1 /**************************************************************************** 2 * 3 * t1parse.c 4 * 5 * Type 1 parser (body). 6 * 7 * Copyright (C) 1996-2020 by 8 * David Turner, Robert Wilhelm, and Werner Lemberg. 9 * 10 * This file is part of the FreeType project, and may only be used, 11 * modified, and distributed under the terms of the FreeType project 12 * license, LICENSE.TXT. By continuing to use, modify, or distribute 13 * this file you indicate that you have read the license and 14 * understand and accept it fully. 15 * 16 */ 17 18 19 /************************************************************************** 20 * 21 * The Type 1 parser is in charge of the following: 22 * 23 * - provide an implementation of a growing sequence of objects called 24 * a `T1_Table' (used to build various tables needed by the loader). 25 * 26 * - opening .pfb and .pfa files to extract their top-level and private 27 * dictionaries. 28 * 29 * - read numbers, arrays & strings from any dictionary. 30 * 31 * See `t1load.c' to see how data is loaded from the font file. 32 * 33 */ 34 35 36 #include <freetype/internal/ftdebug.h> 37 #include <freetype/internal/ftstream.h> 38 #include <freetype/internal/psaux.h> 39 40 #include "t1parse.h" 41 42 #include "t1errors.h" 43 44 45 /************************************************************************** 46 * 47 * The macro FT_COMPONENT is used in trace mode. It is an implicit 48 * parameter of the FT_TRACE() and FT_ERROR() macros, used to print/log 49 * messages during execution. 50 */ 51 #undef FT_COMPONENT 52 #define FT_COMPONENT t1parse 53 54 55 /*************************************************************************/ 56 /*************************************************************************/ 57 /*************************************************************************/ 58 /***** *****/ 59 /***** INPUT STREAM PARSER *****/ 60 /***** *****/ 61 /*************************************************************************/ 62 /*************************************************************************/ 63 /*************************************************************************/ 64 65 66 /* see Adobe Technical Note 5040.Download_Fonts.pdf */ 67 68 static FT_Error read_pfb_tag(FT_Stream stream,FT_UShort * atag,FT_ULong * asize)69 read_pfb_tag( FT_Stream stream, 70 FT_UShort *atag, 71 FT_ULong *asize ) 72 { 73 FT_Error error; 74 FT_UShort tag; 75 FT_ULong size; 76 77 78 *atag = 0; 79 *asize = 0; 80 81 if ( !FT_READ_USHORT( tag ) ) 82 { 83 if ( tag == 0x8001U || tag == 0x8002U ) 84 { 85 if ( !FT_READ_ULONG_LE( size ) ) 86 *asize = size; 87 } 88 89 *atag = tag; 90 } 91 92 return error; 93 } 94 95 96 static FT_Error check_type1_format(FT_Stream stream,const char * header_string,size_t header_length)97 check_type1_format( FT_Stream stream, 98 const char* header_string, 99 size_t header_length ) 100 { 101 FT_Error error; 102 FT_UShort tag; 103 FT_ULong dummy; 104 105 106 if ( FT_STREAM_SEEK( 0 ) ) 107 goto Exit; 108 109 error = read_pfb_tag( stream, &tag, &dummy ); 110 if ( error ) 111 goto Exit; 112 113 /* We assume that the first segment in a PFB is always encoded as */ 114 /* text. This might be wrong (and the specification doesn't insist */ 115 /* on that), but we have never seen a counterexample. */ 116 if ( tag != 0x8001U && FT_STREAM_SEEK( 0 ) ) 117 goto Exit; 118 119 if ( !FT_FRAME_ENTER( header_length ) ) 120 { 121 error = FT_Err_Ok; 122 123 if ( ft_memcmp( stream->cursor, header_string, header_length ) != 0 ) 124 error = FT_THROW( Unknown_File_Format ); 125 126 FT_FRAME_EXIT(); 127 } 128 129 Exit: 130 return error; 131 } 132 133 134 FT_LOCAL_DEF( FT_Error ) T1_New_Parser(T1_Parser parser,FT_Stream stream,FT_Memory memory,PSAux_Service psaux)135 T1_New_Parser( T1_Parser parser, 136 FT_Stream stream, 137 FT_Memory memory, 138 PSAux_Service psaux ) 139 { 140 FT_Error error; 141 FT_UShort tag; 142 FT_ULong size; 143 144 145 psaux->ps_parser_funcs->init( &parser->root, NULL, NULL, memory ); 146 147 parser->stream = stream; 148 parser->base_len = 0; 149 parser->base_dict = NULL; 150 parser->private_len = 0; 151 parser->private_dict = NULL; 152 parser->in_pfb = 0; 153 parser->in_memory = 0; 154 parser->single_block = 0; 155 156 /* check the header format */ 157 error = check_type1_format( stream, "%!PS-AdobeFont", 14 ); 158 if ( error ) 159 { 160 if ( FT_ERR_NEQ( error, Unknown_File_Format ) ) 161 goto Exit; 162 163 error = check_type1_format( stream, "%!FontType", 10 ); 164 if ( error ) 165 { 166 FT_TRACE2(( " not a Type 1 font\n" )); 167 goto Exit; 168 } 169 } 170 171 /******************************************************************* 172 * 173 * Here a short summary of what is going on: 174 * 175 * When creating a new Type 1 parser, we try to locate and load 176 * the base dictionary if this is possible (i.e., for PFB 177 * files). Otherwise, we load the whole font into memory. 178 * 179 * When `loading' the base dictionary, we only setup pointers 180 * in the case of a memory-based stream. Otherwise, we 181 * allocate and load the base dictionary in it. 182 * 183 * parser->in_pfb is set if we are in a binary (`.pfb') font. 184 * parser->in_memory is set if we have a memory stream. 185 */ 186 187 /* try to compute the size of the base dictionary; */ 188 /* look for a Postscript binary file tag, i.e., 0x8001 */ 189 if ( FT_STREAM_SEEK( 0L ) ) 190 goto Exit; 191 192 error = read_pfb_tag( stream, &tag, &size ); 193 if ( error ) 194 goto Exit; 195 196 if ( tag != 0x8001U ) 197 { 198 /* assume that this is a PFA file for now; an error will */ 199 /* be produced later when more things are checked */ 200 if ( FT_STREAM_SEEK( 0L ) ) 201 goto Exit; 202 size = stream->size; 203 } 204 else 205 parser->in_pfb = 1; 206 207 /* now, try to load `size' bytes of the `base' dictionary we */ 208 /* found previously */ 209 210 /* if it is a memory-based resource, set up pointers */ 211 if ( !stream->read ) 212 { 213 parser->base_dict = (FT_Byte*)stream->base + stream->pos; 214 parser->base_len = size; 215 parser->in_memory = 1; 216 217 /* check that the `size' field is valid */ 218 if ( FT_STREAM_SKIP( size ) ) 219 goto Exit; 220 } 221 else 222 { 223 /* read segment in memory -- this is clumsy, but so does the format */ 224 if ( FT_ALLOC( parser->base_dict, size ) || 225 FT_STREAM_READ( parser->base_dict, size ) ) 226 goto Exit; 227 parser->base_len = size; 228 } 229 230 parser->root.base = parser->base_dict; 231 parser->root.cursor = parser->base_dict; 232 parser->root.limit = parser->root.cursor + parser->base_len; 233 234 Exit: 235 if ( error && !parser->in_memory ) 236 FT_FREE( parser->base_dict ); 237 238 return error; 239 } 240 241 242 FT_LOCAL_DEF( void ) T1_Finalize_Parser(T1_Parser parser)243 T1_Finalize_Parser( T1_Parser parser ) 244 { 245 FT_Memory memory = parser->root.memory; 246 247 248 /* always free the private dictionary */ 249 FT_FREE( parser->private_dict ); 250 251 /* free the base dictionary only when we have a disk stream */ 252 if ( !parser->in_memory ) 253 FT_FREE( parser->base_dict ); 254 255 parser->root.funcs.done( &parser->root ); 256 } 257 258 259 FT_LOCAL_DEF( FT_Error ) T1_Get_Private_Dict(T1_Parser parser,PSAux_Service psaux)260 T1_Get_Private_Dict( T1_Parser parser, 261 PSAux_Service psaux ) 262 { 263 FT_Stream stream = parser->stream; 264 FT_Memory memory = parser->root.memory; 265 FT_Error error = FT_Err_Ok; 266 FT_ULong size; 267 268 269 if ( parser->in_pfb ) 270 { 271 /* in the case of the PFB format, the private dictionary can be */ 272 /* made of several segments. We thus first read the number of */ 273 /* segments to compute the total size of the private dictionary */ 274 /* then re-read them into memory. */ 275 FT_ULong start_pos = FT_STREAM_POS(); 276 FT_UShort tag; 277 278 279 parser->private_len = 0; 280 for (;;) 281 { 282 error = read_pfb_tag( stream, &tag, &size ); 283 if ( error ) 284 goto Fail; 285 286 if ( tag != 0x8002U ) 287 break; 288 289 parser->private_len += size; 290 291 if ( FT_STREAM_SKIP( size ) ) 292 goto Fail; 293 } 294 295 /* Check that we have a private dictionary there */ 296 /* and allocate private dictionary buffer */ 297 if ( parser->private_len == 0 ) 298 { 299 FT_ERROR(( "T1_Get_Private_Dict:" 300 " invalid private dictionary section\n" )); 301 error = FT_THROW( Invalid_File_Format ); 302 goto Fail; 303 } 304 305 if ( FT_STREAM_SEEK( start_pos ) || 306 FT_ALLOC( parser->private_dict, parser->private_len ) ) 307 goto Fail; 308 309 parser->private_len = 0; 310 for (;;) 311 { 312 error = read_pfb_tag( stream, &tag, &size ); 313 if ( error || tag != 0x8002U ) 314 { 315 error = FT_Err_Ok; 316 break; 317 } 318 319 if ( FT_STREAM_READ( parser->private_dict + parser->private_len, 320 size ) ) 321 goto Fail; 322 323 parser->private_len += size; 324 } 325 } 326 else 327 { 328 /* We have already `loaded' the whole PFA font file into memory; */ 329 /* if this is a memory resource, allocate a new block to hold */ 330 /* the private dict. Otherwise, simply overwrite into the base */ 331 /* dictionary block in the heap. */ 332 333 /* first of all, look at the `eexec' keyword */ 334 FT_Byte* cur = parser->base_dict; 335 FT_Byte* limit = cur + parser->base_len; 336 FT_Pointer pos_lf; 337 FT_Bool test_cr; 338 339 340 Again: 341 for (;;) 342 { 343 if ( cur[0] == 'e' && 344 cur + 9 < limit ) /* 9 = 5 letters for `eexec' + */ 345 /* whitespace + 4 chars */ 346 { 347 if ( cur[1] == 'e' && 348 cur[2] == 'x' && 349 cur[3] == 'e' && 350 cur[4] == 'c' ) 351 break; 352 } 353 cur++; 354 if ( cur >= limit ) 355 { 356 FT_ERROR(( "T1_Get_Private_Dict:" 357 " could not find `eexec' keyword\n" )); 358 error = FT_THROW( Invalid_File_Format ); 359 goto Exit; 360 } 361 } 362 363 /* check whether `eexec' was real -- it could be in a comment */ 364 /* or string (as e.g. in u003043t.gsf from ghostscript) */ 365 366 parser->root.cursor = parser->base_dict; 367 /* set limit to `eexec' + whitespace + 4 characters */ 368 parser->root.limit = cur + 10; 369 370 cur = parser->root.cursor; 371 limit = parser->root.limit; 372 373 while ( cur < limit ) 374 { 375 if ( cur[0] == 'e' && 376 cur + 5 < limit ) 377 { 378 if ( cur[1] == 'e' && 379 cur[2] == 'x' && 380 cur[3] == 'e' && 381 cur[4] == 'c' ) 382 goto Found; 383 } 384 385 T1_Skip_PS_Token( parser ); 386 if ( parser->root.error ) 387 break; 388 T1_Skip_Spaces ( parser ); 389 cur = parser->root.cursor; 390 } 391 392 /* we haven't found the correct `eexec'; go back and continue */ 393 /* searching */ 394 395 cur = limit; 396 limit = parser->base_dict + parser->base_len; 397 398 if ( cur >= limit ) 399 { 400 FT_ERROR(( "T1_Get_Private_Dict:" 401 " premature end in private dictionary\n" )); 402 error = FT_THROW( Invalid_File_Format ); 403 goto Exit; 404 } 405 406 goto Again; 407 408 /* now determine where to write the _encrypted_ binary private */ 409 /* dictionary. We overwrite the base dictionary for disk-based */ 410 /* resources and allocate a new block otherwise */ 411 412 Found: 413 parser->root.limit = parser->base_dict + parser->base_len; 414 415 T1_Skip_PS_Token( parser ); 416 cur = parser->root.cursor; 417 limit = parser->root.limit; 418 419 /* According to the Type 1 spec, the first cipher byte must not be */ 420 /* an ASCII whitespace character code (blank, tab, carriage return */ 421 /* or line feed). We have seen Type 1 fonts with two line feed */ 422 /* characters... So skip now all whitespace character codes. */ 423 /* */ 424 /* On the other hand, Adobe's Type 1 parser handles fonts just */ 425 /* fine that are violating this limitation, so we add a heuristic */ 426 /* test to stop at \r only if it is not used for EOL. */ 427 428 pos_lf = ft_memchr( cur, '\n', (size_t)( limit - cur ) ); 429 test_cr = FT_BOOL( !pos_lf || 430 pos_lf > ft_memchr( cur, 431 '\r', 432 (size_t)( limit - cur ) ) ); 433 434 while ( cur < limit && 435 ( *cur == ' ' || 436 *cur == '\t' || 437 (test_cr && *cur == '\r' ) || 438 *cur == '\n' ) ) 439 cur++; 440 if ( cur >= limit ) 441 { 442 FT_ERROR(( "T1_Get_Private_Dict:" 443 " `eexec' not properly terminated\n" )); 444 error = FT_THROW( Invalid_File_Format ); 445 goto Exit; 446 } 447 448 size = parser->base_len - (FT_ULong)( cur - parser->base_dict ); 449 450 if ( parser->in_memory ) 451 { 452 /* note that we allocate one more byte to put a terminating `0' */ 453 if ( FT_ALLOC( parser->private_dict, size + 1 ) ) 454 goto Fail; 455 parser->private_len = size; 456 } 457 else 458 { 459 parser->single_block = 1; 460 parser->private_dict = parser->base_dict; 461 parser->private_len = size; 462 parser->base_dict = NULL; 463 parser->base_len = 0; 464 } 465 466 /* now determine whether the private dictionary is encoded in binary */ 467 /* or hexadecimal ASCII format -- decode it accordingly */ 468 469 /* we need to access the next 4 bytes (after the final whitespace */ 470 /* following the `eexec' keyword); if they all are hexadecimal */ 471 /* digits, then we have a case of ASCII storage */ 472 473 if ( cur + 3 < limit && 474 ft_isxdigit( cur[0] ) && ft_isxdigit( cur[1] ) && 475 ft_isxdigit( cur[2] ) && ft_isxdigit( cur[3] ) ) 476 { 477 /* ASCII hexadecimal encoding */ 478 FT_ULong len; 479 480 481 parser->root.cursor = cur; 482 (void)psaux->ps_parser_funcs->to_bytes( &parser->root, 483 parser->private_dict, 484 parser->private_len, 485 &len, 486 0 ); 487 parser->private_len = len; 488 489 /* put a safeguard */ 490 parser->private_dict[len] = '\0'; 491 } 492 else 493 /* binary encoding -- copy the private dict */ 494 FT_MEM_MOVE( parser->private_dict, cur, size ); 495 } 496 497 /* we now decrypt the encoded binary private dictionary */ 498 psaux->t1_decrypt( parser->private_dict, parser->private_len, 55665U ); 499 500 if ( parser->private_len < 4 ) 501 { 502 FT_ERROR(( "T1_Get_Private_Dict:" 503 " invalid private dictionary section\n" )); 504 error = FT_THROW( Invalid_File_Format ); 505 goto Fail; 506 } 507 508 /* replace the four random bytes at the beginning with whitespace */ 509 parser->private_dict[0] = ' '; 510 parser->private_dict[1] = ' '; 511 parser->private_dict[2] = ' '; 512 parser->private_dict[3] = ' '; 513 514 parser->root.base = parser->private_dict; 515 parser->root.cursor = parser->private_dict; 516 parser->root.limit = parser->root.cursor + parser->private_len; 517 518 Fail: 519 Exit: 520 return error; 521 } 522 523 524 /* END */ 525