[j] = fd_index; michael@0: } michael@0: } else if (format == 3) { michael@0: uint16_t n_ranges = 0; michael@0: if (!cff_table.ReadU16(&n_ranges)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (n_ranges == 0) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: uint16_t last_gid = 0; michael@0: uint8_t fd_index = 0; michael@0: for (unsigned j = 0; j < n_ranges; ++j) { michael@0: uint16_t first = 0; // GID michael@0: if (!cff_table.ReadU16(&first)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: // Sanity checks. michael@0: if ((j == 0) && (first != 0)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if ((j != 0) && (last_gid >= first)) { michael@0: return OTS_FAILURE(); // not increasing order. michael@0: } michael@0: michael@0: // Copy the mapping to |out_cff->fd_select|. michael@0: if (j != 0) { michael@0: for (uint16_t k = last_gid; k < first; ++k) { michael@0: if (!out_cff->fd_select.insert( michael@0: std::make_pair(k, fd_index)).second) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: } michael@0: } michael@0: michael@0: if (!cff_table.ReadU8(&fd_index)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: last_gid = first; michael@0: // TODO(yusukes): check GID? michael@0: } michael@0: uint16_t sentinel = 0; michael@0: if (!cff_table.ReadU16(&sentinel)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (last_gid >= sentinel) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: for (uint16_t k = last_gid; k < sentinel; ++k) { michael@0: if (!out_cff->fd_select.insert( michael@0: std::make_pair(k, fd_index)).second) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: } michael@0: } else { michael@0: // unknown format michael@0: return OTS_FAILURE(); michael@0: } michael@0: break; michael@0: } michael@0: michael@0: // Private DICT (2 * number) michael@0: case 18: { michael@0: if (operands.size() != 2) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (operands.back().second != DICT_OPERAND_INTEGER) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: const uint32_t private_offset = operands.back().first; michael@0: operands.pop_back(); michael@0: if (operands.back().second != DICT_OPERAND_INTEGER) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: const uint32_t private_length = operands.back().first; michael@0: if (private_offset > table_length) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (private_length >= table_length) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (private_length + private_offset > table_length) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: // parse "15. Private DICT Data" michael@0: if (!ParsePrivateDictData(data, table_length, michael@0: private_offset, private_length, michael@0: type, out_cff)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: break; michael@0: } michael@0: michael@0: // ROS michael@0: case (12U << 8) + 30: michael@0: if (font_format != FORMAT_UNKNOWN) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: font_format = FORMAT_CID_KEYED; michael@0: if (operands.size() != 3) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: // check SIDs michael@0: operands.pop_back(); // ignore the first number. michael@0: if (!CheckSid(operands.back(), sid_max)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: operands.pop_back(); michael@0: if (!CheckSid(operands.back(), sid_max)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (have_ros) { michael@0: return OTS_FAILURE(); // multiple ROS tables? michael@0: } michael@0: have_ros = true; michael@0: break; michael@0: michael@0: default: michael@0: return OTS_FAILURE(); michael@0: } michael@0: operands.clear(); michael@0: michael@0: if (font_format == FORMAT_UNKNOWN) { michael@0: font_format = FORMAT_OTHER; michael@0: } michael@0: } michael@0: michael@0: // parse "13. Charsets" michael@0: if (charset_offset) { michael@0: ots::Buffer cff_table(data, table_length); michael@0: cff_table.set_offset(charset_offset); michael@0: uint8_t format = 0; michael@0: if (!cff_table.ReadU8(&format)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: switch (format) { michael@0: case 0: michael@0: for (unsigned j = 1 /* .notdef is omitted */; j < glyphs; ++j) { michael@0: uint16_t sid = 0; michael@0: if (!cff_table.ReadU16(&sid)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (!have_ros && (sid > sid_max)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: // TODO(yusukes): check CIDs when have_ros is true. michael@0: } michael@0: break; michael@0: michael@0: case 1: michael@0: case 2: { michael@0: uint32_t total = 1; // .notdef is omitted. michael@0: while (total < glyphs) { michael@0: uint16_t sid = 0; michael@0: if (!cff_table.ReadU16(&sid)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (!have_ros && (sid > sid_max)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: // TODO(yusukes): check CIDs when have_ros is true. michael@0: michael@0: if (format == 1) { michael@0: uint8_t left = 0; michael@0: if (!cff_table.ReadU8(&left)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: total += (left + 1); michael@0: } else { michael@0: uint16_t left = 0; michael@0: if (!cff_table.ReadU16(&left)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: total += (left + 1); michael@0: } michael@0: } michael@0: break; michael@0: } michael@0: michael@0: default: michael@0: return OTS_FAILURE(); michael@0: } michael@0: } michael@0: } michael@0: return true; michael@0: } michael@0: michael@0: } // namespace michael@0: michael@0: namespace ots { michael@0: michael@0: bool ots_cff_parse(OpenTypeFile *file, const uint8_t *data, size_t length) { michael@0: Buffer table(data, length); michael@0: michael@0: file->cff = new OpenTypeCFF; michael@0: file->cff->data = data; michael@0: file->cff->length = length; michael@0: file->cff->font_dict_length = 0; michael@0: file->cff->local_subrs = NULL; michael@0: michael@0: // parse "6. Header" in the Adobe Compact Font Format Specification michael@0: uint8_t major = 0; michael@0: uint8_t minor = 0; michael@0: uint8_t hdr_size = 0; michael@0: uint8_t off_size = 0; michael@0: if (!table.ReadU8(&major)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (!table.ReadU8(&minor)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (!table.ReadU8(&hdr_size)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (!table.ReadU8(&off_size)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if ((off_size == 0) || (off_size > 4)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: if ((major != 1) || michael@0: (minor != 0) || michael@0: (hdr_size != 4)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (hdr_size >= length) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: // parse "7. Name INDEX" michael@0: table.set_offset(hdr_size); michael@0: CFFIndex name_index; michael@0: if (!ParseIndex(&table, &name_index)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (!ParseNameData(&table, name_index, &(file->cff->name))) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: // parse "8. Top DICT INDEX" michael@0: table.set_offset(name_index.offset_to_next); michael@0: CFFIndex top_dict_index; michael@0: if (!ParseIndex(&table, &top_dict_index)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (name_index.count != top_dict_index.count) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: // parse "10. String INDEX" michael@0: table.set_offset(top_dict_index.offset_to_next); michael@0: CFFIndex string_index; michael@0: if (!ParseIndex(&table, &string_index)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: if (string_index.count >= 65000 - kNStdString) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: const size_t sid_max = string_index.count + kNStdString; michael@0: // string_index.count == 0 is allowed. michael@0: michael@0: // parse "9. Top DICT Data" michael@0: if (!ParseDictData(data, length, top_dict_index, michael@0: sid_max, DICT_DATA_TOPLEVEL, file->cff)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: // parse "16. Global Subrs INDEX" michael@0: table.set_offset(string_index.offset_to_next); michael@0: CFFIndex global_subrs_index; michael@0: if (!ParseIndex(&table, &global_subrs_index)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: michael@0: // Check if all fd_index in FDSelect are valid. michael@0: std::map::const_iterator iter; michael@0: std::map::const_iterator end = file->cff->fd_select.end(); michael@0: for (iter = file->cff->fd_select.begin(); iter != end; ++iter) { michael@0: if (iter->second >= file->cff->font_dict_length) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: } michael@0: michael@0: // Check if all charstrings (font hinting code for each glyph) are valid. michael@0: for (size_t i = 0; i < file->cff->char_strings_array.size(); ++i) { michael@0: if (!ValidateType2CharStringIndex(*(file->cff->char_strings_array.at(i)), michael@0: global_subrs_index, michael@0: file->cff->fd_select, michael@0: file->cff->local_subrs_per_font, michael@0: file->cff->local_subrs, michael@0: &table)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: } michael@0: michael@0: return true; michael@0: } michael@0: michael@0: bool ots_cff_should_serialise(OpenTypeFile *file) { michael@0: return file->cff != NULL; michael@0: } michael@0: michael@0: bool ots_cff_serialise(OTSStream *out, OpenTypeFile *file) { michael@0: // TODO(yusukes): would be better to transcode the data, michael@0: // rather than simple memcpy. michael@0: if (!out->Write(file->cff->data, file->cff->length)) { michael@0: return OTS_FAILURE(); michael@0: } michael@0: return true; michael@0: } michael@0: michael@0: void ots_cff_free(OpenTypeFile *file) { michael@0: if (file->cff) { michael@0: for (size_t i = 0; i < file->cff->char_strings_array.size(); ++i) { michael@0: delete (file->cff->char_strings_array)[i]; michael@0: } michael@0: for (size_t i = 0; i < file->cff->local_subrs_per_font.size(); ++i) { michael@0: delete (file->cff->local_subrs_per_font)[i]; michael@0: } michael@0: delete file->cff->local_subrs; michael@0: delete file->cff; michael@0: } michael@0: } michael@0: michael@0: } // namespace ots