1 /***************************************************************************/ 2 /* */ 3 /* cffparse.c */ 4 /* */ 5 /* CFF token stream parser (body) */ 6 /* */ 7 /* Copyright 1996-2001, 2002, 2003, 2004, 2007, 2008, 2009 by */ 8 /* David Turner, Robert Wilhelm, and Werner Lemberg. */ 9 /* */ 10 /* This file is part of the FreeType project, and may only be used, */ 11 /* modified, and distributed under the terms of the FreeType project */ 12 /* license, LICENSE.TXT. By continuing to use, modify, or distribute */ 13 /* this file you indicate that you have read the license and */ 14 /* understand and accept it fully. */ 15 /* */ 16 /***************************************************************************/ 17 18 19 #include <ft2build.h> 20 #include "cffparse.h" 21 #include FT_INTERNAL_STREAM_H 22 #include FT_INTERNAL_DEBUG_H 23 24 #include "cfferrs.h" 25 26 27 /*************************************************************************/ 28 /* */ 29 /* The macro FT_COMPONENT is used in trace mode. It is an implicit */ 30 /* parameter of the FT_TRACE() and FT_ERROR() macros, used to print/log */ 31 /* messages during execution. */ 32 /* */ 33 #undef FT_COMPONENT 34 #define FT_COMPONENT trace_cffparse 35 36 37 enum 38 { 39 cff_kind_none = 0, 40 cff_kind_num, 41 cff_kind_fixed, 42 cff_kind_fixed_thousand, 43 cff_kind_string, 44 cff_kind_bool, 45 cff_kind_delta, 46 cff_kind_callback, 47 48 cff_kind_max /* do not remove */ 49 }; 50 51 52 /* now generate handlers for the most simple fields */ 53 typedef FT_Error (*CFF_Field_Reader)( CFF_Parser parser ); 54 55 typedef struct CFF_Field_Handler_ 56 { 57 int kind; 58 int code; 59 FT_UInt offset; 60 FT_Byte size; 61 CFF_Field_Reader reader; 62 FT_UInt array_max; 63 FT_UInt count_offset; 64 65 } CFF_Field_Handler; 66 67 68 FT_LOCAL_DEF( void ) cff_parser_init(CFF_Parser parser,FT_UInt code,void * object)69 cff_parser_init( CFF_Parser parser, 70 FT_UInt code, 71 void* object ) 72 { 73 FT_MEM_ZERO( parser, sizeof ( *parser ) ); 74 75 parser->top = parser->stack; 76 parser->object_code = code; 77 parser->object = object; 78 } 79 80 81 /* read an integer */ 82 static FT_Long cff_parse_integer(FT_Byte * start,FT_Byte * limit)83 cff_parse_integer( FT_Byte* start, 84 FT_Byte* limit ) 85 { 86 FT_Byte* p = start; 87 FT_Int v = *p++; 88 FT_Long val = 0; 89 90 91 if ( v == 28 ) 92 { 93 if ( p + 2 > limit ) 94 goto Bad; 95 96 val = (FT_Short)( ( (FT_Int)p[0] << 8 ) | p[1] ); 97 p += 2; 98 } 99 else if ( v == 29 ) 100 { 101 if ( p + 4 > limit ) 102 goto Bad; 103 104 val = ( (FT_Long)p[0] << 24 ) | 105 ( (FT_Long)p[1] << 16 ) | 106 ( (FT_Long)p[2] << 8 ) | 107 p[3]; 108 p += 4; 109 } 110 else if ( v < 247 ) 111 { 112 val = v - 139; 113 } 114 else if ( v < 251 ) 115 { 116 if ( p + 1 > limit ) 117 goto Bad; 118 119 val = ( v - 247 ) * 256 + p[0] + 108; 120 p++; 121 } 122 else 123 { 124 if ( p + 1 > limit ) 125 goto Bad; 126 127 val = -( v - 251 ) * 256 - p[0] - 108; 128 p++; 129 } 130 131 Exit: 132 return val; 133 134 Bad: 135 val = 0; 136 goto Exit; 137 } 138 139 140 static const FT_Long power_tens[] = 141 { 142 1L, 143 10L, 144 100L, 145 1000L, 146 10000L, 147 100000L, 148 1000000L, 149 10000000L, 150 100000000L, 151 1000000000L 152 }; 153 154 155 /* read a real */ 156 static FT_Fixed cff_parse_real(FT_Byte * start,FT_Byte * limit,FT_Int power_ten,FT_Int * scaling)157 cff_parse_real( FT_Byte* start, 158 FT_Byte* limit, 159 FT_Int power_ten, 160 FT_Int* scaling ) 161 { 162 FT_Byte* p = start; 163 FT_UInt nib; 164 FT_UInt phase; 165 166 FT_Long result, number, rest, exponent; 167 FT_Int sign = 0, exponent_sign = 0; 168 FT_Int exponent_add, integer_length, fraction_length; 169 170 171 if ( scaling ) 172 *scaling = 0; 173 174 result = 0; 175 176 number = 0; 177 rest = 0; 178 exponent = 0; 179 180 exponent_add = 0; 181 integer_length = 0; 182 fraction_length = 0; 183 184 /* First of all, read the integer part. */ 185 phase = 4; 186 187 for (;;) 188 { 189 /* If we entered this iteration with phase == 4, we need to */ 190 /* read a new byte. This also skips past the initial 0x1E. */ 191 if ( phase ) 192 { 193 p++; 194 195 /* Make sure we don't read past the end. */ 196 if ( p >= limit ) 197 goto Exit; 198 } 199 200 /* Get the nibble. */ 201 nib = ( p[0] >> phase ) & 0xF; 202 phase = 4 - phase; 203 204 if ( nib == 0xE ) 205 sign = 1; 206 else if ( nib > 9 ) 207 break; 208 else 209 { 210 /* Increase exponent if we can't add the digit. */ 211 if ( number >= 0xCCCCCCCL ) 212 exponent_add++; 213 /* Skip leading zeros. */ 214 else if ( nib || number ) 215 { 216 integer_length++; 217 number = number * 10 + nib; 218 } 219 } 220 } 221 222 /* Read fraction part, if any. */ 223 if ( nib == 0xa ) 224 for (;;) 225 { 226 /* If we entered this iteration with phase == 4, we need */ 227 /* to read a new byte. */ 228 if ( phase ) 229 { 230 p++; 231 232 /* Make sure we don't read past the end. */ 233 if ( p >= limit ) 234 goto Exit; 235 } 236 237 /* Get the nibble. */ 238 nib = ( p[0] >> phase ) & 0xF; 239 phase = 4 - phase; 240 if ( nib >= 10 ) 241 break; 242 243 /* Skip leading zeros if possible. */ 244 if ( !nib && !number ) 245 exponent_add--; 246 /* Only add digit if we don't overflow. */ 247 else if ( number < 0xCCCCCCCL && fraction_length < 9 ) 248 { 249 fraction_length++; 250 number = number * 10 + nib; 251 } 252 } 253 254 /* Read exponent, if any. */ 255 if ( nib == 12 ) 256 { 257 exponent_sign = 1; 258 nib = 11; 259 } 260 261 if ( nib == 11 ) 262 { 263 for (;;) 264 { 265 /* If we entered this iteration with phase == 4, */ 266 /* we need to read a new byte. */ 267 if ( phase ) 268 { 269 p++; 270 271 /* Make sure we don't read past the end. */ 272 if ( p >= limit ) 273 goto Exit; 274 } 275 276 /* Get the nibble. */ 277 nib = ( p[0] >> phase ) & 0xF; 278 phase = 4 - phase; 279 if ( nib >= 10 ) 280 break; 281 282 exponent = exponent * 10 + nib; 283 284 /* Arbitrarily limit exponent. */ 285 if ( exponent > 1000 ) 286 goto Exit; 287 } 288 289 if ( exponent_sign ) 290 exponent = -exponent; 291 } 292 293 /* We don't check `power_ten' and `exponent_add'. */ 294 exponent += power_ten + exponent_add; 295 296 if ( scaling ) 297 { 298 /* Only use `fraction_length'. */ 299 fraction_length += integer_length; 300 exponent += integer_length; 301 302 if ( fraction_length <= 5 ) 303 { 304 if ( number > 0x7FFFL ) 305 { 306 result = FT_DivFix( number, 10 ); 307 *scaling = exponent - fraction_length + 1; 308 } 309 else 310 { 311 if ( exponent > 0 ) 312 { 313 FT_Int new_fraction_length, shift; 314 315 316 /* Make `scaling' as small as possible. */ 317 new_fraction_length = FT_MIN( exponent, 5 ); 318 exponent -= new_fraction_length; 319 shift = new_fraction_length - fraction_length; 320 321 number *= power_tens[shift]; 322 if ( number > 0x7FFFL ) 323 { 324 number /= 10; 325 exponent += 1; 326 } 327 } 328 else 329 exponent -= fraction_length; 330 331 result = number << 16; 332 *scaling = exponent; 333 } 334 } 335 else 336 { 337 if ( ( number / power_tens[fraction_length - 5] ) > 0x7FFFL ) 338 { 339 result = FT_DivFix( number, power_tens[fraction_length - 4] ); 340 *scaling = exponent - 4; 341 } 342 else 343 { 344 result = FT_DivFix( number, power_tens[fraction_length - 5] ); 345 *scaling = exponent - 5; 346 } 347 } 348 } 349 else 350 { 351 integer_length += exponent; 352 fraction_length -= exponent; 353 354 /* Check for overflow and underflow. */ 355 if ( FT_ABS( integer_length ) > 5 ) 356 goto Exit; 357 358 /* Remove non-significant digits. */ 359 if ( integer_length < 0 ) { 360 number /= power_tens[-integer_length]; 361 fraction_length += integer_length; 362 } 363 364 /* Convert into 16.16 format. */ 365 if ( fraction_length > 0 ) 366 { 367 if ( ( number / power_tens[fraction_length] ) > 0x7FFFL ) 368 goto Exit; 369 370 result = FT_DivFix( number, power_tens[fraction_length] ); 371 } 372 else 373 { 374 number *= power_tens[-fraction_length]; 375 376 if ( number > 0x7FFFL ) 377 goto Exit; 378 379 result = number << 16; 380 } 381 } 382 383 if ( sign ) 384 result = -result; 385 386 Exit: 387 return result; 388 } 389 390 391 /* read a number, either integer or real */ 392 static FT_Long cff_parse_num(FT_Byte ** d)393 cff_parse_num( FT_Byte** d ) 394 { 395 return **d == 30 ? ( cff_parse_real( d[0], d[1], 0, NULL ) >> 16 ) 396 : cff_parse_integer( d[0], d[1] ); 397 } 398 399 400 /* read a floating point number, either integer or real */ 401 static FT_Fixed cff_parse_fixed(FT_Byte ** d)402 cff_parse_fixed( FT_Byte** d ) 403 { 404 return **d == 30 ? cff_parse_real( d[0], d[1], 0, NULL ) 405 : cff_parse_integer( d[0], d[1] ) << 16; 406 } 407 408 409 /* read a floating point number, either integer or real, */ 410 /* but return `10^scaling' times the number read in */ 411 static FT_Fixed cff_parse_fixed_scaled(FT_Byte ** d,FT_Int scaling)412 cff_parse_fixed_scaled( FT_Byte** d, 413 FT_Int scaling ) 414 { 415 return **d == 30 ? cff_parse_real( d[0], d[1], scaling, NULL ) 416 : ( cff_parse_integer( d[0], d[1] ) * 417 power_tens[scaling] ) << 16; 418 } 419 420 421 /* read a floating point number, either integer or real, */ 422 /* and return it as precise as possible -- `scaling' returns */ 423 /* the scaling factor (as a power of 10) */ 424 static FT_Fixed cff_parse_fixed_dynamic(FT_Byte ** d,FT_Int * scaling)425 cff_parse_fixed_dynamic( FT_Byte** d, 426 FT_Int* scaling ) 427 { 428 FT_ASSERT( scaling ); 429 430 if ( **d == 30 ) 431 return cff_parse_real( d[0], d[1], 0, scaling ); 432 else 433 { 434 FT_Long number; 435 FT_Int integer_length; 436 437 438 number = cff_parse_integer( d[0], d[1] ); 439 440 if ( number > 0x7FFFL ) 441 { 442 for ( integer_length = 5; integer_length < 10; integer_length++ ) 443 if ( number < power_tens[integer_length] ) 444 break; 445 446 if ( ( number / power_tens[integer_length - 5] ) > 0x7FFFL ) 447 { 448 *scaling = integer_length - 4; 449 return FT_DivFix( number, power_tens[integer_length - 4] ); 450 } 451 else 452 { 453 *scaling = integer_length - 5; 454 return FT_DivFix( number, power_tens[integer_length - 5] ); 455 } 456 } 457 else 458 { 459 *scaling = 0; 460 return number << 16; 461 } 462 } 463 } 464 465 466 static FT_Error cff_parse_font_matrix(CFF_Parser parser)467 cff_parse_font_matrix( CFF_Parser parser ) 468 { 469 CFF_FontRecDict dict = (CFF_FontRecDict)parser->object; 470 FT_Matrix* matrix = &dict->font_matrix; 471 FT_Vector* offset = &dict->font_offset; 472 FT_ULong* upm = &dict->units_per_em; 473 FT_Byte** data = parser->stack; 474 FT_Error error = CFF_Err_Stack_Underflow; 475 476 477 if ( parser->top >= parser->stack + 6 ) 478 { 479 FT_Int scaling; 480 481 482 error = CFF_Err_Ok; 483 484 /* We expect a well-formed font matrix, this is, the matrix elements */ 485 /* `xx' and `yy' are of approximately the same magnitude. To avoid */ 486 /* loss of precision, we use the magnitude of element `xx' to scale */ 487 /* all other elements. The scaling factor is then contained in the */ 488 /* `units_per_em' value. */ 489 490 matrix->xx = cff_parse_fixed_dynamic( data++, &scaling ); 491 492 scaling = -scaling; 493 494 if ( scaling < 0 || scaling > 9 ) 495 { 496 /* Return default matrix in case of unlikely values. */ 497 matrix->xx = 0x10000L; 498 matrix->yx = 0; 499 matrix->yx = 0; 500 matrix->yy = 0x10000L; 501 offset->x = 0; 502 offset->y = 0; 503 *upm = 1; 504 505 goto Exit; 506 } 507 508 matrix->yx = cff_parse_fixed_scaled( data++, scaling ); 509 matrix->xy = cff_parse_fixed_scaled( data++, scaling ); 510 matrix->yy = cff_parse_fixed_scaled( data++, scaling ); 511 offset->x = cff_parse_fixed_scaled( data++, scaling ); 512 offset->y = cff_parse_fixed_scaled( data, scaling ); 513 514 *upm = power_tens[scaling]; 515 } 516 517 Exit: 518 return error; 519 } 520 521 522 static FT_Error cff_parse_font_bbox(CFF_Parser parser)523 cff_parse_font_bbox( CFF_Parser parser ) 524 { 525 CFF_FontRecDict dict = (CFF_FontRecDict)parser->object; 526 FT_BBox* bbox = &dict->font_bbox; 527 FT_Byte** data = parser->stack; 528 FT_Error error; 529 530 531 error = CFF_Err_Stack_Underflow; 532 533 if ( parser->top >= parser->stack + 4 ) 534 { 535 bbox->xMin = FT_RoundFix( cff_parse_fixed( data++ ) ); 536 bbox->yMin = FT_RoundFix( cff_parse_fixed( data++ ) ); 537 bbox->xMax = FT_RoundFix( cff_parse_fixed( data++ ) ); 538 bbox->yMax = FT_RoundFix( cff_parse_fixed( data ) ); 539 error = CFF_Err_Ok; 540 } 541 542 return error; 543 } 544 545 546 static FT_Error cff_parse_private_dict(CFF_Parser parser)547 cff_parse_private_dict( CFF_Parser parser ) 548 { 549 CFF_FontRecDict dict = (CFF_FontRecDict)parser->object; 550 FT_Byte** data = parser->stack; 551 FT_Error error; 552 553 554 error = CFF_Err_Stack_Underflow; 555 556 if ( parser->top >= parser->stack + 2 ) 557 { 558 dict->private_size = cff_parse_num( data++ ); 559 dict->private_offset = cff_parse_num( data ); 560 error = CFF_Err_Ok; 561 } 562 563 return error; 564 } 565 566 567 static FT_Error cff_parse_cid_ros(CFF_Parser parser)568 cff_parse_cid_ros( CFF_Parser parser ) 569 { 570 CFF_FontRecDict dict = (CFF_FontRecDict)parser->object; 571 FT_Byte** data = parser->stack; 572 FT_Error error; 573 574 575 error = CFF_Err_Stack_Underflow; 576 577 if ( parser->top >= parser->stack + 3 ) 578 { 579 dict->cid_registry = (FT_UInt)cff_parse_num ( data++ ); 580 dict->cid_ordering = (FT_UInt)cff_parse_num ( data++ ); 581 dict->cid_supplement = (FT_ULong)cff_parse_num( data ); 582 error = CFF_Err_Ok; 583 } 584 585 return error; 586 } 587 588 589 #define CFF_FIELD_NUM( code, name ) \ 590 CFF_FIELD( code, name, cff_kind_num ) 591 #define CFF_FIELD_FIXED( code, name ) \ 592 CFF_FIELD( code, name, cff_kind_fixed ) 593 #define CFF_FIELD_FIXED_1000( code, name ) \ 594 CFF_FIELD( code, name, cff_kind_fixed_thousand ) 595 #define CFF_FIELD_STRING( code, name ) \ 596 CFF_FIELD( code, name, cff_kind_string ) 597 #define CFF_FIELD_BOOL( code, name ) \ 598 CFF_FIELD( code, name, cff_kind_bool ) 599 #define CFF_FIELD_DELTA( code, name, max ) \ 600 CFF_FIELD( code, name, cff_kind_delta ) 601 602 #define CFF_FIELD_CALLBACK( code, name ) \ 603 { \ 604 cff_kind_callback, \ 605 code | CFFCODE, \ 606 0, 0, \ 607 cff_parse_ ## name, \ 608 0, 0 \ 609 }, 610 611 #undef CFF_FIELD 612 #define CFF_FIELD( code, name, kind ) \ 613 { \ 614 kind, \ 615 code | CFFCODE, \ 616 FT_FIELD_OFFSET( name ), \ 617 FT_FIELD_SIZE( name ), \ 618 0, 0, 0 \ 619 }, 620 621 #undef CFF_FIELD_DELTA 622 #define CFF_FIELD_DELTA( code, name, max ) \ 623 { \ 624 cff_kind_delta, \ 625 code | CFFCODE, \ 626 FT_FIELD_OFFSET( name ), \ 627 FT_FIELD_SIZE_DELTA( name ), \ 628 0, \ 629 max, \ 630 FT_FIELD_OFFSET( num_ ## name ) \ 631 }, 632 633 #define CFFCODE_TOPDICT 0x1000 634 #define CFFCODE_PRIVATE 0x2000 635 636 static const CFF_Field_Handler cff_field_handlers[] = 637 { 638 639 #include "cfftoken.h" 640 641 { 0, 0, 0, 0, 0, 0, 0 } 642 }; 643 644 645 FT_LOCAL_DEF( FT_Error ) cff_parser_run(CFF_Parser parser,FT_Byte * start,FT_Byte * limit)646 cff_parser_run( CFF_Parser parser, 647 FT_Byte* start, 648 FT_Byte* limit ) 649 { 650 FT_Byte* p = start; 651 FT_Error error = CFF_Err_Ok; 652 653 654 parser->top = parser->stack; 655 parser->start = start; 656 parser->limit = limit; 657 parser->cursor = start; 658 659 while ( p < limit ) 660 { 661 FT_UInt v = *p; 662 663 664 if ( v >= 27 && v != 31 ) 665 { 666 /* it's a number; we will push its position on the stack */ 667 if ( parser->top - parser->stack >= CFF_MAX_STACK_DEPTH ) 668 goto Stack_Overflow; 669 670 *parser->top ++ = p; 671 672 /* now, skip it */ 673 if ( v == 30 ) 674 { 675 /* skip real number */ 676 p++; 677 for (;;) 678 { 679 if ( p >= limit ) 680 goto Syntax_Error; 681 v = p[0] >> 4; 682 if ( v == 15 ) 683 break; 684 v = p[0] & 0xF; 685 if ( v == 15 ) 686 break; 687 p++; 688 } 689 } 690 else if ( v == 28 ) 691 p += 2; 692 else if ( v == 29 ) 693 p += 4; 694 else if ( v > 246 ) 695 p += 1; 696 } 697 else 698 { 699 /* This is not a number, hence it's an operator. Compute its code */ 700 /* and look for it in our current list. */ 701 702 FT_UInt code; 703 FT_UInt num_args = (FT_UInt) 704 ( parser->top - parser->stack ); 705 const CFF_Field_Handler* field; 706 707 708 *parser->top = p; 709 code = v; 710 if ( v == 12 ) 711 { 712 /* two byte operator */ 713 p++; 714 if ( p >= limit ) 715 goto Syntax_Error; 716 717 code = 0x100 | p[0]; 718 } 719 code = code | parser->object_code; 720 721 for ( field = cff_field_handlers; field->kind; field++ ) 722 { 723 if ( field->code == (FT_Int)code ) 724 { 725 /* we found our field's handler; read it */ 726 FT_Long val; 727 FT_Byte* q = (FT_Byte*)parser->object + field->offset; 728 729 730 /* check that we have enough arguments -- except for */ 731 /* delta encoded arrays, which can be empty */ 732 if ( field->kind != cff_kind_delta && num_args < 1 ) 733 goto Stack_Underflow; 734 735 switch ( field->kind ) 736 { 737 case cff_kind_bool: 738 case cff_kind_string: 739 case cff_kind_num: 740 val = cff_parse_num( parser->stack ); 741 goto Store_Number; 742 743 case cff_kind_fixed: 744 val = cff_parse_fixed( parser->stack ); 745 goto Store_Number; 746 747 case cff_kind_fixed_thousand: 748 val = cff_parse_fixed_scaled( parser->stack, 3 ); 749 750 Store_Number: 751 switch ( field->size ) 752 { 753 case (8 / FT_CHAR_BIT): 754 *(FT_Byte*)q = (FT_Byte)val; 755 break; 756 757 case (16 / FT_CHAR_BIT): 758 *(FT_Short*)q = (FT_Short)val; 759 break; 760 761 case (32 / FT_CHAR_BIT): 762 *(FT_Int32*)q = (FT_Int)val; 763 break; 764 765 default: /* for 64-bit systems */ 766 *(FT_Long*)q = val; 767 } 768 break; 769 770 case cff_kind_delta: 771 { 772 FT_Byte* qcount = (FT_Byte*)parser->object + 773 field->count_offset; 774 775 FT_Byte** data = parser->stack; 776 777 778 if ( num_args > field->array_max ) 779 num_args = field->array_max; 780 781 /* store count */ 782 *qcount = (FT_Byte)num_args; 783 784 val = 0; 785 while ( num_args > 0 ) 786 { 787 val += cff_parse_num( data++ ); 788 switch ( field->size ) 789 { 790 case (8 / FT_CHAR_BIT): 791 *(FT_Byte*)q = (FT_Byte)val; 792 break; 793 794 case (16 / FT_CHAR_BIT): 795 *(FT_Short*)q = (FT_Short)val; 796 break; 797 798 case (32 / FT_CHAR_BIT): 799 *(FT_Int32*)q = (FT_Int)val; 800 break; 801 802 default: /* for 64-bit systems */ 803 *(FT_Long*)q = val; 804 } 805 806 q += field->size; 807 num_args--; 808 } 809 } 810 break; 811 812 default: /* callback */ 813 error = field->reader( parser ); 814 if ( error ) 815 goto Exit; 816 } 817 goto Found; 818 } 819 } 820 821 /* this is an unknown operator, or it is unsupported; */ 822 /* we will ignore it for now. */ 823 824 Found: 825 /* clear stack */ 826 parser->top = parser->stack; 827 } 828 p++; 829 } 830 831 Exit: 832 return error; 833 834 Stack_Overflow: 835 error = CFF_Err_Invalid_Argument; 836 goto Exit; 837 838 Stack_Underflow: 839 error = CFF_Err_Invalid_Argument; 840 goto Exit; 841 842 Syntax_Error: 843 error = CFF_Err_Invalid_Argument; 844 goto Exit; 845 } 846 847 848 /* END */ 849