Linux: plumb fontconfig call out to the sandbox host.

chrome/browser/renderer_host/render_sandbox_host_linux.cc

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/renderer_host/render_sandbox_host_linux.h"
 
 #include <stdint.h>
 #include <unistd.h>
 #include <sys/uio.h>
 #include <sys/socket.h>
 #include <sys/poll.h>
 
 #include "base/eintr_wrapper.h"
 #include "base/process_util.h"
 #include "base/logging.h"
 #include "base/message_loop.h"
 #include "base/pickle.h"
+#include "base/string_util.h"
 #include "base/unix_domain_socket_posix.h"
+#include "chrome/common/sandbox_methods_linux.h"
+#include "webkit/api/public/gtk/WebFontInfo.h"
 
 #include "SkFontHost_fontconfig_direct.h"
 #include "SkFontHost_fontconfig_ipc.h"
 
+using WebKit::WebFontInfo;
+using WebKit::WebString;
+using WebKit::WebUChar;
+
 // http://code.google.com/p/chromium/wiki/LinuxSandboxIPC
 
 // BEWARE: code in this file run across *processes* (not just threads).
 
 // This code runs in a child process
 class SandboxIPCProcess {
  public:
   // lifeline_fd: this is the read end of a pipe which the browser process
   //   holds the other end of. If the browser process dies, it's descriptors are
   //   closed and we will noticed an EOF on the pipe. That's our signal to exit.
@@ skipping 61 matching lines @@
     void* iter = NULL;
 
     int kind;
     if (!pickle.ReadInt(&iter, &kind))
       goto error;
 
     if (kind == FontConfigIPC::METHOD_MATCH) {
       HandleFontMatchRequest(fd, pickle, iter, fds);
     } else if (kind == FontConfigIPC::METHOD_OPEN) {
       HandleFontOpenRequest(fd, pickle, iter, fds);
+    } else if (kind == LinuxSandbox::METHOD_GET_FONT_FAMILY_FOR_CHARS) {
+      HandleGetFontFamilyForChars(fd, pickle, iter, fds);
     }
 
   error:
     for (std::vector<int>::const_iterator
          i = fds.begin(); i != fds.end(); ++i) {
       close(*i);
     }
   }
 
   void HandleFontMatchRequest(int fd, Pickle& pickle, void* iter,
@@ skipping 45 matching lines @@
     Pickle reply;
     if (result_fd == -1) {
       reply.WriteBool(false);
     } else {
       reply.WriteBool(true);
     }
 
     SendRendererReply(fds, reply, result_fd);
   }
 
+  void HandleGetFontFamilyForChars(int fd, Pickle& pickle, void* iter,
+                                   std::vector<int>& fds) {
+    // The other side of this call is
+    // chrome/renderer/renderer_sandbox_support_linux.cc
+
+    int num_chars;
+    if (!pickle.ReadInt(&iter, &num_chars))
+      return;
+
+    // We don't want a corrupt renderer asking too much of us, it might
+    // overflow later in the code.
+    static const int kMaxChars = 4096;
+    if (num_chars < 1 || num_chars > kMaxChars) {
+      LOG(WARNING) << "HandleGetFontFamilyForChars: too many chars: "
+                   << num_chars;
+      return;
+    }
+
+    scoped_array<WebUChar> chars(new WebUChar[num_chars]);
+
+    for (int i = 0; i < num_chars; ++i) {
+      uint32_t c;
+      if (!pickle.ReadUInt32(&iter, &c)) {
+        return;
+      }
+
+      chars[i] = c;
+    }
+
+    const WebString family = WebFontInfo::familyForChars(chars.get(), num_chars);
+    const std::string family_utf8 = UTF16ToUTF8(family);
+
+    Pickle reply;
+    reply.WriteString(family_utf8);
+    SendRendererReply(fds, reply, -1);
+  }
+
   void SendRendererReply(const std::vector<int>& fds, const Pickle& reply,
                          int reply_fd) {
     struct msghdr msg;
     memset(&msg, 0, sizeof(msg));
     struct iovec iov = {const_cast<void*>(reply.data()), reply.size()};
     msg.msg_iov = &iov;
     msg.msg_iovlen = 1;
 
     char control_buffer[CMSG_SPACE(sizeof(int))];
 
@@ skipping 40 matching lines @@
     SandboxIPCProcess handler(child_lifeline_fd, browser_socket);
     handler.Run();
     _exit(0);
   }
 }
 
 RenderSandboxHostLinux::~RenderSandboxHostLinux() {
   HANDLE_EINTR(close(renderer_socket_));
   HANDLE_EINTR(close(childs_lifeline_fd_));
 }