• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2008, 2009, Google Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are
6  * met:
7  *
8  *     * Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  *     * Redistributions in binary form must reproduce the above
11  * copyright notice, this list of conditions and the following disclaimer
12  * in the documentation and/or other materials provided with the
13  * distribution.
14  *     * Neither the name of Google Inc. nor the names of its
15  * contributors may be used to endorse or promote products derived from
16  * this software without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #include <stdint.h>
32 #include <stdlib.h>
33 #include <string.h>
34 
35 // For htons/ntohs
36 #include <arpa/inet.h>
37 
38 // Buffer helper class
39 //
40 // This class perform some trival buffer operations while checking for
41 // out-of-bounds errors. As a family they return false if anything is amiss,
42 // updating the current offset otherwise.
43 class Buffer {
44 public:
Buffer(const uint8_t * buffer,size_t length)45     Buffer(const uint8_t* buffer, size_t length)
46         : m_buffer(buffer)
47         , m_length(length)
48         , m_offset(0) { }
49 
skip(size_t numBytes)50     bool skip(size_t numBytes)
51     {
52         if (m_offset + numBytes > m_length)
53             return false;
54         m_offset += numBytes;
55         return true;
56     }
57 
readU8(uint8_t * value)58     bool readU8(uint8_t* value)
59     {
60         if (m_offset + sizeof(uint8_t) > m_length)
61             return false;
62         *value = m_buffer[m_offset];
63         m_offset += sizeof(uint8_t);
64         return true;
65     }
66 
readU16(uint16_t * value)67     bool readU16(uint16_t* value)
68     {
69         if (m_offset + sizeof(uint16_t) > m_length)
70             return false;
71         memcpy(value, m_buffer + m_offset, sizeof(uint16_t));
72         *value = ntohs(*value);
73         m_offset += sizeof(uint16_t);
74         return true;
75     }
76 
readS16(int16_t * value)77     bool readS16(int16_t* value)
78     {
79         return readU16(reinterpret_cast<uint16_t*>(value));
80     }
81 
offset() const82     size_t offset() const
83     {
84         return m_offset;
85     }
86 
setOffset(size_t newoffset)87     void setOffset(size_t newoffset)
88     {
89         m_offset = newoffset;
90     }
91 
92 private:
93     const uint8_t *const m_buffer;
94     const size_t m_length;
95     size_t m_offset;
96 };
97 
98 // VDMX parsing code.
99 //
100 // VDMX tables are found in some TrueType/OpenType fonts and contain
101 // ascender/descender overrides for certain (usually small) sizes. This is
102 // needed in order to match font metrics on Windows.
103 //
104 // Freetype does not parse these tables so we do so here.
105 
106 namespace WebCore {
107 
108 // Parse a TrueType VDMX table.
109 //   yMax: (output) the ascender value from the table
110 //   yMin: (output) the descender value from the table (negative!)
111 //   vdmx: the table bytes
112 //   vdmxLength: length of @vdmx, in bytes
113 //   targetPixelSize: the pixel size of the font (e.g. 16)
114 //
115 // Returns true iff a suitable match are found. Otherwise, *yMax and *yMin are
116 // untouched. size_t must be 32-bits to avoid overflow.
117 //
118 // See http://www.microsoft.com/opentype/otspec/vdmx.htm
parseVDMX(int * yMax,int * yMin,const uint8_t * vdmx,size_t vdmxLength,unsigned targetPixelSize)119 bool parseVDMX(int* yMax, int* yMin,
120                const uint8_t* vdmx, size_t vdmxLength,
121                unsigned targetPixelSize)
122 {
123     Buffer buf(vdmx, vdmxLength);
124 
125     // We ignore the version. Future tables should be backwards compatible with
126     // this layout.
127     uint16_t numRatios;
128     if (!buf.skip(4) || !buf.readU16(&numRatios))
129         return false;
130 
131     // Now we have two tables. Firstly we have @numRatios Ratio records, then a
132     // matching array of @numRatios offsets. We save the offset of the beginning
133     // of this second table.
134     //
135     // Range 6 <= x <= 262146
136     unsigned long offsetTableOffset =
137         buf.offset() + 4 /* sizeof struct ratio */ * numRatios;
138 
139     unsigned desiredRatio = 0xffffffff;
140     // We read 4 bytes per record, so the offset range is
141     //   6 <= x <= 524286
142     for (unsigned i = 0; i < numRatios; ++i) {
143         uint8_t xRatio, yRatio1, yRatio2;
144 
145         if (!buf.skip(1)
146             || !buf.readU8(&xRatio)
147             || !buf.readU8(&yRatio1)
148             || !buf.readU8(&yRatio2))
149             return false;
150 
151         // This either covers 1:1, or this is the default entry (0, 0, 0)
152         if ((xRatio == 1 && yRatio1 <= 1 && yRatio2 >= 1)
153             || (xRatio == 0 && yRatio1 == 0 && yRatio2 == 0)) {
154             desiredRatio = i;
155             break;
156         }
157     }
158 
159     if (desiredRatio == 0xffffffff) // no ratio found
160         return false;
161 
162     // Range 10 <= x <= 393216
163     buf.setOffset(offsetTableOffset + sizeof(uint16_t) * desiredRatio);
164 
165     // Now we read from the offset table to get the offset of another array
166     uint16_t groupOffset;
167     if (!buf.readU16(&groupOffset))
168         return false;
169     // Range 0 <= x <= 65535
170     buf.setOffset(groupOffset);
171 
172     uint16_t numRecords;
173     if (!buf.readU16(&numRecords) || !buf.skip(sizeof(uint16_t)))
174         return false;
175 
176     // We read 6 bytes per record, so the offset range is
177     //   4 <= x <= 458749
178     for (unsigned i = 0; i < numRecords; ++i) {
179         uint16_t pixelSize;
180         if (!buf.readU16(&pixelSize))
181             return false;
182         // the entries are sorted, so we can abort early if need be
183         if (pixelSize > targetPixelSize)
184             return false;
185 
186         if (pixelSize == targetPixelSize) {
187             int16_t tempYMax, tempYMin;
188             if (!buf.readS16(&tempYMax)
189                 || !buf.readS16(&tempYMin))
190                 return false;
191             *yMin = tempYMin;
192             *yMax = tempYMax;
193             return true;
194         }
195         if (!buf.skip(2 * sizeof(int16_t)))
196             return false;
197     }
198 
199     return false;
200 }
201 
202 } // namespace WebCore
203