Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(809)

Side by Side Diff: src/woff2.cc

Issue 13918002: [OTS] Integrate WOFF 2.0 algorithm into OTS (Closed) Base URL: http://ots.googlecode.com/svn/trunk/
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/woff2.h ('k') | test/ot-sanitise.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Property Changes:
Added: svn:eol-style
+ LF
OLDNEW
(Empty)
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // This is the implementation of decompression of the proposed WOFF Ultra
6 // Condensed file format.
7
8 #include <cassert>
9 #include <cstdlib>
10 #include <vector>
11
12 #include <zlib.h>
13
14 #include "third_party/lzma_sdk/LzmaLib.h"
15
16 #include "opentype-sanitiser.h"
17 #include "ots-memory-stream.h"
18 #include "ots.h"
19 #include "woff2.h"
20
21 namespace {
22
23 // simple glyph flags
24 const int kGlyfOnCurve = 1 << 0;
25 const int kGlyfXShort = 1 << 1;
26 const int kGlyfYShort = 1 << 2;
27 const int kGlyfRepeat = 1 << 3;
28 const int kGlyfThisXIsSame = 1 << 4;
29 const int kGlyfThisYIsSame = 1 << 5;
30
31 // composite glyph flags
32 const int FLAG_ARG_1_AND_2_ARE_WORDS = 1 << 0;
33 const int FLAG_ARGS_ARE_XY_VALUES = 1 << 1;
34 const int FLAG_ROUND_XY_TO_GRID = 1 << 2;
35 const int FLAG_WE_HAVE_A_SCALE = 1 << 3;
36 const int FLAG_RESERVED = 1 << 4;
37 const int FLAG_MORE_COMPONENTS = 1 << 5;
38 const int FLAG_WE_HAVE_AN_X_AND_Y_SCALE = 1 << 6;
39 const int FLAG_WE_HAVE_A_TWO_BY_TWO = 1 << 7;
40 const int FLAG_WE_HAVE_INSTRUCTIONS = 1 << 8;
41 const int FLAG_USE_MY_METRICS = 1 << 9;
42 const int FLAG_OVERLAP_COMPOUND = 1 << 10;
43 const int FLAG_SCALED_COMPONENT_OFFSET = 1 << 11;
44 const int FLAG_UNSCALED_COMPONENT_OFFSET = 1 << 12;
45
46 const size_t kSfntHeaderSize = 12;
47 const size_t kSfntEntrySize = 16;
48 const size_t kCheckSumAdjustmentOffset = 8;
49
50 const size_t kEndPtsOfContoursOffset = 10;
51 const size_t kCompositeGlyphBegin = 10;
52
53 // Note that the byte order is big-endian, not the same as ots.cc
54 #define TAG(a, b, c, d) ((a << 24) | (b << 16) | (c << 8) | d)
55
56 const unsigned int kWoff2FlagsContinueStream = 1 << 4;
57 const unsigned int kWoff2FlagsTransform = 1 << 5;
58
59 const size_t kWoff2HeaderSize = 44;
60 const size_t kWoff2EntrySize = 20;
61
62 const size_t kLzmaHeaderSize = 13;
63
64 // Compression type values common to both short and long formats
65 const uint32_t kCompressionTypeMask = 0xf;
66 const uint32_t kCompressionTypeNone = 0;
67 const uint32_t kCompressionTypeGzip = 1;
68 const uint32_t kCompressionTypeLzma = 2;
69
70 // This is a special value for the short format only, as described in
71 // "Design for compressed header format" in draft doc.
72 const uint32_t kShortFlagsContinue = 3;
73
74 struct Point {
75 int x;
76 int y;
77 bool on_curve;
78 };
79
80 struct Table {
81 uint32_t tag;
82 uint32_t flags;
83 uint32_t src_offset;
84 uint32_t src_length;
85
86 uint32_t transform_length;
87
88 uint32_t dst_offset;
89 uint32_t dst_length;
90
91 Table()
92 : tag(0)
93 , flags(0)
Yusuke Sato 2013/05/07 06:11:27 this does not look like a Chromium style. Please c
Kunihiko Sakamoto 2013/05/07 10:17:23 Fixed, thanks.
94 , src_offset(0)
95 , src_length(0)
96 , transform_length(0)
97 , dst_offset(0)
98 , dst_length(0)
99 {}
100 };
101
102 // Based on section 6.1.1 of MicroType Express draft spec
103 bool Read255UShort(ots::Buffer* buf, unsigned int* value) {
104 static const int kWordCode = 253;
105 static const int kOneMoreByteCode2 = 254;
106 static const int kOneMoreByteCode1 = 255;
107 static const int kLowestUCode = 253;
108 uint8_t code = 0;
109 if (!buf->ReadU8(&code)) {
110 return OTS_FAILURE();
111 }
112 if (code == kWordCode) {
113 uint16_t result = 0;
114 if (!buf->ReadU16(&result)) {
115 return OTS_FAILURE();
116 }
117 *value = result;
118 return true;
119 } else if (code == kOneMoreByteCode1) {
120 uint8_t result = 0;
121 if (!buf->ReadU8(&result)) {
122 return OTS_FAILURE();
123 }
124 *value = result + kLowestUCode;
125 return true;
126 } else if (code == kOneMoreByteCode2) {
127 uint8_t result = 0;
128 if (!buf->ReadU8(&result)) {
129 return OTS_FAILURE();
130 }
131 *value = result + kLowestUCode * 2;
132 return true;
133 } else {
134 *value = code;
135 return true;
136 }
137 }
138
139 bool ReadBase128(ots::Buffer* buf, uint32_t* value) {
140 uint32_t result = 0;
141 for (size_t i = 0; i < 5; ++i) {
142 uint8_t code = 0;
143 if (!buf->ReadU8(&code)) {
144 return OTS_FAILURE();
145 }
146 // If any of the top seven bits are set then we're about to overflow.
147 if (result & 0xe0000000U) {
148 return OTS_FAILURE();
149 }
150 result = (result << 7) | (code & 0x7f);
151 if ((code & 0x80) == 0) {
152 *value = result;
153 return true;
154 }
155 }
156 // Make sure not to exceed the size bound
157 return OTS_FAILURE();
158 }
159
160 size_t StoreU32(uint8_t* dst, size_t offset, uint32_t x) {
161 dst[offset] = x >> 24;
162 dst[offset + 1] = x >> 16;
163 dst[offset + 2] = x >> 8;
164 dst[offset + 3] = x;
165 return offset + 4;
166 }
167
168 size_t Store16(uint8_t* dst, size_t offset, int x) {
169 dst[offset] = x >> 8;
170 dst[offset + 1] = x;
171 return offset + 2;
172 }
173
174 int WithSign(int flag, int baseval) {
175 assert(0 <= baseval && baseval < 65536);
176 return (flag & 1) ? baseval : -baseval;
177 }
178
179 bool TripletDecode(const uint8_t* flags_in, const uint8_t* in, size_t in_size,
180 unsigned int n_points, std::vector<Point>* result,
181 size_t* in_bytes_consumed) {
182 int x = 0;
183 int y = 0;
184
185 if (n_points > in_size) {
186 return OTS_FAILURE();
187 }
188 unsigned int triplet_index = 0;
189
190 for (unsigned int i = 0; i < n_points; ++i) {
191 uint8_t flag = flags_in[i];
192 bool on_curve = !(flag >> 7);
193 flag &= 0x7f;
194 unsigned int n_data_bytes;
195 if (flag < 84) {
196 n_data_bytes = 1;
197 } else if (flag < 120) {
198 n_data_bytes = 2;
199 } else if (flag < 124) {
200 n_data_bytes = 3;
201 } else {
202 n_data_bytes = 4;
203 }
204 if (triplet_index + n_data_bytes > in_size ||
205 triplet_index + n_data_bytes < triplet_index) {
206 return OTS_FAILURE();
207 }
208 int dx, dy;
209 if (flag < 10) {
210 dx = 0;
211 dy = WithSign(flag, ((flag & 14) << 7) + in[triplet_index]);
212 } else if (flag < 20) {
213 dx = WithSign(flag, (((flag - 10) & 14) << 7) + in[triplet_index]);
214 dy = 0;
215 } else if (flag < 84) {
216 int b0 = flag - 20;
217 int b1 = in[triplet_index];
218 dx = WithSign(flag, 1 + (b0 & 0x30) + (b1 >> 4));
219 dy = WithSign(flag >> 1, 1 + ((b0 & 0x0c) << 2) + (b1 & 0x0f));
220 } else if (flag < 120) {
221 int b0 = flag - 84;
222 dx = WithSign(flag, 1 + ((b0 / 12) << 8) + in[triplet_index]);
223 dy = WithSign(flag >> 1,
224 1 + (((b0 % 12) >> 2) << 8) + in[triplet_index + 1]);
225 } else if (flag < 124) {
226 int b2 = in[triplet_index + 1];
227 dx = WithSign(flag, (in[triplet_index] << 4) + (b2 >> 4));
228 dy = WithSign(flag >> 1, ((b2 & 0x0f) << 8) + in[triplet_index + 2]);
229 } else {
230 dx = WithSign(flag, (in[triplet_index] << 8) + in[triplet_index + 1]);
231 dy = WithSign(flag >> 1,
232 (in[triplet_index + 2] << 8) + in[triplet_index + 3]);
233 }
234 triplet_index += n_data_bytes;
235 // Possible overflow but coordinate values are not security sensitive
236 x += dx;
237 y += dy;
238 result->push_back(Point());
239 Point& back = result->back();
240 back.x = x;
241 back.y = y;
242 back.on_curve = on_curve;
243 }
244 *in_bytes_consumed = triplet_index;
245 return true;
246 }
247
248 // This function stores just the point data. On entry, dst points to the
249 // beginning of a simple glyph. Returns true on success.
250 bool StorePoints(const std::vector<Point>& points,
251 unsigned int n_contours, unsigned int instruction_length,
252 uint8_t* dst, size_t dst_size, size_t* glyph_size) {
253 // I believe that n_contours < 65536, in which case this is safe. However, a
254 // comment and/or an assert would be good.
255 unsigned int flag_offset = kEndPtsOfContoursOffset + 2 * n_contours + 2 +
256 instruction_length;
257 int last_flag = -1;
258 int repeat_count = 0;
259 int last_x = 0;
260 int last_y = 0;
261 unsigned int x_bytes = 0;
262 unsigned int y_bytes = 0;
263
264 for (size_t i = 0; i < points.size(); ++i) {
265 const Point& point = points.at(i);
266 int flag = point.on_curve ? kGlyfOnCurve : 0;
267 int dx = point.x - last_x;
268 int dy = point.y - last_y;
269 if (dx == 0) {
270 flag |= kGlyfThisXIsSame;
271 } else if (dx > -256 && dx < 256) {
272 flag |= kGlyfXShort | (dx > 0 ? kGlyfThisXIsSame : 0);
273 x_bytes += 1;
274 } else {
275 x_bytes += 2;
276 }
277 if (dy == 0) {
278 flag |= kGlyfThisYIsSame;
279 } else if (dy > -256 && dy < 256) {
280 flag |= kGlyfYShort | (dy > 0 ? kGlyfThisYIsSame : 0);
281 y_bytes += 1;
282 } else {
283 y_bytes += 2;
284 }
285
286 if (flag == last_flag && repeat_count != 255) {
287 dst[flag_offset - 1] |= kGlyfRepeat;
288 repeat_count++;
289 } else {
290 if (repeat_count != 0) {
291 if (flag_offset >= dst_size) {
292 return OTS_FAILURE();
293 }
294 dst[flag_offset++] = repeat_count;
295 }
296 if (flag_offset >= dst_size) {
297 return OTS_FAILURE();
298 }
299 dst[flag_offset++] = flag;
300 repeat_count = 0;
301 }
302 last_x = point.x;
303 last_y = point.y;
304 last_flag = flag;
305 }
306
307 if (repeat_count != 0) {
308 if (flag_offset >= dst_size) {
309 return OTS_FAILURE();
310 }
311 dst[flag_offset++] = repeat_count;
312 }
313 unsigned int xy_bytes = x_bytes + y_bytes;
314 if (xy_bytes < x_bytes ||
315 flag_offset + xy_bytes < flag_offset ||
316 flag_offset + xy_bytes > dst_size) {
317 return OTS_FAILURE();
318 }
319
320 int x_offset = flag_offset;
321 int y_offset = flag_offset + x_bytes;
322 last_x = 0;
323 last_y = 0;
324 for (size_t i = 0; i < points.size(); ++i) {
325 int dx = points.at(i).x - last_x;
326 if (dx == 0) {
327 // pass
328 } else if (dx > -256 && dx < 256) {
329 dst[x_offset++] = std::abs(dx);
330 } else {
331 // will always fit for valid input, but overflow is harmless
332 x_offset = Store16(dst, x_offset, dx);
333 }
334 last_x += dx;
335 int dy = points.at(i).y - last_y;
336 if (dy == 0) {
337 // pass
338 } else if (dy > -256 && dy < 256) {
339 dst[y_offset++] = std::abs(dy);
340 } else {
341 y_offset = Store16(dst, y_offset, dy);
342 }
343 last_y += dy;
344 }
345 *glyph_size = y_offset;
346 return true;
347 }
348
349 // Compute the bounding box of the coordinates, and store into a glyf buffer.
350 // A precondition is that there are at least 10 bytes available.
351 void ComputeBbox(const std::vector<Point>& points, uint8_t* dst) {
352 int x_min = 0;
353 int y_min = 0;
354 int x_max = 0;
355 int y_max = 0;
356
357 for (size_t i = 0; i < points.size(); ++i) {
358 int x = points.at(i).x;
359 int y = points.at(i).y;
360 if (i == 0 || x < x_min) x_min = x;
361 if (i == 0 || x > x_max) x_max = x;
362 if (i == 0 || y < y_min) y_min = y;
363 if (i == 0 || y > y_max) y_max = y;
364 }
365 size_t offset = 2;
366 offset = Store16(dst, offset, x_min);
367 offset = Store16(dst, offset, y_min);
368 offset = Store16(dst, offset, x_max);
369 offset = Store16(dst, offset, y_max);
370 }
371
372 // Process entire bbox stream. This is done as a separate pass to allow for
373 // composite bbox computations (an optional more aggressive transform).
374 bool ProcessBboxStream(ots::Buffer* bbox_stream, unsigned int n_glyphs,
375 const std::vector<uint32_t>& loca_values, uint8_t* glyf_buf,
376 size_t glyf_buf_length) {
377 const uint8_t* buf = bbox_stream->buffer();
378 if (n_glyphs >= 65536 || loca_values.size() != n_glyphs + 1) {
379 return OTS_FAILURE();
380 }
381 // Safe because n_glyphs is bounded
382 unsigned int bitmap_length = ((n_glyphs + 31) >> 5) << 2;
383 if (!bbox_stream->Skip(bitmap_length)) {
384 return OTS_FAILURE();
385 }
386 for (unsigned int i = 0; i < n_glyphs; ++i) {
387 if (buf[i >> 3] & (0x80 >> (i & 7))) {
388 uint32_t loca_offset = loca_values.at(i);
389 if (loca_values.at(i + 1) - loca_offset < kEndPtsOfContoursOffset) {
390 return OTS_FAILURE();
391 }
392 if (glyf_buf_length < 2 + 10 ||
393 loca_offset > glyf_buf_length - 2 - 10) {
394 return OTS_FAILURE();
395 }
396 if (!bbox_stream->Read(glyf_buf + loca_offset + 2, 8)) {
397 return OTS_FAILURE();
398 }
399 }
400 }
401 return true;
402 }
403
404 bool ProcessComposite(ots::Buffer* composite_stream, uint8_t* dst,
405 size_t dst_size, size_t* glyph_size, bool* have_instructions) {
406 size_t start_offset = composite_stream->offset();
407 bool we_have_instructions = false;
408
409 uint16_t flags = FLAG_MORE_COMPONENTS;
410 while (flags & FLAG_MORE_COMPONENTS) {
411 if (!composite_stream->ReadU16(&flags)) {
412 return OTS_FAILURE();
413 }
414 we_have_instructions |= (flags & FLAG_WE_HAVE_INSTRUCTIONS) != 0;
415 size_t arg_size = 2; // glyph index
416 if (flags & FLAG_ARG_1_AND_2_ARE_WORDS) {
417 arg_size += 4;
418 } else {
419 arg_size += 2;
420 }
421 if (flags & FLAG_WE_HAVE_A_SCALE) {
422 arg_size += 2;
423 } else if (flags & FLAG_WE_HAVE_AN_X_AND_Y_SCALE) {
424 arg_size += 4;
425 } else if (flags & FLAG_WE_HAVE_A_TWO_BY_TWO) {
426 arg_size += 8;
427 }
428 if (!composite_stream->Skip(arg_size)) {
429 return OTS_FAILURE();
430 }
431 }
432 size_t composite_glyph_size = composite_stream->offset() - start_offset;
433 if (composite_glyph_size + kCompositeGlyphBegin > dst_size) {
434 return OTS_FAILURE();
435 }
436 Store16(dst, 0, 0xffff); // nContours = -1 for composite glyph
437 std::memcpy(dst + kCompositeGlyphBegin,
438 composite_stream->buffer() + start_offset,
439 composite_glyph_size);
440 *glyph_size = kCompositeGlyphBegin + composite_glyph_size;
441 *have_instructions = we_have_instructions;
442 return true;
443 }
444
445 // Build TrueType loca table
446 bool StoreLoca(const std::vector<uint32_t>& loca_values, int index_format,
447 uint8_t* dst, size_t dst_size) {
448 const uint64_t loca_size = loca_values.size();
449 const uint64_t offset_size = index_format ? 4 : 2;
450 if ((loca_size << 2) >> 2 != loca_size) {
451 return OTS_FAILURE();
452 }
453 // No integer overflow here (loca_size <= 2^16).
454 if (offset_size * loca_size > dst_size) {
455 return OTS_FAILURE();
456 }
457 size_t offset = 0;
458 for (size_t i = 0; i < loca_values.size(); ++i) {
459 uint32_t value = loca_values.at(i);
460 if (index_format) {
461 offset = StoreU32(dst, offset, value);
462 } else {
463 offset = Store16(dst, offset, value >> 1);
464 }
465 }
466 return true;
467 }
468
469 // Reconstruct entire glyf table based on transformed original
470 bool ReconstructGlyf(const uint8_t* data, size_t data_size,
471 uint8_t* dst, size_t dst_size,
472 uint8_t* loca_buf, size_t loca_size) {
473 static const int kNumSubStreams = 7;
474 ots::Buffer file(data, data_size);
475 uint32_t version;
476 std::vector<std::pair<const uint8_t*, size_t> > substreams(kNumSubStreams);
477
478 if (!file.ReadU32(&version)) {
479 return OTS_FAILURE();
480 }
481 uint16_t num_glyphs;
482 uint16_t index_format;
483 if (!file.ReadU16(&num_glyphs) ||
484 !file.ReadU16(&index_format)) {
485 return OTS_FAILURE();
486 }
487 unsigned int offset = (2 + kNumSubStreams) * 4;
488 if (offset > data_size) {
489 return OTS_FAILURE();
490 }
491 // Invariant from here on: data_size >= offset
492 for (int i = 0; i < kNumSubStreams; ++i) {
493 uint32_t substream_size;
494 if (!file.ReadU32(&substream_size)) {
495 return OTS_FAILURE();
496 }
497 if (substream_size > data_size - offset) {
498 return OTS_FAILURE();
499 }
500 substreams.at(i) = std::make_pair(data + offset, substream_size);
501 offset += substream_size;
502 }
503 ots::Buffer n_contour_stream(substreams.at(0).first, substreams.at(0).second);
504 ots::Buffer n_points_stream(substreams.at(1).first, substreams.at(1).second);
505 ots::Buffer flag_stream(substreams.at(2).first, substreams.at(2).second);
506 ots::Buffer glyph_stream(substreams.at(3).first, substreams.at(3).second);
507 ots::Buffer composite_stream(substreams.at(4).first, substreams.at(4).second);
508 ots::Buffer bbox_stream(substreams.at(5).first, substreams.at(5).second);
509 ots::Buffer instruction_stream(substreams.at(6).first, substreams.at(6).second );
510
511 std::vector<uint32_t> loca_values(num_glyphs + 1);
512 std::vector<unsigned int> n_points_vec;
513 std::vector<Point> points;
514 uint32_t loca_offset = 0;
515 for (unsigned int i = 0; i < num_glyphs; ++i) {
516 size_t glyph_size = 0;
517 uint16_t n_contours = 0;
518 if (!n_contour_stream.ReadU16(&n_contours)) {
519 return OTS_FAILURE();
520 }
521 uint8_t* glyf_dst = dst + loca_offset;
522 size_t glyf_dst_size = dst_size - loca_offset;
523 if (n_contours == 0xffff) {
524 // composite glyph
525 bool have_instructions = false;
526 unsigned int instruction_size = 0;
527 if (!ProcessComposite(&composite_stream, glyf_dst, glyf_dst_size,
528 &glyph_size, &have_instructions)) {
529 return OTS_FAILURE();
530 }
531 if (have_instructions) {
532 if (!Read255UShort(&glyph_stream, &instruction_size)) {
533 return OTS_FAILURE();
534 }
535 if (instruction_size + 2 > glyf_dst_size - glyph_size) {
536 return OTS_FAILURE();
537 }
538 Store16(glyf_dst, glyph_size, instruction_size);
539 if (!instruction_stream.Read(glyf_dst + glyph_size + 2,
540 instruction_size)) {
541 return OTS_FAILURE();
542 }
543 glyph_size += instruction_size + 2;
544 }
545 } else if (n_contours > 0) {
546 // simple glyph
547 n_points_vec.clear();
548 points.clear();
549 unsigned int total_n_points = 0;
550 unsigned int n_points_contour;
551 for (unsigned int j = 0; j < n_contours; ++j) {
552 if (!Read255UShort(&n_points_stream, &n_points_contour)) {
553 return OTS_FAILURE();
554 }
555 n_points_vec.push_back(n_points_contour);
556 if (total_n_points + n_points_contour < total_n_points) {
557 return OTS_FAILURE();
558 }
559 total_n_points += n_points_contour;
560 }
561 unsigned int flag_size = total_n_points;
562 if (flag_size > flag_stream.length() - flag_stream.offset()) {
563 return OTS_FAILURE();
564 }
565 const uint8_t* flags_buf = flag_stream.buffer() + flag_stream.offset();
566 const uint8_t* triplet_buf = glyph_stream.buffer() +
567 glyph_stream.offset();
568 size_t triplet_size = glyph_stream.length() - glyph_stream.offset();
569 size_t triplet_bytes_consumed = 0;
570 if (!TripletDecode(flags_buf, triplet_buf, triplet_size, total_n_points,
571 &points, &triplet_bytes_consumed)) {
572 return OTS_FAILURE();
573 }
574 const uint32_t header_and_endpts_contours_size =
575 kEndPtsOfContoursOffset + 2 * n_contours;
576 if (glyf_dst_size < header_and_endpts_contours_size) {
577 return OTS_FAILURE();
578 }
579 Store16(glyf_dst, 0, n_contours);
580 ComputeBbox(points, glyf_dst);
581 size_t offset = kEndPtsOfContoursOffset;
582 int end_point = -1;
583 for (unsigned int contour_ix = 0; contour_ix < n_contours; ++contour_ix) {
584 end_point += n_points_vec.at(contour_ix);
585 if (end_point >= 65536) {
586 return OTS_FAILURE();
587 }
588 offset = Store16(glyf_dst, offset, end_point);
589 }
590 if (!flag_stream.Skip(flag_size)) {
591 return OTS_FAILURE();
592 }
593 if (!glyph_stream.Skip(triplet_bytes_consumed)) {
594 return OTS_FAILURE();
595 }
596 unsigned int instruction_size;
597 if (!Read255UShort(&glyph_stream, &instruction_size)) {
598 return OTS_FAILURE();
599 }
600 if (glyf_dst_size - header_and_endpts_contours_size <
601 instruction_size + 2) {
602 return OTS_FAILURE();
603 }
604 uint8_t* instruction_dst = glyf_dst + header_and_endpts_contours_size;
605 Store16(instruction_dst, 0, instruction_size);
606 if (!instruction_stream.Read(instruction_dst + 2, instruction_size)) {
607 return OTS_FAILURE();
608 }
609 if (!StorePoints(points, n_contours, instruction_size,
610 glyf_dst, glyf_dst_size, &glyph_size)) {
611 return OTS_FAILURE();
612 }
613 } else {
614 glyph_size = 0;
615 }
616 loca_values.at(i) = loca_offset;
617 if (glyph_size + 3 < glyph_size) {
618 return OTS_FAILURE();
619 }
620 glyph_size = ots::Round4(glyph_size);
621 if (glyph_size > dst_size - loca_offset) {
622 // This shouldn't happen, but this test defensively maintains the
623 // invariant that loca_offset <= dst_size.
624 return OTS_FAILURE();
625 }
626 loca_offset += glyph_size;
627 }
628 loca_values.at(num_glyphs) = loca_offset;
629 if (!ProcessBboxStream(&bbox_stream, num_glyphs, loca_values,
630 dst, dst_size)) {
631 return OTS_FAILURE();
632 }
633 return StoreLoca(loca_values, index_format, loca_buf, loca_size);
634 }
635
636 // This is linear search, but could be changed to binary because we
637 // do have a guarantee that the tables are sorted by tag. But the total
638 // cpu time is expected to be very small in any case.
639 const Table* FindTable(const std::vector<Table>& tables, uint32_t tag) {
640 size_t n_tables = tables.size();
641 for (size_t i = 0; i < n_tables; ++i) {
642 if (tables.at(i).tag == tag) {
643 return &tables.at(i);
644 }
645 }
646 return NULL;
647 }
648
649 bool ReconstructTransformed(const std::vector<Table>& tables, uint32_t tag,
650 const uint8_t* transformed_buf, size_t transformed_size,
651 uint8_t* dst, size_t dst_length) {
652 if (tag == TAG('g', 'l', 'y', 'f')) {
653 const Table* glyf_table = FindTable(tables, tag);
654 const Table* loca_table = FindTable(tables, TAG('l', 'o', 'c', 'a'));
655 if (glyf_table == NULL || loca_table == NULL) {
656 return OTS_FAILURE();
657 }
658 if (static_cast<uint64_t>(glyf_table->dst_offset + glyf_table->dst_length) >
659 dst_length) {
660 return OTS_FAILURE();
661 }
662 if (static_cast<uint64_t>(loca_table->dst_offset + loca_table->dst_length) >
663 dst_length) {
664 return OTS_FAILURE();
665 }
666 return ReconstructGlyf(transformed_buf, transformed_size,
667 dst + glyf_table->dst_offset, glyf_table->dst_length,
668 dst + loca_table->dst_offset, loca_table->dst_length);
669 } else if (tag == TAG('l', 'o', 'c', 'a')) {
670 // processing was already done by glyf table, but validate
671 if (!FindTable(tables, TAG('g', 'l', 'y', 'f'))) {
672 return OTS_FAILURE();
673 }
674 } else {
675 // transform for the tag is not known
676 return OTS_FAILURE();
677 }
678 return true;
679 }
680
681 uint32_t ComputeChecksum(const uint8_t* buf, size_t size) {
682 uint32_t checksum = 0;
683 for (size_t i = 0; i < size; i += 4) {
684 // We assume the addition is mod 2^32, which is valid because unsigned
685 checksum += (buf[i] << 24) | (buf[i + 1] << 16) |
686 (buf[i + 2] << 8) | buf[i + 3];
687 }
688 return checksum;
689 }
690
691 bool FixChecksums(const std::vector<Table>& tables, uint8_t* dst) {
692 const Table* head_table = FindTable(tables, TAG('h', 'e', 'a', 'd'));
693 if (head_table == NULL ||
694 head_table->dst_length < kCheckSumAdjustmentOffset + 4) {
695 return OTS_FAILURE();
696 }
697 size_t adjustment_offset = head_table->dst_offset + kCheckSumAdjustmentOffset;
698 if (adjustment_offset < head_table->dst_offset) {
699 return OTS_FAILURE();
700 }
701 StoreU32(dst, adjustment_offset, 0);
702 size_t n_tables = tables.size();
703 uint32_t file_checksum = 0;
704 for (size_t i = 0; i < n_tables; ++i) {
705 const Table* table = &tables.at(i);
706 size_t table_length = table->dst_length;
707 uint8_t* table_data = dst + table->dst_offset;
708 uint32_t checksum = ComputeChecksum(table_data, table_length);
709 StoreU32(dst, kSfntHeaderSize + i * kSfntEntrySize + 4, checksum);
710 file_checksum += checksum; // The addition is mod 2^32
711 }
712 file_checksum += ComputeChecksum(dst,
713 kSfntHeaderSize + kSfntEntrySize * n_tables);
714 uint32_t checksum_adjustment = 0xb1b0afba - file_checksum;
715 StoreU32(dst, adjustment_offset, checksum_adjustment);
716 return true;
717 }
718
719 bool Woff2Uncompress(uint8_t* dst_buf, size_t dst_size,
720 const uint8_t* src_buf, size_t src_size, uint32_t compression_type) {
721 if (compression_type == kCompressionTypeGzip) {
722 uLongf uncompressed_length = dst_size;
723 int r = uncompress(reinterpret_cast<Bytef *>(dst_buf), &uncompressed_length,
724 src_buf, src_size);
725 if (r != Z_OK || uncompressed_length != dst_size) {
726 return OTS_FAILURE();
727 }
728 return true;
729 } else if (compression_type == kCompressionTypeLzma) {
730 if (src_size < kLzmaHeaderSize) {
731 // Make sure we have at least a full Lzma header
732 return OTS_FAILURE();
733 }
734 // TODO: check that size matches (or elide size?)
735 size_t uncompressed_size = dst_size;
736 size_t compressed_size = src_size;
737 int result = LzmaUncompress(dst_buf, &dst_size,
738 src_buf + kLzmaHeaderSize, &compressed_size,
739 src_buf, LZMA_PROPS_SIZE);
740 if (result != SZ_OK || uncompressed_size != dst_size) {
741 return OTS_FAILURE();
742 }
743 return true;
744 }
745 // Unknown compression type
746 return OTS_FAILURE();
747 }
748
749 const uint32_t kKnownTags[] = {
750 TAG('c', 'm', 'a', 'p'), // 0
751 TAG('h', 'e', 'a', 'd'), // 1
752 TAG('h', 'h', 'e', 'a'), // 2
753 TAG('h', 'm', 't', 'x'), // 3
754 TAG('m', 'a', 'x', 'p'), // 4
755 TAG('n', 'a', 'm', 'e'), // 5
756 TAG('O', 'S', '/', '2'), // 6
757 TAG('p', 'o', 's', 't'), // 7
758 TAG('c', 'v', 't', ' '), // 8
759 TAG('f', 'p', 'g', 'm'), // 9
760 TAG('g', 'l', 'y', 'f'), // 10
761 TAG('l', 'o', 'c', 'a'), // 11
762 TAG('p', 'r', 'e', 'p'), // 12
763 TAG('C', 'F', 'F', ' '), // 13
764 TAG('V', 'O', 'R', 'G'), // 14
765 TAG('E', 'B', 'D', 'T'), // 15
766 TAG('E', 'B', 'L', 'C'), // 16
767 TAG('g', 'a', 's', 'p'), // 17
768 TAG('h', 'd', 'm', 'x'), // 18
769 TAG('k', 'e', 'r', 'n'), // 19
770 TAG('L', 'T', 'S', 'H'), // 20
771 TAG('P', 'C', 'L', 'T'), // 21
772 TAG('V', 'D', 'M', 'X'), // 22
773 TAG('v', 'h', 'e', 'a'), // 23
774 TAG('v', 'm', 't', 'x'), // 24
775 TAG('B', 'A', 'S', 'E'), // 25
776 TAG('G', 'D', 'E', 'F'), // 26
777 TAG('G', 'P', 'O', 'S'), // 27
778 TAG('G', 'S', 'U', 'B'), // 28
779 };
780
781 bool ReadShortDirectory(ots::Buffer* file, std::vector<Table>* tables,
782 size_t num_tables) {
783 uint32_t last_compression_type = 0;
784 for (size_t i = 0; i < num_tables; ++i) {
785 Table* table = &tables->at(i);
786 uint8_t flag_byte;
787 if (!file->ReadU8(&flag_byte)) {
788 return OTS_FAILURE();
789 }
790 uint32_t tag;
791 if ((flag_byte & 0x1f) == 0x1f) {
792 if (!file->ReadU32(&tag)) {
793 return OTS_FAILURE();
794 }
795 } else {
796 if ((flag_byte & 0x1f) >= arraysize(kKnownTags)) {
797 return OTS_FAILURE();
798 }
799 tag = kKnownTags[flag_byte & 0x1f];
800 }
801 uint32_t flags = flag_byte >> 6;
802 if (flags == kShortFlagsContinue) {
803 flags = last_compression_type | kWoff2FlagsContinueStream;
804 } else {
805 if (flags == kCompressionTypeNone ||
806 flags == kCompressionTypeGzip ||
807 flags == kCompressionTypeLzma) {
808 last_compression_type = flags;
809 } else {
810 return OTS_FAILURE();
811 }
812 }
813 if ((flag_byte & 0x20) != 0) {
814 flags |= kWoff2FlagsTransform;
815 }
816 uint32_t dst_length;
817 if (!ReadBase128(file, &dst_length)) {
818 return OTS_FAILURE();
819 }
820 uint32_t transform_length = dst_length;
821 if ((flags & kWoff2FlagsTransform) != 0) {
822 if (!ReadBase128(file, &transform_length)) {
823 return OTS_FAILURE();
824 }
825 }
826 uint32_t src_length = transform_length;
827 if ((flag_byte >> 6) == 1 || (flag_byte >> 6) == 2) {
828 if (!ReadBase128(file, &src_length)) {
829 return OTS_FAILURE();
830 }
831 }
832 // Disallow huge numbers (> 1GB) for sanity.
833 if (src_length > 1024 * 1024 * 1024 ||
834 transform_length > 1024 * 1024 * 1024 ||
835 dst_length > 1024 * 1024 * 1024) {
836 return OTS_FAILURE();
837 }
838
839 table->tag = tag;
840 table->flags = flags;
841 table->src_length = src_length;
842 table->transform_length = transform_length;
843 table->dst_length = dst_length;
844 }
845 return true;
846 }
847
848 } // namespace
849
850 namespace ots {
851
852 size_t ComputeWOFF2FinalSize(const uint8_t* data, size_t length) {
853 ots::Buffer file(data, length);
854 uint32_t total_length;
855
856 if (!file.Skip(16) ||
857 !file.ReadU32(&total_length)) {
858 return 0;
859 }
860 return total_length;
861 }
862
863 bool ConvertWOFF2ToTTF(uint8_t* result, size_t result_length,
864 const uint8_t* data, size_t length) {
865 static const uint32_t kWoff2Signature = 0x774f4632; // "wOF2"
866 ots::Buffer file(data, length);
867
868 uint32_t signature;
869 uint32_t flavor;
870 if (!file.ReadU32(&signature) || signature != kWoff2Signature ||
871 !file.ReadU32(&flavor)) {
872 return OTS_FAILURE();
873 }
874
875 if (!IsValidVersionTag(ntohl(flavor))) {
876 return OTS_FAILURE();
877 }
878
879 uint32_t reported_length;
880 if (!file.ReadU32(&reported_length) || length != reported_length) {
881 return OTS_FAILURE();
882 }
883 uint16_t num_tables;
884 if (!file.ReadU16(&num_tables) || !num_tables) {
885 return OTS_FAILURE();
886 }
887 // We don't care about these fields of the header:
888 // uint16_t reserved
889 // uint32_t total_sfnt_size
890 // uint16_t major_version, minor_version
891 // uint32_t meta_offset, meta_length, meta_orig_length
892 // uint32_t priv_offset, priv_length
893 if (!file.Skip(30)) {
894 return OTS_FAILURE();
895 }
896 std::vector<Table> tables(num_tables);
897 // Note: change below to ReadLongDirectory to enable long format.
898 if (!ReadShortDirectory(&file, &tables, num_tables)) {
899 return OTS_FAILURE();
900 }
901 uint64_t src_offset = file.offset();
902 uint64_t dst_offset = kSfntHeaderSize +
903 kSfntEntrySize * static_cast<uint64_t>(num_tables);
904 uint64_t uncompressed_sum = 0;
905 for (uint16_t i = 0; i < num_tables; ++i) {
906 Table* table = &tables.at(i);
907 table->src_offset = src_offset;
908 src_offset += table->src_length;
909 if (src_offset > std::numeric_limits<uint32_t>::max()) {
910 return OTS_FAILURE();
911 }
912 src_offset = ots::Round4(src_offset);
913 table->dst_offset = dst_offset;
914 dst_offset += table->dst_length;
915 if (dst_offset > std::numeric_limits<uint32_t>::max()) {
916 return OTS_FAILURE();
917 }
918 dst_offset = ots::Round4(dst_offset);
919 if ((table->flags & kCompressionTypeMask) != kCompressionTypeNone) {
920 uncompressed_sum += table->src_length;
921 if (uncompressed_sum > std::numeric_limits<uint32_t>::max()) {
922 return OTS_FAILURE();
923 }
924 }
925 }
926 // Enforce same 30M limit on uncompressed tables as OTS
927 if (uncompressed_sum > 30 * 1024 * 1024) {
928 return OTS_FAILURE();
929 }
930 if (src_offset > length || dst_offset > result_length) {
931 return OTS_FAILURE();
932 }
933
934 const uint32_t sfnt_header_and_table_directory_size = 12 + 16 * num_tables;
935 if (sfnt_header_and_table_directory_size > result_length) {
936 return OTS_FAILURE();
937 }
938
939 // Start building the font
940 size_t offset = 0;
941 offset = StoreU32(result, offset, flavor);
942 offset = Store16(result, offset, num_tables);
943 unsigned max_pow2 = 0;
944 while (1u << (max_pow2 + 1) <= num_tables) {
945 max_pow2++;
946 }
947 const uint16_t output_search_range = (1u << max_pow2) << 4;
948 offset = Store16(result, offset, output_search_range);
949 offset = Store16(result, offset, max_pow2);
950 offset = Store16(result, offset, (num_tables << 4) - output_search_range);
951 for (uint16_t i = 0; i < num_tables; ++i) {
952 const Table* table = &tables.at(i);
953 offset = StoreU32(result, offset, table->tag);
954 offset = StoreU32(result, offset, 0); // checksum, to fill in later
955 offset = StoreU32(result, offset, table->dst_offset);
956 offset = StoreU32(result, offset, table->dst_length);
957 }
958 std::vector<uint8_t> uncompressed_buf;
959 bool continue_valid = false;
960 for (uint16_t i = 0; i < num_tables; ++i) {
961 const Table* table = &tables.at(i);
962 uint32_t flags = table->flags;
963 const uint8_t* src_buf = data + table->src_offset;
964 uint32_t compression_type = flags & kCompressionTypeMask;
965 const uint8_t* transform_buf = NULL;
966 size_t transform_length = table->transform_length;
967 if ((flags & kWoff2FlagsContinueStream) != 0) {
968 if (!continue_valid) {
969 return OTS_FAILURE();
970 }
971 } else if (compression_type == kCompressionTypeNone) {
972 if (transform_length != table->src_length) {
973 return OTS_FAILURE();
974 }
975 transform_buf = src_buf;
976 continue_valid = false;
977 } else if ((flags & kWoff2FlagsContinueStream) == 0) {
978 uint64_t total_size = transform_length;
979 for (uint16_t j = i + 1; j < num_tables; ++j) {
980 if ((tables.at(j).flags & kWoff2FlagsContinueStream) == 0) {
981 break;
982 }
983 total_size += tables.at(j).transform_length;
984 if (total_size > std::numeric_limits<uint32_t>::max()) {
985 return OTS_FAILURE();
986 }
987 }
988 // Enforce same 30M limit on uncompressed tables as OTS
989 if (total_size > 30 * 1024 * 1024) {
990 return OTS_FAILURE();
991 }
992 uncompressed_buf.resize(total_size);
993 if (!Woff2Uncompress(&uncompressed_buf[0], total_size,
994 src_buf, table->src_length, compression_type)) {
995 return OTS_FAILURE();
996 }
997 transform_buf = &uncompressed_buf[0];
998 continue_valid = true;
999 } else {
1000 return OTS_FAILURE();
1001 }
1002
1003 if ((flags & kWoff2FlagsTransform) == 0) {
1004 if (transform_length != table->dst_length) {
1005 return OTS_FAILURE();
1006 }
1007 if (static_cast<uint64_t>(table->dst_offset + transform_length) >
1008 result_length) {
1009 return OTS_FAILURE();
1010 }
1011 std::memcpy(result + table->dst_offset, transform_buf,
1012 transform_length);
1013 } else {
1014 if (!ReconstructTransformed(tables, table->tag,
1015 transform_buf, transform_length, result, result_length)) {
1016 return OTS_FAILURE();
1017 }
1018 }
1019 if (continue_valid) {
1020 transform_buf += transform_length;
1021 if (transform_buf > &uncompressed_buf[uncompressed_buf.size()]) {
1022 return OTS_FAILURE();
1023 }
1024 }
1025 }
1026
1027 return FixChecksums(tables, result);
1028 }
1029
1030 } // namespace ots
OLDNEW
« no previous file with comments | « src/woff2.h ('k') | test/ot-sanitise.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698