1 /**************************************************************************** 2 * 3 * cidload.c 4 * 5 * CID-keyed Type1 font loader (body). 6 * 7 * Copyright (C) 1996-2022 by 8 * David Turner, Robert Wilhelm, and Werner Lemberg. 9 * 10 * This file is part of the FreeType project, and may only be used, 11 * modified, and distributed under the terms of the FreeType project 12 * license, LICENSE.TXT. By continuing to use, modify, or distribute 13 * this file you indicate that you have read the license and 14 * understand and accept it fully. 15 * 16 */ 17 18 19 #include <ft2build.h> 20 #include <freetype/internal/ftdebug.h> 21 #include FT_CONFIG_CONFIG_H 22 #include <freetype/ftmm.h> 23 #include <freetype/internal/t1types.h> 24 #include <freetype/internal/psaux.h> 25 26 #include "cidload.h" 27 28 #include "ciderrs.h" 29 30 31 /************************************************************************** 32 * 33 * The macro FT_COMPONENT is used in trace mode. It is an implicit 34 * parameter of the FT_TRACE() and FT_ERROR() macros, used to print/log 35 * messages during execution. 36 */ 37 #undef FT_COMPONENT 38 #define FT_COMPONENT cidload 39 40 41 /* read a single offset */ 42 FT_LOCAL_DEF( FT_ULong ) cid_get_offset(FT_Byte ** start,FT_UInt offsize)43 cid_get_offset( FT_Byte* *start, 44 FT_UInt offsize ) 45 { 46 FT_ULong result; 47 FT_Byte* p = *start; 48 49 50 for ( result = 0; offsize > 0; offsize-- ) 51 { 52 result <<= 8; 53 result |= *p++; 54 } 55 56 *start = p; 57 return result; 58 } 59 60 61 /*************************************************************************/ 62 /*************************************************************************/ 63 /***** *****/ 64 /***** TYPE 1 SYMBOL PARSING *****/ 65 /***** *****/ 66 /*************************************************************************/ 67 /*************************************************************************/ 68 69 70 static FT_Error cid_load_keyword(CID_Face face,CID_Loader * loader,const T1_Field keyword)71 cid_load_keyword( CID_Face face, 72 CID_Loader* loader, 73 const T1_Field keyword ) 74 { 75 FT_Error error; 76 CID_Parser* parser = &loader->parser; 77 FT_Byte* object; 78 void* dummy_object; 79 CID_FaceInfo cid = &face->cid; 80 81 82 /* if the keyword has a dedicated callback, call it */ 83 if ( keyword->type == T1_FIELD_TYPE_CALLBACK ) 84 { 85 FT_TRACE4(( " %s", keyword->ident )); 86 87 keyword->reader( (FT_Face)face, parser ); 88 error = parser->root.error; 89 goto Exit; 90 } 91 92 /* we must now compute the address of our target object */ 93 switch ( keyword->location ) 94 { 95 case T1_FIELD_LOCATION_CID_INFO: 96 object = (FT_Byte*)cid; 97 break; 98 99 case T1_FIELD_LOCATION_FONT_INFO: 100 object = (FT_Byte*)&cid->font_info; 101 break; 102 103 case T1_FIELD_LOCATION_FONT_EXTRA: 104 object = (FT_Byte*)&face->font_extra; 105 break; 106 107 case T1_FIELD_LOCATION_BBOX: 108 object = (FT_Byte*)&cid->font_bbox; 109 break; 110 111 default: 112 { 113 CID_FaceDict dict; 114 115 116 if ( parser->num_dict >= cid->num_dicts ) 117 { 118 FT_ERROR(( "cid_load_keyword: invalid use of `%s'\n", 119 keyword->ident )); 120 error = FT_THROW( Syntax_Error ); 121 goto Exit; 122 } 123 124 dict = cid->font_dicts + parser->num_dict; 125 switch ( keyword->location ) 126 { 127 case T1_FIELD_LOCATION_PRIVATE: 128 object = (FT_Byte*)&dict->private_dict; 129 break; 130 131 default: 132 object = (FT_Byte*)dict; 133 } 134 } 135 } 136 137 FT_TRACE4(( " %s", keyword->ident )); 138 139 dummy_object = object; 140 141 /* now, load the keyword data in the object's field(s) */ 142 if ( keyword->type == T1_FIELD_TYPE_INTEGER_ARRAY || 143 keyword->type == T1_FIELD_TYPE_FIXED_ARRAY ) 144 error = cid_parser_load_field_table( &loader->parser, keyword, 145 &dummy_object ); 146 else 147 error = cid_parser_load_field( &loader->parser, 148 keyword, &dummy_object ); 149 150 FT_TRACE4(( "\n" )); 151 152 Exit: 153 return error; 154 } 155 156 157 FT_CALLBACK_DEF( void ) cid_parse_font_matrix(CID_Face face,CID_Parser * parser)158 cid_parse_font_matrix( CID_Face face, 159 CID_Parser* parser ) 160 { 161 CID_FaceDict dict; 162 FT_Face root = (FT_Face)&face->root; 163 FT_Fixed temp[6]; 164 FT_Fixed temp_scale; 165 166 167 if ( parser->num_dict < face->cid.num_dicts ) 168 { 169 FT_Matrix* matrix; 170 FT_Vector* offset; 171 FT_Int result; 172 173 174 dict = face->cid.font_dicts + parser->num_dict; 175 matrix = &dict->font_matrix; 176 offset = &dict->font_offset; 177 178 /* input is scaled by 1000 to accommodate default FontMatrix */ 179 result = cid_parser_to_fixed_array( parser, 6, temp, 3 ); 180 181 if ( result < 6 ) 182 { 183 FT_ERROR(( "cid_parse_font_matrix: not enough matrix elements\n" )); 184 goto Exit; 185 } 186 187 FT_TRACE4(( " [%f %f %f %f %f %f]\n", 188 (double)temp[0] / 65536 / 1000, 189 (double)temp[1] / 65536 / 1000, 190 (double)temp[2] / 65536 / 1000, 191 (double)temp[3] / 65536 / 1000, 192 (double)temp[4] / 65536 / 1000, 193 (double)temp[5] / 65536 / 1000 )); 194 195 temp_scale = FT_ABS( temp[3] ); 196 197 if ( temp_scale == 0 ) 198 { 199 FT_ERROR(( "cid_parse_font_matrix: invalid font matrix\n" )); 200 goto Exit; 201 } 202 203 /* atypical case */ 204 if ( temp_scale != 0x10000L ) 205 { 206 /* set units per EM based on FontMatrix values */ 207 root->units_per_EM = (FT_UShort)FT_DivFix( 1000, temp_scale ); 208 209 temp[0] = FT_DivFix( temp[0], temp_scale ); 210 temp[1] = FT_DivFix( temp[1], temp_scale ); 211 temp[2] = FT_DivFix( temp[2], temp_scale ); 212 temp[4] = FT_DivFix( temp[4], temp_scale ); 213 temp[5] = FT_DivFix( temp[5], temp_scale ); 214 temp[3] = temp[3] < 0 ? -0x10000L : 0x10000L; 215 } 216 217 matrix->xx = temp[0]; 218 matrix->yx = temp[1]; 219 matrix->xy = temp[2]; 220 matrix->yy = temp[3]; 221 222 if ( !FT_Matrix_Check( matrix ) ) 223 { 224 FT_ERROR(( "t1_parse_font_matrix: invalid font matrix\n" )); 225 parser->root.error = FT_THROW( Invalid_File_Format ); 226 goto Exit; 227 } 228 229 /* note that the font offsets are expressed in integer font units */ 230 offset->x = temp[4] >> 16; 231 offset->y = temp[5] >> 16; 232 } 233 234 Exit: 235 return; 236 } 237 238 239 FT_CALLBACK_DEF( void ) parse_fd_array(CID_Face face,CID_Parser * parser)240 parse_fd_array( CID_Face face, 241 CID_Parser* parser ) 242 { 243 CID_FaceInfo cid = &face->cid; 244 FT_Memory memory = face->root.memory; 245 FT_Stream stream = parser->stream; 246 FT_Error error = FT_Err_Ok; 247 FT_Long num_dicts, max_dicts; 248 249 250 num_dicts = cid_parser_to_int( parser ); 251 if ( num_dicts < 0 || num_dicts > FT_INT_MAX ) 252 { 253 FT_ERROR(( "parse_fd_array: invalid number of dictionaries\n" )); 254 goto Exit; 255 } 256 257 FT_TRACE4(( " %ld\n", num_dicts )); 258 259 /* 260 * A single entry in the FDArray must (at least) contain the following 261 * structure elements. 262 * 263 * %ADOBeginFontDict 18 264 * X dict begin 13 265 * /FontMatrix [X X X X] 22 266 * /Private X dict begin 22 267 * end 4 268 * end 4 269 * %ADOEndFontDict 16 270 * 271 * This needs 18+13+22+22+4+4+16=99 bytes or more. Normally, you also 272 * need a `dup X' at the very beginning and a `put' at the end, so a 273 * rough guess using 100 bytes as the minimum is justified. 274 */ 275 max_dicts = (FT_Long)( stream->size / 100 ); 276 if ( num_dicts > max_dicts ) 277 { 278 FT_TRACE0(( "parse_fd_array: adjusting FDArray size" 279 " (from %ld to %ld)\n", 280 num_dicts, max_dicts )); 281 num_dicts = max_dicts; 282 } 283 284 if ( !cid->font_dicts ) 285 { 286 FT_UInt n; 287 288 289 if ( FT_NEW_ARRAY( cid->font_dicts, num_dicts ) ) 290 goto Exit; 291 292 cid->num_dicts = num_dicts; 293 294 /* set some default values (the same as for Type 1 fonts) */ 295 for ( n = 0; n < cid->num_dicts; n++ ) 296 { 297 CID_FaceDict dict = cid->font_dicts + n; 298 299 300 dict->private_dict.blue_shift = 7; 301 dict->private_dict.blue_fuzz = 1; 302 dict->private_dict.lenIV = 4; 303 dict->private_dict.expansion_factor = (FT_Fixed)( 0.06 * 0x10000L ); 304 dict->private_dict.blue_scale = (FT_Fixed)( 305 0.039625 * 0x10000L * 1000 ); 306 } 307 } 308 309 Exit: 310 return; 311 } 312 313 314 /* By mistake, `expansion_factor' appears both in PS_PrivateRec */ 315 /* and CID_FaceDictRec (both are public header files and can't */ 316 /* changed). We simply copy the value. */ 317 318 FT_CALLBACK_DEF( void ) parse_expansion_factor(CID_Face face,CID_Parser * parser)319 parse_expansion_factor( CID_Face face, 320 CID_Parser* parser ) 321 { 322 CID_FaceDict dict; 323 324 325 if ( parser->num_dict < face->cid.num_dicts ) 326 { 327 dict = face->cid.font_dicts + parser->num_dict; 328 329 dict->expansion_factor = cid_parser_to_fixed( parser, 0 ); 330 dict->private_dict.expansion_factor = dict->expansion_factor; 331 332 FT_TRACE4(( "%ld\n", dict->expansion_factor )); 333 } 334 335 return; 336 } 337 338 339 /* By mistake, `CID_FaceDictRec' doesn't contain a field for the */ 340 /* `FontName' keyword. FreeType doesn't need it, but it is nice */ 341 /* to catch it for producing better trace output. */ 342 343 FT_CALLBACK_DEF( void ) parse_font_name(CID_Face face,CID_Parser * parser)344 parse_font_name( CID_Face face, 345 CID_Parser* parser ) 346 { 347 #ifdef FT_DEBUG_LEVEL_TRACE 348 if ( parser->num_dict < face->cid.num_dicts ) 349 { 350 T1_TokenRec token; 351 FT_UInt len; 352 353 354 cid_parser_to_token( parser, &token ); 355 356 len = (FT_UInt)( token.limit - token.start ); 357 if ( len ) 358 FT_TRACE4(( " %.*s\n", len, token.start )); 359 else 360 FT_TRACE4(( " <no value>\n" )); 361 } 362 #else 363 FT_UNUSED( face ); 364 FT_UNUSED( parser ); 365 #endif 366 367 return; 368 } 369 370 371 static 372 const T1_FieldRec cid_field_records[] = 373 { 374 375 #include "cidtoken.h" 376 377 T1_FIELD_CALLBACK( "FDArray", parse_fd_array, 0 ) 378 T1_FIELD_CALLBACK( "FontMatrix", cid_parse_font_matrix, 0 ) 379 T1_FIELD_CALLBACK( "ExpansionFactor", parse_expansion_factor, 0 ) 380 T1_FIELD_CALLBACK( "FontName", parse_font_name, 0 ) 381 382 { 0, T1_FIELD_LOCATION_CID_INFO, T1_FIELD_TYPE_NONE, 0, 0, 0, 0, 0, 0 } 383 }; 384 385 386 static FT_Error cid_parse_dict(CID_Face face,CID_Loader * loader,FT_Byte * base,FT_ULong size)387 cid_parse_dict( CID_Face face, 388 CID_Loader* loader, 389 FT_Byte* base, 390 FT_ULong size ) 391 { 392 CID_Parser* parser = &loader->parser; 393 394 395 parser->root.cursor = base; 396 parser->root.limit = base + size; 397 parser->root.error = FT_Err_Ok; 398 399 { 400 FT_Byte* cur = base; 401 FT_Byte* limit = cur + size; 402 403 404 for (;;) 405 { 406 FT_Byte* newlimit; 407 408 409 parser->root.cursor = cur; 410 cid_parser_skip_spaces( parser ); 411 412 if ( parser->root.cursor >= limit ) 413 newlimit = limit - 1 - 17; 414 else 415 newlimit = parser->root.cursor - 17; 416 417 /* look for `%ADOBeginFontDict' */ 418 for ( ; cur < newlimit; cur++ ) 419 { 420 if ( *cur == '%' && 421 ft_strncmp( (char*)cur, "%ADOBeginFontDict", 17 ) == 0 ) 422 { 423 /* if /FDArray was found, then cid->num_dicts is > 0, and */ 424 /* we can start increasing parser->num_dict */ 425 if ( face->cid.num_dicts > 0 ) 426 { 427 parser->num_dict++; 428 429 #ifdef FT_DEBUG_LEVEL_TRACE 430 FT_TRACE4(( " FontDict %u", parser->num_dict )); 431 if ( parser->num_dict > face->cid.num_dicts ) 432 FT_TRACE4(( " (ignored)" )); 433 FT_TRACE4(( "\n" )); 434 #endif 435 } 436 } 437 } 438 439 cur = parser->root.cursor; 440 /* no error can occur in cid_parser_skip_spaces */ 441 if ( cur >= limit ) 442 break; 443 444 cid_parser_skip_PS_token( parser ); 445 if ( parser->root.cursor >= limit || parser->root.error ) 446 break; 447 448 /* look for immediates */ 449 if ( *cur == '/' && cur + 2 < limit ) 450 { 451 FT_UInt len; 452 453 454 cur++; 455 len = (FT_UInt)( parser->root.cursor - cur ); 456 457 if ( len > 0 && len < 22 ) 458 { 459 /* now compare the immediate name to the keyword table */ 460 T1_Field keyword = (T1_Field)cid_field_records; 461 462 463 for (;;) 464 { 465 FT_Byte* name; 466 467 468 name = (FT_Byte*)keyword->ident; 469 if ( !name ) 470 break; 471 472 if ( cur[0] == name[0] && 473 len == ft_strlen( (const char*)name ) ) 474 { 475 FT_UInt n; 476 477 478 for ( n = 1; n < len; n++ ) 479 if ( cur[n] != name[n] ) 480 break; 481 482 if ( n >= len ) 483 { 484 /* we found it - run the parsing callback */ 485 parser->root.error = cid_load_keyword( face, 486 loader, 487 keyword ); 488 if ( parser->root.error ) 489 return parser->root.error; 490 break; 491 } 492 } 493 keyword++; 494 } 495 } 496 } 497 498 cur = parser->root.cursor; 499 } 500 501 if ( !face->cid.num_dicts ) 502 { 503 FT_ERROR(( "cid_parse_dict: No font dictionary found\n" )); 504 return FT_THROW( Invalid_File_Format ); 505 } 506 } 507 508 return parser->root.error; 509 } 510 511 512 /* read the subrmap and the subrs of each font dict */ 513 static FT_Error cid_read_subrs(CID_Face face)514 cid_read_subrs( CID_Face face ) 515 { 516 CID_FaceInfo cid = &face->cid; 517 FT_Memory memory = face->root.memory; 518 FT_Stream stream = face->cid_stream; 519 FT_Error error; 520 FT_UInt n; 521 CID_Subrs subr; 522 FT_UInt max_offsets = 0; 523 FT_ULong* offsets = NULL; 524 PSAux_Service psaux = (PSAux_Service)face->psaux; 525 526 527 if ( FT_NEW_ARRAY( face->subrs, cid->num_dicts ) ) 528 goto Exit; 529 530 subr = face->subrs; 531 for ( n = 0; n < cid->num_dicts; n++, subr++ ) 532 { 533 CID_FaceDict dict = cid->font_dicts + n; 534 FT_Int lenIV = dict->private_dict.lenIV; 535 FT_UInt count, num_subrs = dict->num_subrs; 536 FT_ULong data_len; 537 FT_Byte* p; 538 539 540 if ( !num_subrs ) 541 continue; 542 543 /* reallocate offsets array if needed */ 544 if ( num_subrs + 1 > max_offsets ) 545 { 546 FT_UInt new_max = FT_PAD_CEIL( num_subrs + 1, 4 ); 547 548 549 if ( new_max <= max_offsets ) 550 { 551 error = FT_THROW( Syntax_Error ); 552 goto Fail; 553 } 554 555 if ( FT_QRENEW_ARRAY( offsets, max_offsets, new_max ) ) 556 goto Fail; 557 558 max_offsets = new_max; 559 } 560 561 /* read the subrmap's offsets */ 562 if ( FT_STREAM_SEEK( cid->data_offset + dict->subrmap_offset ) || 563 FT_FRAME_ENTER( ( num_subrs + 1 ) * dict->sd_bytes ) ) 564 goto Fail; 565 566 p = (FT_Byte*)stream->cursor; 567 for ( count = 0; count <= num_subrs; count++ ) 568 offsets[count] = cid_get_offset( &p, dict->sd_bytes ); 569 570 FT_FRAME_EXIT(); 571 572 /* offsets must be ordered */ 573 for ( count = 1; count <= num_subrs; count++ ) 574 if ( offsets[count - 1] > offsets[count] ) 575 { 576 FT_ERROR(( "cid_read_subrs: offsets are not ordered\n" )); 577 error = FT_THROW( Invalid_File_Format ); 578 goto Fail; 579 } 580 581 if ( offsets[num_subrs] > stream->size - cid->data_offset ) 582 { 583 FT_ERROR(( "cid_read_subrs: too large `subrs' offsets\n" )); 584 error = FT_THROW( Invalid_File_Format ); 585 goto Fail; 586 } 587 588 /* now, compute the size of subrs charstrings, */ 589 /* allocate, and read them */ 590 data_len = offsets[num_subrs] - offsets[0]; 591 592 if ( FT_QNEW_ARRAY( subr->code, num_subrs + 1 ) || 593 FT_QALLOC( subr->code[0], data_len ) ) 594 goto Fail; 595 596 if ( FT_STREAM_SEEK( cid->data_offset + offsets[0] ) || 597 FT_STREAM_READ( subr->code[0], data_len ) ) 598 goto Fail; 599 600 /* set up pointers */ 601 for ( count = 1; count <= num_subrs; count++ ) 602 { 603 FT_ULong len; 604 605 606 len = offsets[count] - offsets[count - 1]; 607 subr->code[count] = subr->code[count - 1] + len; 608 } 609 610 /* decrypt subroutines, but only if lenIV >= 0 */ 611 if ( lenIV >= 0 ) 612 { 613 for ( count = 0; count < num_subrs; count++ ) 614 { 615 FT_ULong len; 616 617 618 len = offsets[count + 1] - offsets[count]; 619 psaux->t1_decrypt( subr->code[count], len, 4330 ); 620 } 621 } 622 623 subr->num_subrs = (FT_Int)num_subrs; 624 } 625 626 Exit: 627 FT_FREE( offsets ); 628 return error; 629 630 Fail: 631 if ( face->subrs ) 632 { 633 for ( n = 0; n < cid->num_dicts; n++ ) 634 { 635 if ( face->subrs[n].code ) 636 FT_FREE( face->subrs[n].code[0] ); 637 638 FT_FREE( face->subrs[n].code ); 639 } 640 FT_FREE( face->subrs ); 641 } 642 goto Exit; 643 } 644 645 646 static void cid_init_loader(CID_Loader * loader,CID_Face face)647 cid_init_loader( CID_Loader* loader, 648 CID_Face face ) 649 { 650 FT_UNUSED( face ); 651 652 FT_ZERO( loader ); 653 } 654 655 656 static void cid_done_loader(CID_Loader * loader)657 cid_done_loader( CID_Loader* loader ) 658 { 659 CID_Parser* parser = &loader->parser; 660 661 662 /* finalize parser */ 663 cid_parser_done( parser ); 664 } 665 666 667 static FT_Error cid_hex_to_binary(FT_Byte * data,FT_ULong data_len,FT_ULong offset,CID_Face face,FT_ULong * data_written)668 cid_hex_to_binary( FT_Byte* data, 669 FT_ULong data_len, 670 FT_ULong offset, 671 CID_Face face, 672 FT_ULong* data_written ) 673 { 674 FT_Stream stream = face->root.stream; 675 FT_Error error; 676 677 FT_Byte buffer[256]; 678 FT_Byte *p, *plimit; 679 FT_Byte *d = data, *dlimit; 680 FT_Byte val; 681 682 FT_Bool upper_nibble, done; 683 684 685 if ( FT_STREAM_SEEK( offset ) ) 686 goto Exit; 687 688 dlimit = d + data_len; 689 p = buffer; 690 plimit = p; 691 692 upper_nibble = 1; 693 done = 0; 694 695 while ( d < dlimit ) 696 { 697 if ( p >= plimit ) 698 { 699 FT_ULong oldpos = FT_STREAM_POS(); 700 FT_ULong size = stream->size - oldpos; 701 702 703 if ( size == 0 ) 704 { 705 error = FT_THROW( Syntax_Error ); 706 goto Exit; 707 } 708 709 if ( FT_STREAM_READ( buffer, 256 > size ? size : 256 ) ) 710 goto Exit; 711 p = buffer; 712 plimit = p + FT_STREAM_POS() - oldpos; 713 } 714 715 if ( ft_isdigit( *p ) ) 716 val = (FT_Byte)( *p - '0' ); 717 else if ( *p >= 'a' && *p <= 'f' ) 718 val = (FT_Byte)( *p - 'a' + 10 ); 719 else if ( *p >= 'A' && *p <= 'F' ) 720 val = (FT_Byte)( *p - 'A' + 10 ); 721 else if ( *p == ' ' || 722 *p == '\t' || 723 *p == '\r' || 724 *p == '\n' || 725 *p == '\f' || 726 *p == '\0' ) 727 { 728 p++; 729 continue; 730 } 731 else if ( *p == '>' ) 732 { 733 val = 0; 734 done = 1; 735 } 736 else 737 { 738 error = FT_THROW( Syntax_Error ); 739 goto Exit; 740 } 741 742 if ( upper_nibble ) 743 *d = (FT_Byte)( val << 4 ); 744 else 745 { 746 *d = (FT_Byte)( *d + val ); 747 d++; 748 } 749 750 upper_nibble = (FT_Byte)( 1 - upper_nibble ); 751 752 if ( done ) 753 break; 754 755 p++; 756 } 757 758 error = FT_Err_Ok; 759 760 Exit: 761 *data_written = (FT_ULong)( d - data ); 762 return error; 763 } 764 765 766 FT_LOCAL_DEF( FT_Error ) cid_face_open(CID_Face face,FT_Int face_index)767 cid_face_open( CID_Face face, 768 FT_Int face_index ) 769 { 770 CID_Loader loader; 771 CID_Parser* parser; 772 FT_Memory memory = face->root.memory; 773 FT_Error error; 774 FT_UInt n; 775 776 CID_FaceInfo cid = &face->cid; 777 778 FT_ULong binary_length; 779 780 781 cid_init_loader( &loader, face ); 782 783 parser = &loader.parser; 784 error = cid_parser_new( parser, face->root.stream, face->root.memory, 785 (PSAux_Service)face->psaux ); 786 if ( error ) 787 goto Exit; 788 789 error = cid_parse_dict( face, &loader, 790 parser->postscript, 791 parser->postscript_len ); 792 if ( error ) 793 goto Exit; 794 795 if ( face_index < 0 ) 796 goto Exit; 797 798 if ( FT_NEW( face->cid_stream ) ) 799 goto Exit; 800 801 if ( parser->binary_length ) 802 { 803 if ( parser->binary_length > 804 face->root.stream->size - parser->data_offset ) 805 { 806 FT_TRACE0(( "cid_face_open: adjusting length of binary data\n" )); 807 FT_TRACE0(( " (from %lu to %lu bytes)\n", 808 parser->binary_length, 809 face->root.stream->size - parser->data_offset )); 810 parser->binary_length = face->root.stream->size - 811 parser->data_offset; 812 } 813 814 /* we must convert the data section from hexadecimal to binary */ 815 if ( FT_QALLOC( face->binary_data, parser->binary_length ) || 816 FT_SET_ERROR( cid_hex_to_binary( face->binary_data, 817 parser->binary_length, 818 parser->data_offset, 819 face, 820 &binary_length ) ) ) 821 goto Exit; 822 823 FT_Stream_OpenMemory( face->cid_stream, 824 face->binary_data, binary_length ); 825 cid->data_offset = 0; 826 } 827 else 828 { 829 *face->cid_stream = *face->root.stream; 830 cid->data_offset = loader.parser.data_offset; 831 } 832 833 /* sanity tests */ 834 835 if ( cid->gd_bytes == 0 ) 836 { 837 FT_ERROR(( "cid_face_open:" 838 " Invalid `GDBytes' value\n" )); 839 error = FT_THROW( Invalid_File_Format ); 840 goto Exit; 841 } 842 843 /* allow at most 32bit offsets */ 844 if ( cid->fd_bytes > 4 || cid->gd_bytes > 4 ) 845 { 846 FT_ERROR(( "cid_face_open:" 847 " Values of `FDBytes' or `GDBytes' larger than 4\n" )); 848 FT_ERROR(( " " 849 " are not supported\n" )); 850 error = FT_THROW( Invalid_File_Format ); 851 goto Exit; 852 } 853 854 binary_length = face->cid_stream->size - cid->data_offset; 855 856 if ( cid->cidmap_offset > binary_length ) 857 { 858 FT_ERROR(( "cid_face_open: Invalid `CIDMapOffset' value\n" )); 859 error = FT_THROW( Invalid_File_Format ); 860 goto Exit; 861 } 862 863 /* the initial pre-check prevents the multiplication overflow */ 864 if ( cid->cid_count > FT_ULONG_MAX / 8 || 865 cid->cid_count * ( cid->fd_bytes + cid->gd_bytes ) > 866 binary_length - cid->cidmap_offset ) 867 { 868 FT_ERROR(( "cid_face_open: Invalid `CIDCount' value\n" )); 869 error = FT_THROW( Invalid_File_Format ); 870 goto Exit; 871 } 872 873 874 for ( n = 0; n < cid->num_dicts; n++ ) 875 { 876 CID_FaceDict dict = cid->font_dicts + n; 877 878 879 /* the upper limits are ad-hoc values */ 880 if ( dict->private_dict.blue_shift > 1000 || 881 dict->private_dict.blue_shift < 0 ) 882 { 883 FT_TRACE2(( "cid_face_open:" 884 " setting unlikely BlueShift value %d to default (7)\n", 885 dict->private_dict.blue_shift )); 886 dict->private_dict.blue_shift = 7; 887 } 888 889 if ( dict->private_dict.blue_fuzz > 1000 || 890 dict->private_dict.blue_fuzz < 0 ) 891 { 892 FT_TRACE2(( "cid_face_open:" 893 " setting unlikely BlueFuzz value %d to default (1)\n", 894 dict->private_dict.blue_fuzz )); 895 dict->private_dict.blue_fuzz = 1; 896 } 897 898 if ( dict->num_subrs && dict->sd_bytes == 0 ) 899 { 900 FT_ERROR(( "cid_face_open: Invalid `SDBytes' value\n" )); 901 error = FT_THROW( Invalid_File_Format ); 902 goto Exit; 903 } 904 905 if ( dict->sd_bytes > 4 ) 906 { 907 FT_ERROR(( "cid_face_open:" 908 " Values of `SDBytes' larger than 4" 909 " are not supported\n" )); 910 error = FT_THROW( Invalid_File_Format ); 911 goto Exit; 912 } 913 914 if ( dict->subrmap_offset > binary_length ) 915 { 916 FT_ERROR(( "cid_face_open: Invalid `SubrMapOffset' value\n" )); 917 error = FT_THROW( Invalid_File_Format ); 918 goto Exit; 919 } 920 921 /* the initial pre-check prevents the multiplication overflow */ 922 if ( dict->num_subrs > FT_UINT_MAX / 4 || 923 dict->num_subrs * dict->sd_bytes > 924 binary_length - dict->subrmap_offset ) 925 { 926 FT_ERROR(( "cid_face_open: Invalid `SubrCount' value\n" )); 927 error = FT_THROW( Invalid_File_Format ); 928 goto Exit; 929 } 930 } 931 932 /* we can now safely proceed */ 933 error = cid_read_subrs( face ); 934 935 Exit: 936 cid_done_loader( &loader ); 937 return error; 938 } 939 940 941 /* END */ 942