OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 // This is the implementation of decompression of the proposed WOFF Ultra |
| 6 // Condensed file format. |
| 7 |
| 8 #include <cassert> |
| 9 #include <cstdlib> |
| 10 #include <vector> |
| 11 |
| 12 #include <zlib.h> |
| 13 |
| 14 #include "third_party/lzma_sdk/LzmaLib.h" |
| 15 |
| 16 #include "opentype-sanitiser.h" |
| 17 #include "ots-memory-stream.h" |
| 18 #include "ots.h" |
| 19 #include "woff2.h" |
| 20 |
| 21 namespace { |
| 22 |
| 23 // simple glyph flags |
| 24 const int kGlyfOnCurve = 1 << 0; |
| 25 const int kGlyfXShort = 1 << 1; |
| 26 const int kGlyfYShort = 1 << 2; |
| 27 const int kGlyfRepeat = 1 << 3; |
| 28 const int kGlyfThisXIsSame = 1 << 4; |
| 29 const int kGlyfThisYIsSame = 1 << 5; |
| 30 |
| 31 // composite glyph flags |
| 32 const int FLAG_ARG_1_AND_2_ARE_WORDS = 1 << 0; |
| 33 const int FLAG_ARGS_ARE_XY_VALUES = 1 << 1; |
| 34 const int FLAG_ROUND_XY_TO_GRID = 1 << 2; |
| 35 const int FLAG_WE_HAVE_A_SCALE = 1 << 3; |
| 36 const int FLAG_RESERVED = 1 << 4; |
| 37 const int FLAG_MORE_COMPONENTS = 1 << 5; |
| 38 const int FLAG_WE_HAVE_AN_X_AND_Y_SCALE = 1 << 6; |
| 39 const int FLAG_WE_HAVE_A_TWO_BY_TWO = 1 << 7; |
| 40 const int FLAG_WE_HAVE_INSTRUCTIONS = 1 << 8; |
| 41 const int FLAG_USE_MY_METRICS = 1 << 9; |
| 42 const int FLAG_OVERLAP_COMPOUND = 1 << 10; |
| 43 const int FLAG_SCALED_COMPONENT_OFFSET = 1 << 11; |
| 44 const int FLAG_UNSCALED_COMPONENT_OFFSET = 1 << 12; |
| 45 |
| 46 const size_t kSfntHeaderSize = 12; |
| 47 const size_t kSfntEntrySize = 16; |
| 48 const size_t kCheckSumAdjustmentOffset = 8; |
| 49 |
| 50 const size_t kEndPtsOfContoursOffset = 10; |
| 51 const size_t kCompositeGlyphBegin = 10; |
| 52 |
| 53 // Note that the byte order is big-endian, not the same as ots.cc |
| 54 #define TAG(a, b, c, d) ((a << 24) | (b << 16) | (c << 8) | d) |
| 55 |
| 56 const unsigned int kWoff2FlagsContinueStream = 1 << 4; |
| 57 const unsigned int kWoff2FlagsTransform = 1 << 5; |
| 58 |
| 59 const size_t kWoff2HeaderSize = 44; |
| 60 const size_t kWoff2EntrySize = 20; |
| 61 |
| 62 const size_t kLzmaHeaderSize = 13; |
| 63 |
| 64 // Compression type values common to both short and long formats |
| 65 const uint32_t kCompressionTypeMask = 0xf; |
| 66 const uint32_t kCompressionTypeNone = 0; |
| 67 const uint32_t kCompressionTypeGzip = 1; |
| 68 const uint32_t kCompressionTypeLzma = 2; |
| 69 |
| 70 // This is a special value for the short format only, as described in |
| 71 // "Design for compressed header format" in draft doc. |
| 72 const uint32_t kShortFlagsContinue = 3; |
| 73 |
| 74 struct Point { |
| 75 int x; |
| 76 int y; |
| 77 bool on_curve; |
| 78 }; |
| 79 |
| 80 struct Table { |
| 81 uint32_t tag; |
| 82 uint32_t flags; |
| 83 uint32_t src_offset; |
| 84 uint32_t src_length; |
| 85 |
| 86 uint32_t transform_length; |
| 87 |
| 88 uint32_t dst_offset; |
| 89 uint32_t dst_length; |
| 90 |
| 91 Table() |
| 92 : tag(0) |
| 93 , flags(0) |
| 94 , src_offset(0) |
| 95 , src_length(0) |
| 96 , transform_length(0) |
| 97 , dst_offset(0) |
| 98 , dst_length(0) |
| 99 {} |
| 100 }; |
| 101 |
| 102 // Based on section 6.1.1 of MicroType Express draft spec |
| 103 bool Read255UShort(ots::Buffer* buf, unsigned int* value) { |
| 104 static const int kWordCode = 253; |
| 105 static const int kOneMoreByteCode2 = 254; |
| 106 static const int kOneMoreByteCode1 = 255; |
| 107 static const int kLowestUCode = 253; |
| 108 uint8_t code = 0; |
| 109 if (!buf->ReadU8(&code)) { |
| 110 return OTS_FAILURE(); |
| 111 } |
| 112 if (code == kWordCode) { |
| 113 uint16_t result = 0; |
| 114 if (!buf->ReadU16(&result)) { |
| 115 return OTS_FAILURE(); |
| 116 } |
| 117 *value = result; |
| 118 return true; |
| 119 } else if (code == kOneMoreByteCode1) { |
| 120 uint8_t result = 0; |
| 121 if (!buf->ReadU8(&result)) { |
| 122 return OTS_FAILURE(); |
| 123 } |
| 124 *value = result + kLowestUCode; |
| 125 return true; |
| 126 } else if (code == kOneMoreByteCode2) { |
| 127 uint8_t result = 0; |
| 128 if (!buf->ReadU8(&result)) { |
| 129 return OTS_FAILURE(); |
| 130 } |
| 131 *value = result + kLowestUCode * 2; |
| 132 return true; |
| 133 } else { |
| 134 *value = code; |
| 135 return true; |
| 136 } |
| 137 } |
| 138 |
| 139 bool ReadBase128(ots::Buffer* buf, uint32_t* value) { |
| 140 uint32_t result = 0; |
| 141 for (size_t i = 0; i < 5; ++i) { |
| 142 uint8_t code = 0; |
| 143 if (!buf->ReadU8(&code)) { |
| 144 return OTS_FAILURE(); |
| 145 } |
| 146 // If any of the top seven bits are set then we're about to overflow. |
| 147 if (result & 0xe0000000U) { |
| 148 return OTS_FAILURE(); |
| 149 } |
| 150 result = (result << 7) | (code & 0x7f); |
| 151 if ((code & 0x80) == 0) { |
| 152 *value = result; |
| 153 return true; |
| 154 } |
| 155 } |
| 156 // Make sure not to exceed the size bound |
| 157 return OTS_FAILURE(); |
| 158 } |
| 159 |
| 160 size_t StoreU32(uint8_t* dst, size_t offset, uint32_t x) { |
| 161 dst[offset] = x >> 24; |
| 162 dst[offset + 1] = x >> 16; |
| 163 dst[offset + 2] = x >> 8; |
| 164 dst[offset + 3] = x; |
| 165 return offset + 4; |
| 166 } |
| 167 |
| 168 size_t Store16(uint8_t* dst, size_t offset, int x) { |
| 169 dst[offset] = x >> 8; |
| 170 dst[offset + 1] = x; |
| 171 return offset + 2; |
| 172 } |
| 173 |
| 174 int WithSign(int flag, int baseval) { |
| 175 assert(0 <= baseval && baseval < 65536); |
| 176 return (flag & 1) ? baseval : -baseval; |
| 177 } |
| 178 |
| 179 bool TripletDecode(const uint8_t* flags_in, const uint8_t* in, size_t in_size, |
| 180 unsigned int n_points, std::vector<Point>* result, |
| 181 size_t* in_bytes_consumed) { |
| 182 int x = 0; |
| 183 int y = 0; |
| 184 |
| 185 if (n_points > in_size) { |
| 186 return OTS_FAILURE(); |
| 187 } |
| 188 unsigned int triplet_index = 0; |
| 189 |
| 190 for (unsigned int i = 0; i < n_points; ++i) { |
| 191 uint8_t flag = flags_in[i]; |
| 192 bool on_curve = !(flag >> 7); |
| 193 flag &= 0x7f; |
| 194 unsigned int n_data_bytes; |
| 195 if (flag < 84) { |
| 196 n_data_bytes = 1; |
| 197 } else if (flag < 120) { |
| 198 n_data_bytes = 2; |
| 199 } else if (flag < 124) { |
| 200 n_data_bytes = 3; |
| 201 } else { |
| 202 n_data_bytes = 4; |
| 203 } |
| 204 if (triplet_index + n_data_bytes > in_size || |
| 205 triplet_index + n_data_bytes < triplet_index) { |
| 206 return OTS_FAILURE(); |
| 207 } |
| 208 int dx, dy; |
| 209 if (flag < 10) { |
| 210 dx = 0; |
| 211 dy = WithSign(flag, ((flag & 14) << 7) + in[triplet_index]); |
| 212 } else if (flag < 20) { |
| 213 dx = WithSign(flag, (((flag - 10) & 14) << 7) + in[triplet_index]); |
| 214 dy = 0; |
| 215 } else if (flag < 84) { |
| 216 int b0 = flag - 20; |
| 217 int b1 = in[triplet_index]; |
| 218 dx = WithSign(flag, 1 + (b0 & 0x30) + (b1 >> 4)); |
| 219 dy = WithSign(flag >> 1, 1 + ((b0 & 0x0c) << 2) + (b1 & 0x0f)); |
| 220 } else if (flag < 120) { |
| 221 int b0 = flag - 84; |
| 222 dx = WithSign(flag, 1 + ((b0 / 12) << 8) + in[triplet_index]); |
| 223 dy = WithSign(flag >> 1, |
| 224 1 + (((b0 % 12) >> 2) << 8) + in[triplet_index + 1]); |
| 225 } else if (flag < 124) { |
| 226 int b2 = in[triplet_index + 1]; |
| 227 dx = WithSign(flag, (in[triplet_index] << 4) + (b2 >> 4)); |
| 228 dy = WithSign(flag >> 1, ((b2 & 0x0f) << 8) + in[triplet_index + 2]); |
| 229 } else { |
| 230 dx = WithSign(flag, (in[triplet_index] << 8) + in[triplet_index + 1]); |
| 231 dy = WithSign(flag >> 1, |
| 232 (in[triplet_index + 2] << 8) + in[triplet_index + 3]); |
| 233 } |
| 234 triplet_index += n_data_bytes; |
| 235 // Possible overflow but coordinate values are not security sensitive |
| 236 x += dx; |
| 237 y += dy; |
| 238 result->push_back(Point()); |
| 239 Point& back = result->back(); |
| 240 back.x = x; |
| 241 back.y = y; |
| 242 back.on_curve = on_curve; |
| 243 } |
| 244 *in_bytes_consumed = triplet_index; |
| 245 return true; |
| 246 } |
| 247 |
| 248 // This function stores just the point data. On entry, dst points to the |
| 249 // beginning of a simple glyph. Returns true on success. |
| 250 bool StorePoints(const std::vector<Point>& points, |
| 251 unsigned int n_contours, unsigned int instruction_length, |
| 252 uint8_t* dst, size_t dst_size, size_t* glyph_size) { |
| 253 // I believe that n_contours < 65536, in which case this is safe. However, a |
| 254 // comment and/or an assert would be good. |
| 255 unsigned int flag_offset = kEndPtsOfContoursOffset + 2 * n_contours + 2 + |
| 256 instruction_length; |
| 257 int last_flag = -1; |
| 258 int repeat_count = 0; |
| 259 int last_x = 0; |
| 260 int last_y = 0; |
| 261 unsigned int x_bytes = 0; |
| 262 unsigned int y_bytes = 0; |
| 263 |
| 264 for (size_t i = 0; i < points.size(); ++i) { |
| 265 const Point& point = points.at(i); |
| 266 int flag = point.on_curve ? kGlyfOnCurve : 0; |
| 267 int dx = point.x - last_x; |
| 268 int dy = point.y - last_y; |
| 269 if (dx == 0) { |
| 270 flag |= kGlyfThisXIsSame; |
| 271 } else if (dx > -256 && dx < 256) { |
| 272 flag |= kGlyfXShort | (dx > 0 ? kGlyfThisXIsSame : 0); |
| 273 x_bytes += 1; |
| 274 } else { |
| 275 x_bytes += 2; |
| 276 } |
| 277 if (dy == 0) { |
| 278 flag |= kGlyfThisYIsSame; |
| 279 } else if (dy > -256 && dy < 256) { |
| 280 flag |= kGlyfYShort | (dy > 0 ? kGlyfThisYIsSame : 0); |
| 281 y_bytes += 1; |
| 282 } else { |
| 283 y_bytes += 2; |
| 284 } |
| 285 |
| 286 if (flag == last_flag && repeat_count != 255) { |
| 287 dst[flag_offset - 1] |= kGlyfRepeat; |
| 288 repeat_count++; |
| 289 } else { |
| 290 if (repeat_count != 0) { |
| 291 if (flag_offset >= dst_size) { |
| 292 return OTS_FAILURE(); |
| 293 } |
| 294 dst[flag_offset++] = repeat_count; |
| 295 } |
| 296 if (flag_offset >= dst_size) { |
| 297 return OTS_FAILURE(); |
| 298 } |
| 299 dst[flag_offset++] = flag; |
| 300 repeat_count = 0; |
| 301 } |
| 302 last_x = point.x; |
| 303 last_y = point.y; |
| 304 last_flag = flag; |
| 305 } |
| 306 |
| 307 if (repeat_count != 0) { |
| 308 if (flag_offset >= dst_size) { |
| 309 return OTS_FAILURE(); |
| 310 } |
| 311 dst[flag_offset++] = repeat_count; |
| 312 } |
| 313 unsigned int xy_bytes = x_bytes + y_bytes; |
| 314 if (xy_bytes < x_bytes || |
| 315 flag_offset + xy_bytes < flag_offset || |
| 316 flag_offset + xy_bytes > dst_size) { |
| 317 return OTS_FAILURE(); |
| 318 } |
| 319 |
| 320 int x_offset = flag_offset; |
| 321 int y_offset = flag_offset + x_bytes; |
| 322 last_x = 0; |
| 323 last_y = 0; |
| 324 for (size_t i = 0; i < points.size(); ++i) { |
| 325 int dx = points.at(i).x - last_x; |
| 326 if (dx == 0) { |
| 327 // pass |
| 328 } else if (dx > -256 && dx < 256) { |
| 329 dst[x_offset++] = std::abs(dx); |
| 330 } else { |
| 331 // will always fit for valid input, but overflow is harmless |
| 332 x_offset = Store16(dst, x_offset, dx); |
| 333 } |
| 334 last_x += dx; |
| 335 int dy = points.at(i).y - last_y; |
| 336 if (dy == 0) { |
| 337 // pass |
| 338 } else if (dy > -256 && dy < 256) { |
| 339 dst[y_offset++] = std::abs(dy); |
| 340 } else { |
| 341 y_offset = Store16(dst, y_offset, dy); |
| 342 } |
| 343 last_y += dy; |
| 344 } |
| 345 *glyph_size = y_offset; |
| 346 return true; |
| 347 } |
| 348 |
| 349 // Compute the bounding box of the coordinates, and store into a glyf buffer. |
| 350 // A precondition is that there are at least 10 bytes available. |
| 351 void ComputeBbox(const std::vector<Point>& points, uint8_t* dst) { |
| 352 int x_min = 0; |
| 353 int y_min = 0; |
| 354 int x_max = 0; |
| 355 int y_max = 0; |
| 356 |
| 357 for (size_t i = 0; i < points.size(); ++i) { |
| 358 int x = points.at(i).x; |
| 359 int y = points.at(i).y; |
| 360 if (i == 0 || x < x_min) x_min = x; |
| 361 if (i == 0 || x > x_max) x_max = x; |
| 362 if (i == 0 || y < y_min) y_min = y; |
| 363 if (i == 0 || y > y_max) y_max = y; |
| 364 } |
| 365 size_t offset = 2; |
| 366 offset = Store16(dst, offset, x_min); |
| 367 offset = Store16(dst, offset, y_min); |
| 368 offset = Store16(dst, offset, x_max); |
| 369 offset = Store16(dst, offset, y_max); |
| 370 } |
| 371 |
| 372 // Process entire bbox stream. This is done as a separate pass to allow for |
| 373 // composite bbox computations (an optional more aggressive transform). |
| 374 bool ProcessBboxStream(ots::Buffer* bbox_stream, unsigned int n_glyphs, |
| 375 const std::vector<uint32_t>& loca_values, uint8_t* glyf_buf, |
| 376 size_t glyf_buf_length) { |
| 377 const uint8_t* buf = bbox_stream->buffer(); |
| 378 if (n_glyphs >= 65536 || loca_values.size() != n_glyphs + 1) { |
| 379 return OTS_FAILURE(); |
| 380 } |
| 381 // Safe because n_glyphs is bounded |
| 382 unsigned int bitmap_length = ((n_glyphs + 31) >> 5) << 2; |
| 383 if (!bbox_stream->Skip(bitmap_length)) { |
| 384 return OTS_FAILURE(); |
| 385 } |
| 386 for (unsigned int i = 0; i < n_glyphs; ++i) { |
| 387 if (buf[i >> 3] & (0x80 >> (i & 7))) { |
| 388 uint32_t loca_offset = loca_values.at(i); |
| 389 if (loca_values.at(i + 1) - loca_offset < kEndPtsOfContoursOffset) { |
| 390 return OTS_FAILURE(); |
| 391 } |
| 392 if (glyf_buf_length < 2 + 10 || |
| 393 loca_offset > glyf_buf_length - 2 - 10) { |
| 394 return OTS_FAILURE(); |
| 395 } |
| 396 if (!bbox_stream->Read(glyf_buf + loca_offset + 2, 8)) { |
| 397 return OTS_FAILURE(); |
| 398 } |
| 399 } |
| 400 } |
| 401 return true; |
| 402 } |
| 403 |
| 404 bool ProcessComposite(ots::Buffer* composite_stream, uint8_t* dst, |
| 405 size_t dst_size, size_t* glyph_size, bool* have_instructions) { |
| 406 size_t start_offset = composite_stream->offset(); |
| 407 bool we_have_instructions = false; |
| 408 |
| 409 uint16_t flags = FLAG_MORE_COMPONENTS; |
| 410 while (flags & FLAG_MORE_COMPONENTS) { |
| 411 if (!composite_stream->ReadU16(&flags)) { |
| 412 return OTS_FAILURE(); |
| 413 } |
| 414 we_have_instructions |= (flags & FLAG_WE_HAVE_INSTRUCTIONS) != 0; |
| 415 size_t arg_size = 2; // glyph index |
| 416 if (flags & FLAG_ARG_1_AND_2_ARE_WORDS) { |
| 417 arg_size += 4; |
| 418 } else { |
| 419 arg_size += 2; |
| 420 } |
| 421 if (flags & FLAG_WE_HAVE_A_SCALE) { |
| 422 arg_size += 2; |
| 423 } else if (flags & FLAG_WE_HAVE_AN_X_AND_Y_SCALE) { |
| 424 arg_size += 4; |
| 425 } else if (flags & FLAG_WE_HAVE_A_TWO_BY_TWO) { |
| 426 arg_size += 8; |
| 427 } |
| 428 if (!composite_stream->Skip(arg_size)) { |
| 429 return OTS_FAILURE(); |
| 430 } |
| 431 } |
| 432 size_t composite_glyph_size = composite_stream->offset() - start_offset; |
| 433 if (composite_glyph_size + kCompositeGlyphBegin > dst_size) { |
| 434 return OTS_FAILURE(); |
| 435 } |
| 436 Store16(dst, 0, 0xffff); // nContours = -1 for composite glyph |
| 437 std::memcpy(dst + kCompositeGlyphBegin, |
| 438 composite_stream->buffer() + start_offset, |
| 439 composite_glyph_size); |
| 440 *glyph_size = kCompositeGlyphBegin + composite_glyph_size; |
| 441 *have_instructions = we_have_instructions; |
| 442 return true; |
| 443 } |
| 444 |
| 445 // Build TrueType loca table |
| 446 bool StoreLoca(const std::vector<uint32_t>& loca_values, int index_format, |
| 447 uint8_t* dst, size_t dst_size) { |
| 448 const uint64_t loca_size = loca_values.size(); |
| 449 const uint64_t offset_size = index_format ? 4 : 2; |
| 450 if ((loca_size << 2) >> 2 != loca_size) { |
| 451 return OTS_FAILURE(); |
| 452 } |
| 453 // No integer overflow here (loca_size <= 2^16). |
| 454 if (offset_size * loca_size > dst_size) { |
| 455 return OTS_FAILURE(); |
| 456 } |
| 457 size_t offset = 0; |
| 458 for (size_t i = 0; i < loca_values.size(); ++i) { |
| 459 uint32_t value = loca_values.at(i); |
| 460 if (index_format) { |
| 461 offset = StoreU32(dst, offset, value); |
| 462 } else { |
| 463 offset = Store16(dst, offset, value >> 1); |
| 464 } |
| 465 } |
| 466 return true; |
| 467 } |
| 468 |
| 469 // Reconstruct entire glyf table based on transformed original |
| 470 bool ReconstructGlyf(const uint8_t* data, size_t data_size, |
| 471 uint8_t* dst, size_t dst_size, |
| 472 uint8_t* loca_buf, size_t loca_size) { |
| 473 static const int kNumSubStreams = 7; |
| 474 ots::Buffer file(data, data_size); |
| 475 uint32_t version; |
| 476 std::vector<std::pair<const uint8_t*, size_t> > substreams(kNumSubStreams); |
| 477 |
| 478 if (!file.ReadU32(&version)) { |
| 479 return OTS_FAILURE(); |
| 480 } |
| 481 uint16_t num_glyphs; |
| 482 uint16_t index_format; |
| 483 if (!file.ReadU16(&num_glyphs) || |
| 484 !file.ReadU16(&index_format)) { |
| 485 return OTS_FAILURE(); |
| 486 } |
| 487 unsigned int offset = (2 + kNumSubStreams) * 4; |
| 488 if (offset > data_size) { |
| 489 return OTS_FAILURE(); |
| 490 } |
| 491 // Invariant from here on: data_size >= offset |
| 492 for (int i = 0; i < kNumSubStreams; ++i) { |
| 493 uint32_t substream_size; |
| 494 if (!file.ReadU32(&substream_size)) { |
| 495 return OTS_FAILURE(); |
| 496 } |
| 497 if (substream_size > data_size - offset) { |
| 498 return OTS_FAILURE(); |
| 499 } |
| 500 substreams.at(i) = std::make_pair(data + offset, substream_size); |
| 501 offset += substream_size; |
| 502 } |
| 503 ots::Buffer n_contour_stream(substreams.at(0).first, substreams.at(0).second); |
| 504 ots::Buffer n_points_stream(substreams.at(1).first, substreams.at(1).second); |
| 505 ots::Buffer flag_stream(substreams.at(2).first, substreams.at(2).second); |
| 506 ots::Buffer glyph_stream(substreams.at(3).first, substreams.at(3).second); |
| 507 ots::Buffer composite_stream(substreams.at(4).first, substreams.at(4).second); |
| 508 ots::Buffer bbox_stream(substreams.at(5).first, substreams.at(5).second); |
| 509 ots::Buffer instruction_stream(substreams.at(6).first, substreams.at(6).second
); |
| 510 |
| 511 std::vector<uint32_t> loca_values(num_glyphs + 1); |
| 512 std::vector<unsigned int> n_points_vec; |
| 513 std::vector<Point> points; |
| 514 uint32_t loca_offset = 0; |
| 515 for (unsigned int i = 0; i < num_glyphs; ++i) { |
| 516 size_t glyph_size = 0; |
| 517 uint16_t n_contours = 0; |
| 518 if (!n_contour_stream.ReadU16(&n_contours)) { |
| 519 return OTS_FAILURE(); |
| 520 } |
| 521 uint8_t* glyf_dst = dst + loca_offset; |
| 522 size_t glyf_dst_size = dst_size - loca_offset; |
| 523 if (n_contours == 0xffff) { |
| 524 // composite glyph |
| 525 bool have_instructions = false; |
| 526 unsigned int instruction_size = 0; |
| 527 if (!ProcessComposite(&composite_stream, glyf_dst, glyf_dst_size, |
| 528 &glyph_size, &have_instructions)) { |
| 529 return OTS_FAILURE(); |
| 530 } |
| 531 if (have_instructions) { |
| 532 if (!Read255UShort(&glyph_stream, &instruction_size)) { |
| 533 return OTS_FAILURE(); |
| 534 } |
| 535 if (instruction_size + 2 > glyf_dst_size - glyph_size) { |
| 536 return OTS_FAILURE(); |
| 537 } |
| 538 Store16(glyf_dst, glyph_size, instruction_size); |
| 539 if (!instruction_stream.Read(glyf_dst + glyph_size + 2, |
| 540 instruction_size)) { |
| 541 return OTS_FAILURE(); |
| 542 } |
| 543 glyph_size += instruction_size + 2; |
| 544 } |
| 545 } else if (n_contours > 0) { |
| 546 // simple glyph |
| 547 n_points_vec.clear(); |
| 548 points.clear(); |
| 549 unsigned int total_n_points = 0; |
| 550 unsigned int n_points_contour; |
| 551 for (unsigned int j = 0; j < n_contours; ++j) { |
| 552 if (!Read255UShort(&n_points_stream, &n_points_contour)) { |
| 553 return OTS_FAILURE(); |
| 554 } |
| 555 n_points_vec.push_back(n_points_contour); |
| 556 if (total_n_points + n_points_contour < total_n_points) { |
| 557 return OTS_FAILURE(); |
| 558 } |
| 559 total_n_points += n_points_contour; |
| 560 } |
| 561 unsigned int flag_size = total_n_points; |
| 562 if (flag_size > flag_stream.length() - flag_stream.offset()) { |
| 563 return OTS_FAILURE(); |
| 564 } |
| 565 const uint8_t* flags_buf = flag_stream.buffer() + flag_stream.offset(); |
| 566 const uint8_t* triplet_buf = glyph_stream.buffer() + |
| 567 glyph_stream.offset(); |
| 568 size_t triplet_size = glyph_stream.length() - glyph_stream.offset(); |
| 569 size_t triplet_bytes_consumed = 0; |
| 570 if (!TripletDecode(flags_buf, triplet_buf, triplet_size, total_n_points, |
| 571 &points, &triplet_bytes_consumed)) { |
| 572 return OTS_FAILURE(); |
| 573 } |
| 574 const uint32_t header_and_endpts_contours_size = |
| 575 kEndPtsOfContoursOffset + 2 * n_contours; |
| 576 if (glyf_dst_size < header_and_endpts_contours_size) { |
| 577 return OTS_FAILURE(); |
| 578 } |
| 579 Store16(glyf_dst, 0, n_contours); |
| 580 ComputeBbox(points, glyf_dst); |
| 581 size_t offset = kEndPtsOfContoursOffset; |
| 582 int end_point = -1; |
| 583 for (unsigned int contour_ix = 0; contour_ix < n_contours; ++contour_ix) { |
| 584 end_point += n_points_vec.at(contour_ix); |
| 585 if (end_point >= 65536) { |
| 586 return OTS_FAILURE(); |
| 587 } |
| 588 offset = Store16(glyf_dst, offset, end_point); |
| 589 } |
| 590 if (!flag_stream.Skip(flag_size)) { |
| 591 return OTS_FAILURE(); |
| 592 } |
| 593 if (!glyph_stream.Skip(triplet_bytes_consumed)) { |
| 594 return OTS_FAILURE(); |
| 595 } |
| 596 unsigned int instruction_size; |
| 597 if (!Read255UShort(&glyph_stream, &instruction_size)) { |
| 598 return OTS_FAILURE(); |
| 599 } |
| 600 if (glyf_dst_size - header_and_endpts_contours_size < |
| 601 instruction_size + 2) { |
| 602 return OTS_FAILURE(); |
| 603 } |
| 604 uint8_t* instruction_dst = glyf_dst + header_and_endpts_contours_size; |
| 605 Store16(instruction_dst, 0, instruction_size); |
| 606 if (!instruction_stream.Read(instruction_dst + 2, instruction_size)) { |
| 607 return OTS_FAILURE(); |
| 608 } |
| 609 if (!StorePoints(points, n_contours, instruction_size, |
| 610 glyf_dst, glyf_dst_size, &glyph_size)) { |
| 611 return OTS_FAILURE(); |
| 612 } |
| 613 } else { |
| 614 glyph_size = 0; |
| 615 } |
| 616 loca_values.at(i) = loca_offset; |
| 617 if (glyph_size + 3 < glyph_size) { |
| 618 return OTS_FAILURE(); |
| 619 } |
| 620 glyph_size = ots::Round4(glyph_size); |
| 621 if (glyph_size > dst_size - loca_offset) { |
| 622 // This shouldn't happen, but this test defensively maintains the |
| 623 // invariant that loca_offset <= dst_size. |
| 624 return OTS_FAILURE(); |
| 625 } |
| 626 loca_offset += glyph_size; |
| 627 } |
| 628 loca_values.at(num_glyphs) = loca_offset; |
| 629 if (!ProcessBboxStream(&bbox_stream, num_glyphs, loca_values, |
| 630 dst, dst_size)) { |
| 631 return OTS_FAILURE(); |
| 632 } |
| 633 return StoreLoca(loca_values, index_format, loca_buf, loca_size); |
| 634 } |
| 635 |
| 636 // This is linear search, but could be changed to binary because we |
| 637 // do have a guarantee that the tables are sorted by tag. But the total |
| 638 // cpu time is expected to be very small in any case. |
| 639 const Table* FindTable(const std::vector<Table>& tables, uint32_t tag) { |
| 640 size_t n_tables = tables.size(); |
| 641 for (size_t i = 0; i < n_tables; ++i) { |
| 642 if (tables.at(i).tag == tag) { |
| 643 return &tables.at(i); |
| 644 } |
| 645 } |
| 646 return NULL; |
| 647 } |
| 648 |
| 649 bool ReconstructTransformed(const std::vector<Table>& tables, uint32_t tag, |
| 650 const uint8_t* transformed_buf, size_t transformed_size, |
| 651 uint8_t* dst, size_t dst_length) { |
| 652 if (tag == TAG('g', 'l', 'y', 'f')) { |
| 653 const Table* glyf_table = FindTable(tables, tag); |
| 654 const Table* loca_table = FindTable(tables, TAG('l', 'o', 'c', 'a')); |
| 655 if (glyf_table == NULL || loca_table == NULL) { |
| 656 return OTS_FAILURE(); |
| 657 } |
| 658 if (static_cast<uint64_t>(glyf_table->dst_offset + glyf_table->dst_length) > |
| 659 dst_length) { |
| 660 return OTS_FAILURE(); |
| 661 } |
| 662 if (static_cast<uint64_t>(loca_table->dst_offset + loca_table->dst_length) > |
| 663 dst_length) { |
| 664 return OTS_FAILURE(); |
| 665 } |
| 666 return ReconstructGlyf(transformed_buf, transformed_size, |
| 667 dst + glyf_table->dst_offset, glyf_table->dst_length, |
| 668 dst + loca_table->dst_offset, loca_table->dst_length); |
| 669 } else if (tag == TAG('l', 'o', 'c', 'a')) { |
| 670 // processing was already done by glyf table, but validate |
| 671 if (!FindTable(tables, TAG('g', 'l', 'y', 'f'))) { |
| 672 return OTS_FAILURE(); |
| 673 } |
| 674 } else { |
| 675 // transform for the tag is not known |
| 676 return OTS_FAILURE(); |
| 677 } |
| 678 return true; |
| 679 } |
| 680 |
| 681 uint32_t ComputeChecksum(const uint8_t* buf, size_t size) { |
| 682 uint32_t checksum = 0; |
| 683 for (size_t i = 0; i < size; i += 4) { |
| 684 // We assume the addition is mod 2^32, which is valid because unsigned |
| 685 checksum += (buf[i] << 24) | (buf[i + 1] << 16) | |
| 686 (buf[i + 2] << 8) | buf[i + 3]; |
| 687 } |
| 688 return checksum; |
| 689 } |
| 690 |
| 691 bool FixChecksums(const std::vector<Table>& tables, uint8_t* dst) { |
| 692 const Table* head_table = FindTable(tables, TAG('h', 'e', 'a', 'd')); |
| 693 if (head_table == NULL || |
| 694 head_table->dst_length < kCheckSumAdjustmentOffset + 4) { |
| 695 return OTS_FAILURE(); |
| 696 } |
| 697 size_t adjustment_offset = head_table->dst_offset + kCheckSumAdjustmentOffset; |
| 698 if (adjustment_offset < head_table->dst_offset) { |
| 699 return OTS_FAILURE(); |
| 700 } |
| 701 StoreU32(dst, adjustment_offset, 0); |
| 702 size_t n_tables = tables.size(); |
| 703 uint32_t file_checksum = 0; |
| 704 for (size_t i = 0; i < n_tables; ++i) { |
| 705 const Table* table = &tables.at(i); |
| 706 size_t table_length = table->dst_length; |
| 707 uint8_t* table_data = dst + table->dst_offset; |
| 708 uint32_t checksum = ComputeChecksum(table_data, table_length); |
| 709 StoreU32(dst, kSfntHeaderSize + i * kSfntEntrySize + 4, checksum); |
| 710 file_checksum += checksum; // The addition is mod 2^32 |
| 711 } |
| 712 file_checksum += ComputeChecksum(dst, |
| 713 kSfntHeaderSize + kSfntEntrySize * n_tables); |
| 714 uint32_t checksum_adjustment = 0xb1b0afba - file_checksum; |
| 715 StoreU32(dst, adjustment_offset, checksum_adjustment); |
| 716 return true; |
| 717 } |
| 718 |
| 719 bool Woff2Uncompress(uint8_t* dst_buf, size_t dst_size, |
| 720 const uint8_t* src_buf, size_t src_size, uint32_t compression_type) { |
| 721 if (compression_type == kCompressionTypeGzip) { |
| 722 uLongf uncompressed_length = dst_size; |
| 723 int r = uncompress(reinterpret_cast<Bytef *>(dst_buf), &uncompressed_length, |
| 724 src_buf, src_size); |
| 725 if (r != Z_OK || uncompressed_length != dst_size) { |
| 726 return OTS_FAILURE(); |
| 727 } |
| 728 return true; |
| 729 } else if (compression_type == kCompressionTypeLzma) { |
| 730 if (src_size < kLzmaHeaderSize) { |
| 731 // Make sure we have at least a full Lzma header |
| 732 return OTS_FAILURE(); |
| 733 } |
| 734 // TODO: check that size matches (or elide size?) |
| 735 size_t uncompressed_size = dst_size; |
| 736 size_t compressed_size = src_size; |
| 737 int result = LzmaUncompress(dst_buf, &dst_size, |
| 738 src_buf + kLzmaHeaderSize, &compressed_size, |
| 739 src_buf, LZMA_PROPS_SIZE); |
| 740 if (result != SZ_OK || uncompressed_size != dst_size) { |
| 741 return OTS_FAILURE(); |
| 742 } |
| 743 return true; |
| 744 } |
| 745 // Unknown compression type |
| 746 return OTS_FAILURE(); |
| 747 } |
| 748 |
| 749 const uint32_t kKnownTags[] = { |
| 750 TAG('c', 'm', 'a', 'p'), // 0 |
| 751 TAG('h', 'e', 'a', 'd'), // 1 |
| 752 TAG('h', 'h', 'e', 'a'), // 2 |
| 753 TAG('h', 'm', 't', 'x'), // 3 |
| 754 TAG('m', 'a', 'x', 'p'), // 4 |
| 755 TAG('n', 'a', 'm', 'e'), // 5 |
| 756 TAG('O', 'S', '/', '2'), // 6 |
| 757 TAG('p', 'o', 's', 't'), // 7 |
| 758 TAG('c', 'v', 't', ' '), // 8 |
| 759 TAG('f', 'p', 'g', 'm'), // 9 |
| 760 TAG('g', 'l', 'y', 'f'), // 10 |
| 761 TAG('l', 'o', 'c', 'a'), // 11 |
| 762 TAG('p', 'r', 'e', 'p'), // 12 |
| 763 TAG('C', 'F', 'F', ' '), // 13 |
| 764 TAG('V', 'O', 'R', 'G'), // 14 |
| 765 TAG('E', 'B', 'D', 'T'), // 15 |
| 766 TAG('E', 'B', 'L', 'C'), // 16 |
| 767 TAG('g', 'a', 's', 'p'), // 17 |
| 768 TAG('h', 'd', 'm', 'x'), // 18 |
| 769 TAG('k', 'e', 'r', 'n'), // 19 |
| 770 TAG('L', 'T', 'S', 'H'), // 20 |
| 771 TAG('P', 'C', 'L', 'T'), // 21 |
| 772 TAG('V', 'D', 'M', 'X'), // 22 |
| 773 TAG('v', 'h', 'e', 'a'), // 23 |
| 774 TAG('v', 'm', 't', 'x'), // 24 |
| 775 TAG('B', 'A', 'S', 'E'), // 25 |
| 776 TAG('G', 'D', 'E', 'F'), // 26 |
| 777 TAG('G', 'P', 'O', 'S'), // 27 |
| 778 TAG('G', 'S', 'U', 'B'), // 28 |
| 779 }; |
| 780 |
| 781 bool ReadShortDirectory(ots::Buffer* file, std::vector<Table>* tables, |
| 782 size_t num_tables) { |
| 783 uint32_t last_compression_type = 0; |
| 784 for (size_t i = 0; i < num_tables; ++i) { |
| 785 Table* table = &tables->at(i); |
| 786 uint8_t flag_byte; |
| 787 if (!file->ReadU8(&flag_byte)) { |
| 788 return OTS_FAILURE(); |
| 789 } |
| 790 uint32_t tag; |
| 791 if ((flag_byte & 0x1f) == 0x1f) { |
| 792 if (!file->ReadU32(&tag)) { |
| 793 return OTS_FAILURE(); |
| 794 } |
| 795 } else { |
| 796 if ((flag_byte & 0x1f) >= arraysize(kKnownTags)) { |
| 797 return OTS_FAILURE(); |
| 798 } |
| 799 tag = kKnownTags[flag_byte & 0x1f]; |
| 800 } |
| 801 uint32_t flags = flag_byte >> 6; |
| 802 if (flags == kShortFlagsContinue) { |
| 803 flags = last_compression_type | kWoff2FlagsContinueStream; |
| 804 } else { |
| 805 if (flags == kCompressionTypeNone || |
| 806 flags == kCompressionTypeGzip || |
| 807 flags == kCompressionTypeLzma) { |
| 808 last_compression_type = flags; |
| 809 } else { |
| 810 return OTS_FAILURE(); |
| 811 } |
| 812 } |
| 813 if ((flag_byte & 0x20) != 0) { |
| 814 flags |= kWoff2FlagsTransform; |
| 815 } |
| 816 uint32_t dst_length; |
| 817 if (!ReadBase128(file, &dst_length)) { |
| 818 return OTS_FAILURE(); |
| 819 } |
| 820 uint32_t transform_length = dst_length; |
| 821 if ((flags & kWoff2FlagsTransform) != 0) { |
| 822 if (!ReadBase128(file, &transform_length)) { |
| 823 return OTS_FAILURE(); |
| 824 } |
| 825 } |
| 826 uint32_t src_length = transform_length; |
| 827 if ((flag_byte >> 6) == 1 || (flag_byte >> 6) == 2) { |
| 828 if (!ReadBase128(file, &src_length)) { |
| 829 return OTS_FAILURE(); |
| 830 } |
| 831 } |
| 832 // Disallow huge numbers (> 1GB) for sanity. |
| 833 if (src_length > 1024 * 1024 * 1024 || |
| 834 transform_length > 1024 * 1024 * 1024 || |
| 835 dst_length > 1024 * 1024 * 1024) { |
| 836 return OTS_FAILURE(); |
| 837 } |
| 838 |
| 839 table->tag = tag; |
| 840 table->flags = flags; |
| 841 table->src_length = src_length; |
| 842 table->transform_length = transform_length; |
| 843 table->dst_length = dst_length; |
| 844 } |
| 845 return true; |
| 846 } |
| 847 |
| 848 } // namespace |
| 849 |
| 850 namespace ots { |
| 851 |
| 852 size_t ComputeWOFF2FinalSize(const uint8_t* data, size_t length) { |
| 853 ots::Buffer file(data, length); |
| 854 uint32_t total_length; |
| 855 |
| 856 if (!file.Skip(16) || |
| 857 !file.ReadU32(&total_length)) { |
| 858 return 0; |
| 859 } |
| 860 return total_length; |
| 861 } |
| 862 |
| 863 bool ConvertWOFF2ToTTF(uint8_t* result, size_t result_length, |
| 864 const uint8_t* data, size_t length) { |
| 865 static const uint32_t kWoff2Signature = 0x774f4632; // "wOF2" |
| 866 ots::Buffer file(data, length); |
| 867 |
| 868 uint32_t signature; |
| 869 uint32_t flavor; |
| 870 if (!file.ReadU32(&signature) || signature != kWoff2Signature || |
| 871 !file.ReadU32(&flavor)) { |
| 872 return OTS_FAILURE(); |
| 873 } |
| 874 |
| 875 if (!IsValidVersionTag(ntohl(flavor))) { |
| 876 return OTS_FAILURE(); |
| 877 } |
| 878 |
| 879 uint32_t reported_length; |
| 880 if (!file.ReadU32(&reported_length) || length != reported_length) { |
| 881 return OTS_FAILURE(); |
| 882 } |
| 883 uint16_t num_tables; |
| 884 if (!file.ReadU16(&num_tables) || !num_tables) { |
| 885 return OTS_FAILURE(); |
| 886 } |
| 887 // We don't care about these fields of the header: |
| 888 // uint16_t reserved |
| 889 // uint32_t total_sfnt_size |
| 890 // uint16_t major_version, minor_version |
| 891 // uint32_t meta_offset, meta_length, meta_orig_length |
| 892 // uint32_t priv_offset, priv_length |
| 893 if (!file.Skip(30)) { |
| 894 return OTS_FAILURE(); |
| 895 } |
| 896 std::vector<Table> tables(num_tables); |
| 897 // Note: change below to ReadLongDirectory to enable long format. |
| 898 if (!ReadShortDirectory(&file, &tables, num_tables)) { |
| 899 return OTS_FAILURE(); |
| 900 } |
| 901 uint64_t src_offset = file.offset(); |
| 902 uint64_t dst_offset = kSfntHeaderSize + |
| 903 kSfntEntrySize * static_cast<uint64_t>(num_tables); |
| 904 uint64_t uncompressed_sum = 0; |
| 905 for (uint16_t i = 0; i < num_tables; ++i) { |
| 906 Table* table = &tables.at(i); |
| 907 table->src_offset = src_offset; |
| 908 src_offset += table->src_length; |
| 909 if (src_offset > std::numeric_limits<uint32_t>::max()) { |
| 910 return OTS_FAILURE(); |
| 911 } |
| 912 src_offset = ots::Round4(src_offset); |
| 913 table->dst_offset = dst_offset; |
| 914 dst_offset += table->dst_length; |
| 915 if (dst_offset > std::numeric_limits<uint32_t>::max()) { |
| 916 return OTS_FAILURE(); |
| 917 } |
| 918 dst_offset = ots::Round4(dst_offset); |
| 919 if ((table->flags & kCompressionTypeMask) != kCompressionTypeNone) { |
| 920 uncompressed_sum += table->src_length; |
| 921 if (uncompressed_sum > std::numeric_limits<uint32_t>::max()) { |
| 922 return OTS_FAILURE(); |
| 923 } |
| 924 } |
| 925 } |
| 926 // Enforce same 30M limit on uncompressed tables as OTS |
| 927 if (uncompressed_sum > 30 * 1024 * 1024) { |
| 928 return OTS_FAILURE(); |
| 929 } |
| 930 if (src_offset > length || dst_offset > result_length) { |
| 931 return OTS_FAILURE(); |
| 932 } |
| 933 |
| 934 const uint32_t sfnt_header_and_table_directory_size = 12 + 16 * num_tables; |
| 935 if (sfnt_header_and_table_directory_size > result_length) { |
| 936 return OTS_FAILURE(); |
| 937 } |
| 938 |
| 939 // Start building the font |
| 940 size_t offset = 0; |
| 941 offset = StoreU32(result, offset, flavor); |
| 942 offset = Store16(result, offset, num_tables); |
| 943 unsigned max_pow2 = 0; |
| 944 while (1u << (max_pow2 + 1) <= num_tables) { |
| 945 max_pow2++; |
| 946 } |
| 947 const uint16_t output_search_range = (1u << max_pow2) << 4; |
| 948 offset = Store16(result, offset, output_search_range); |
| 949 offset = Store16(result, offset, max_pow2); |
| 950 offset = Store16(result, offset, (num_tables << 4) - output_search_range); |
| 951 for (uint16_t i = 0; i < num_tables; ++i) { |
| 952 const Table* table = &tables.at(i); |
| 953 offset = StoreU32(result, offset, table->tag); |
| 954 offset = StoreU32(result, offset, 0); // checksum, to fill in later |
| 955 offset = StoreU32(result, offset, table->dst_offset); |
| 956 offset = StoreU32(result, offset, table->dst_length); |
| 957 } |
| 958 std::vector<uint8_t> uncompressed_buf; |
| 959 bool continue_valid = false; |
| 960 for (uint16_t i = 0; i < num_tables; ++i) { |
| 961 const Table* table = &tables.at(i); |
| 962 uint32_t flags = table->flags; |
| 963 const uint8_t* src_buf = data + table->src_offset; |
| 964 uint32_t compression_type = flags & kCompressionTypeMask; |
| 965 const uint8_t* transform_buf = NULL; |
| 966 size_t transform_length = table->transform_length; |
| 967 if ((flags & kWoff2FlagsContinueStream) != 0) { |
| 968 if (!continue_valid) { |
| 969 return OTS_FAILURE(); |
| 970 } |
| 971 } else if (compression_type == kCompressionTypeNone) { |
| 972 if (transform_length != table->src_length) { |
| 973 return OTS_FAILURE(); |
| 974 } |
| 975 transform_buf = src_buf; |
| 976 continue_valid = false; |
| 977 } else if ((flags & kWoff2FlagsContinueStream) == 0) { |
| 978 uint64_t total_size = transform_length; |
| 979 for (uint16_t j = i + 1; j < num_tables; ++j) { |
| 980 if ((tables.at(j).flags & kWoff2FlagsContinueStream) == 0) { |
| 981 break; |
| 982 } |
| 983 total_size += tables.at(j).transform_length; |
| 984 if (total_size > std::numeric_limits<uint32_t>::max()) { |
| 985 return OTS_FAILURE(); |
| 986 } |
| 987 } |
| 988 // Enforce same 30M limit on uncompressed tables as OTS |
| 989 if (total_size > 30 * 1024 * 1024) { |
| 990 return OTS_FAILURE(); |
| 991 } |
| 992 uncompressed_buf.resize(total_size); |
| 993 if (!Woff2Uncompress(&uncompressed_buf[0], total_size, |
| 994 src_buf, table->src_length, compression_type)) { |
| 995 return OTS_FAILURE(); |
| 996 } |
| 997 transform_buf = &uncompressed_buf[0]; |
| 998 continue_valid = true; |
| 999 } else { |
| 1000 return OTS_FAILURE(); |
| 1001 } |
| 1002 |
| 1003 if ((flags & kWoff2FlagsTransform) == 0) { |
| 1004 if (transform_length != table->dst_length) { |
| 1005 return OTS_FAILURE(); |
| 1006 } |
| 1007 if (static_cast<uint64_t>(table->dst_offset + transform_length) > |
| 1008 result_length) { |
| 1009 return OTS_FAILURE(); |
| 1010 } |
| 1011 std::memcpy(result + table->dst_offset, transform_buf, |
| 1012 transform_length); |
| 1013 } else { |
| 1014 if (!ReconstructTransformed(tables, table->tag, |
| 1015 transform_buf, transform_length, result, result_length)) { |
| 1016 return OTS_FAILURE(); |
| 1017 } |
| 1018 } |
| 1019 if (continue_valid) { |
| 1020 transform_buf += transform_length; |
| 1021 if (transform_buf > &uncompressed_buf[uncompressed_buf.size()]) { |
| 1022 return OTS_FAILURE(); |
| 1023 } |
| 1024 } |
| 1025 } |
| 1026 |
| 1027 return FixChecksums(tables, result); |
| 1028 } |
| 1029 |
| 1030 } // namespace ots |
OLD | NEW |