| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 // This is the implementation of decompression of the proposed WOFF Ultra | |
| 6 // Condensed file format. | |
| 7 | |
| 8 #include <cassert> | |
| 9 #include <cstdlib> | |
| 10 #include <vector> | |
| 11 | |
| 12 #include "third_party/brotli/dec/decode.h" | |
| 13 | |
| 14 #include "opentype-sanitiser.h" | |
| 15 #include "ots-memory-stream.h" | |
| 16 #include "ots.h" | |
| 17 #include "woff2.h" | |
| 18 | |
| 19 #define TABLE_NAME "WOFF2" | |
| 20 | |
| 21 namespace { | |
| 22 | |
| 23 // simple glyph flags | |
| 24 const uint8_t kGlyfOnCurve = 1 << 0; | |
| 25 const uint8_t kGlyfXShort = 1 << 1; | |
| 26 const uint8_t kGlyfYShort = 1 << 2; | |
| 27 const uint8_t kGlyfRepeat = 1 << 3; | |
| 28 const uint8_t kGlyfThisXIsSame = 1 << 4; | |
| 29 const uint8_t kGlyfThisYIsSame = 1 << 5; | |
| 30 | |
| 31 // composite glyph flags | |
| 32 const int FLAG_ARG_1_AND_2_ARE_WORDS = 1 << 0; | |
| 33 const int FLAG_WE_HAVE_A_SCALE = 1 << 3; | |
| 34 const int FLAG_MORE_COMPONENTS = 1 << 5; | |
| 35 const int FLAG_WE_HAVE_AN_X_AND_Y_SCALE = 1 << 6; | |
| 36 const int FLAG_WE_HAVE_A_TWO_BY_TWO = 1 << 7; | |
| 37 const int FLAG_WE_HAVE_INSTRUCTIONS = 1 << 8; | |
| 38 | |
| 39 const size_t kSfntHeaderSize = 12; | |
| 40 const size_t kSfntEntrySize = 16; | |
| 41 const size_t kCheckSumAdjustmentOffset = 8; | |
| 42 | |
| 43 const size_t kEndPtsOfContoursOffset = 10; | |
| 44 const size_t kCompositeGlyphBegin = 10; | |
| 45 | |
| 46 const unsigned int kWoff2FlagsTransform = 1 << 5; | |
| 47 | |
| 48 const uint32_t kKnownTags[] = { | |
| 49 OTS_TAG('c','m','a','p'), // 0 | |
| 50 OTS_TAG('h','e','a','d'), // 1 | |
| 51 OTS_TAG('h','h','e','a'), // 2 | |
| 52 OTS_TAG('h','m','t','x'), // 3 | |
| 53 OTS_TAG('m','a','x','p'), // 4 | |
| 54 OTS_TAG('n','a','m','e'), // 5 | |
| 55 OTS_TAG('O','S','/','2'), // 6 | |
| 56 OTS_TAG('p','o','s','t'), // 7 | |
| 57 OTS_TAG('c','v','t',' '), // 8 | |
| 58 OTS_TAG('f','p','g','m'), // 9 | |
| 59 OTS_TAG('g','l','y','f'), // 10 | |
| 60 OTS_TAG('l','o','c','a'), // 11 | |
| 61 OTS_TAG('p','r','e','p'), // 12 | |
| 62 OTS_TAG('C','F','F',' '), // 13 | |
| 63 OTS_TAG('V','O','R','G'), // 14 | |
| 64 OTS_TAG('E','B','D','T'), // 15 | |
| 65 OTS_TAG('E','B','L','C'), // 16 | |
| 66 OTS_TAG('g','a','s','p'), // 17 | |
| 67 OTS_TAG('h','d','m','x'), // 18 | |
| 68 OTS_TAG('k','e','r','n'), // 19 | |
| 69 OTS_TAG('L','T','S','H'), // 20 | |
| 70 OTS_TAG('P','C','L','T'), // 21 | |
| 71 OTS_TAG('V','D','M','X'), // 22 | |
| 72 OTS_TAG('v','h','e','a'), // 23 | |
| 73 OTS_TAG('v','m','t','x'), // 24 | |
| 74 OTS_TAG('B','A','S','E'), // 25 | |
| 75 OTS_TAG('G','D','E','F'), // 26 | |
| 76 OTS_TAG('G','P','O','S'), // 27 | |
| 77 OTS_TAG('G','S','U','B'), // 28 | |
| 78 OTS_TAG('E','B','S','C'), // 29 | |
| 79 OTS_TAG('J','S','T','F'), // 30 | |
| 80 OTS_TAG('M','A','T','H'), // 31 | |
| 81 OTS_TAG('C','B','D','T'), // 32 | |
| 82 OTS_TAG('C','B','L','C'), // 33 | |
| 83 OTS_TAG('C','O','L','R'), // 34 | |
| 84 OTS_TAG('C','P','A','L'), // 35 | |
| 85 OTS_TAG('S','V','G',' '), // 36 | |
| 86 OTS_TAG('s','b','i','x'), // 37 | |
| 87 OTS_TAG('a','c','n','t'), // 38 | |
| 88 OTS_TAG('a','v','a','r'), // 39 | |
| 89 OTS_TAG('b','d','a','t'), // 40 | |
| 90 OTS_TAG('b','l','o','c'), // 41 | |
| 91 OTS_TAG('b','s','l','n'), // 42 | |
| 92 OTS_TAG('c','v','a','r'), // 43 | |
| 93 OTS_TAG('f','d','s','c'), // 44 | |
| 94 OTS_TAG('f','e','a','t'), // 45 | |
| 95 OTS_TAG('f','m','t','x'), // 46 | |
| 96 OTS_TAG('f','v','a','r'), // 47 | |
| 97 OTS_TAG('g','v','a','r'), // 48 | |
| 98 OTS_TAG('h','s','t','y'), // 49 | |
| 99 OTS_TAG('j','u','s','t'), // 50 | |
| 100 OTS_TAG('l','c','a','r'), // 51 | |
| 101 OTS_TAG('m','o','r','t'), // 52 | |
| 102 OTS_TAG('m','o','r','x'), // 53 | |
| 103 OTS_TAG('o','p','b','d'), // 54 | |
| 104 OTS_TAG('p','r','o','p'), // 55 | |
| 105 OTS_TAG('t','r','a','k'), // 56 | |
| 106 OTS_TAG('Z','a','p','f'), // 57 | |
| 107 OTS_TAG('S','i','l','f'), // 58 | |
| 108 OTS_TAG('G','l','a','t'), // 59 | |
| 109 OTS_TAG('G','l','o','c'), // 60 | |
| 110 OTS_TAG('F','e','a','t'), // 61 | |
| 111 OTS_TAG('S','i','l','l'), // 62 | |
| 112 }; | |
| 113 | |
| 114 struct Point { | |
| 115 int16_t x; | |
| 116 int16_t y; | |
| 117 bool on_curve; | |
| 118 }; | |
| 119 | |
| 120 struct Table { | |
| 121 uint32_t tag; | |
| 122 uint32_t flags; | |
| 123 | |
| 124 uint32_t transform_length; | |
| 125 | |
| 126 uint32_t dst_offset; | |
| 127 uint32_t dst_length; | |
| 128 | |
| 129 Table() | |
| 130 : tag(0), | |
| 131 flags(0), | |
| 132 transform_length(0), | |
| 133 dst_offset(0), | |
| 134 dst_length(0) {} | |
| 135 | |
| 136 bool operator<(const Table& other) const { | |
| 137 return tag < other.tag; | |
| 138 } | |
| 139 }; | |
| 140 | |
| 141 // Based on section 6.1.1 of MicroType Express draft spec | |
| 142 bool Read255UShort(ots::Buffer* buf, uint16_t* value) { | |
| 143 static const uint8_t kWordCode = 253; | |
| 144 static const uint8_t kOneMoreByteCode2 = 254; | |
| 145 static const uint8_t kOneMoreByteCode1 = 255; | |
| 146 static const uint8_t kLowestUCode = 253; | |
| 147 uint8_t code = 0; | |
| 148 if (!buf->ReadU8(&code)) { | |
| 149 return OTS_FAILURE(); | |
| 150 } | |
| 151 if (code == kWordCode) { | |
| 152 uint16_t result = 0; | |
| 153 if (!buf->ReadU16(&result)) { | |
| 154 return OTS_FAILURE(); | |
| 155 } | |
| 156 *value = result; | |
| 157 return true; | |
| 158 } else if (code == kOneMoreByteCode1) { | |
| 159 uint8_t result = 0; | |
| 160 if (!buf->ReadU8(&result)) { | |
| 161 return OTS_FAILURE(); | |
| 162 } | |
| 163 *value = result + kLowestUCode; | |
| 164 return true; | |
| 165 } else if (code == kOneMoreByteCode2) { | |
| 166 uint8_t result = 0; | |
| 167 if (!buf->ReadU8(&result)) { | |
| 168 return OTS_FAILURE(); | |
| 169 } | |
| 170 *value = result + kLowestUCode * 2; | |
| 171 return true; | |
| 172 } else { | |
| 173 *value = code; | |
| 174 return true; | |
| 175 } | |
| 176 } | |
| 177 | |
| 178 bool ReadBase128(ots::Buffer* buf, uint32_t* value) { | |
| 179 uint32_t result = 0; | |
| 180 for (size_t i = 0; i < 5; ++i) { | |
| 181 uint8_t code = 0; | |
| 182 if (!buf->ReadU8(&code)) { | |
| 183 return OTS_FAILURE(); | |
| 184 } | |
| 185 if (i == 0 && code == 0x80) { | |
| 186 return OTS_FAILURE(); | |
| 187 } | |
| 188 // If any of the top seven bits are set then we're about to overflow. | |
| 189 if (result & 0xfe000000U) { | |
| 190 return OTS_FAILURE(); | |
| 191 } | |
| 192 result = (result << 7) | (code & 0x7f); | |
| 193 if ((code & 0x80) == 0) { | |
| 194 *value = result; | |
| 195 return true; | |
| 196 } | |
| 197 } | |
| 198 // Make sure not to exceed the size bound | |
| 199 return OTS_FAILURE(); | |
| 200 } | |
| 201 | |
| 202 // Caller must ensure that buffer overrun won't happen. | |
| 203 // TODO(ksakamaoto): Consider creating 'writer' version of the Buffer class | |
| 204 // and use it across the code. | |
| 205 size_t StoreU32(uint8_t* dst, size_t offset, uint32_t x) { | |
| 206 dst[offset] = x >> 24; | |
| 207 dst[offset + 1] = (x >> 16) & 0xff; | |
| 208 dst[offset + 2] = (x >> 8) & 0xff; | |
| 209 dst[offset + 3] = x & 0xff; | |
| 210 return offset + 4; | |
| 211 } | |
| 212 | |
| 213 size_t StoreU16(uint8_t* dst, size_t offset, uint16_t x) { | |
| 214 dst[offset] = x >> 8; | |
| 215 dst[offset + 1] = x & 0xff; | |
| 216 return offset + 2; | |
| 217 } | |
| 218 | |
| 219 int WithSign(int flag, int baseval) { | |
| 220 assert(0 <= baseval && baseval < 65536); | |
| 221 return (flag & 1) ? baseval : -baseval; | |
| 222 } | |
| 223 | |
| 224 bool TripletDecode(const uint8_t* flags_in, const uint8_t* in, size_t in_size, | |
| 225 unsigned int n_points, std::vector<Point>* result, | |
| 226 size_t* in_bytes_consumed) { | |
| 227 int x = 0; | |
| 228 int y = 0; | |
| 229 | |
| 230 // Early return if |in| buffer is too small. Each point consumes 1-4 bytes. | |
| 231 if (n_points > in_size) { | |
| 232 return OTS_FAILURE(); | |
| 233 } | |
| 234 unsigned int triplet_index = 0; | |
| 235 | |
| 236 for (unsigned int i = 0; i < n_points; ++i) { | |
| 237 uint8_t flag = flags_in[i]; | |
| 238 bool on_curve = !(flag >> 7); | |
| 239 flag &= 0x7f; | |
| 240 unsigned int n_data_bytes; | |
| 241 if (flag < 84) { | |
| 242 n_data_bytes = 1; | |
| 243 } else if (flag < 120) { | |
| 244 n_data_bytes = 2; | |
| 245 } else if (flag < 124) { | |
| 246 n_data_bytes = 3; | |
| 247 } else { | |
| 248 n_data_bytes = 4; | |
| 249 } | |
| 250 if (triplet_index + n_data_bytes > in_size || | |
| 251 triplet_index + n_data_bytes < triplet_index) { | |
| 252 return OTS_FAILURE(); | |
| 253 } | |
| 254 int dx, dy; | |
| 255 if (flag < 10) { | |
| 256 dx = 0; | |
| 257 dy = WithSign(flag, ((flag & 14) << 7) + in[triplet_index]); | |
| 258 } else if (flag < 20) { | |
| 259 dx = WithSign(flag, (((flag - 10) & 14) << 7) + in[triplet_index]); | |
| 260 dy = 0; | |
| 261 } else if (flag < 84) { | |
| 262 int b0 = flag - 20; | |
| 263 int b1 = in[triplet_index]; | |
| 264 dx = WithSign(flag, 1 + (b0 & 0x30) + (b1 >> 4)); | |
| 265 dy = WithSign(flag >> 1, 1 + ((b0 & 0x0c) << 2) + (b1 & 0x0f)); | |
| 266 } else if (flag < 120) { | |
| 267 int b0 = flag - 84; | |
| 268 dx = WithSign(flag, 1 + ((b0 / 12) << 8) + in[triplet_index]); | |
| 269 dy = WithSign(flag >> 1, | |
| 270 1 + (((b0 % 12) >> 2) << 8) + in[triplet_index + 1]); | |
| 271 } else if (flag < 124) { | |
| 272 int b2 = in[triplet_index + 1]; | |
| 273 dx = WithSign(flag, (in[triplet_index] << 4) + (b2 >> 4)); | |
| 274 dy = WithSign(flag >> 1, ((b2 & 0x0f) << 8) + in[triplet_index + 2]); | |
| 275 } else { | |
| 276 dx = WithSign(flag, (in[triplet_index] << 8) + in[triplet_index + 1]); | |
| 277 dy = WithSign(flag >> 1, | |
| 278 (in[triplet_index + 2] << 8) + in[triplet_index + 3]); | |
| 279 } | |
| 280 triplet_index += n_data_bytes; | |
| 281 // Possible overflow but coordinate values are not security sensitive | |
| 282 x += dx; | |
| 283 y += dy; | |
| 284 result->push_back(Point()); | |
| 285 Point& back = result->back(); | |
| 286 back.x = static_cast<int16_t>(x); | |
| 287 back.y = static_cast<int16_t>(y); | |
| 288 back.on_curve = on_curve; | |
| 289 } | |
| 290 *in_bytes_consumed = triplet_index; | |
| 291 return true; | |
| 292 } | |
| 293 | |
| 294 // This function stores just the point data. On entry, dst points to the | |
| 295 // beginning of a simple glyph. Returns true on success. | |
| 296 bool StorePoints(const std::vector<Point>& points, | |
| 297 unsigned int n_contours, unsigned int instruction_length, | |
| 298 uint8_t* dst, size_t dst_size, size_t* glyph_size) { | |
| 299 // I believe that n_contours < 65536, in which case this is safe. However, a | |
| 300 // comment and/or an assert would be good. | |
| 301 unsigned int flag_offset = kEndPtsOfContoursOffset + 2 * n_contours + 2 + | |
| 302 instruction_length; | |
| 303 uint8_t last_flag = 0xff; | |
| 304 uint8_t repeat_count = 0; | |
| 305 int last_x = 0; | |
| 306 int last_y = 0; | |
| 307 unsigned int x_bytes = 0; | |
| 308 unsigned int y_bytes = 0; | |
| 309 | |
| 310 for (size_t i = 0; i < points.size(); ++i) { | |
| 311 const Point& point = points.at(i); | |
| 312 uint8_t flag = point.on_curve ? kGlyfOnCurve : 0; | |
| 313 int dx = point.x - last_x; | |
| 314 int dy = point.y - last_y; | |
| 315 if (dx == 0) { | |
| 316 flag |= kGlyfThisXIsSame; | |
| 317 } else if (dx > -256 && dx < 256) { | |
| 318 flag |= kGlyfXShort | (dx > 0 ? kGlyfThisXIsSame : 0); | |
| 319 x_bytes += 1; | |
| 320 } else { | |
| 321 x_bytes += 2; | |
| 322 } | |
| 323 if (dy == 0) { | |
| 324 flag |= kGlyfThisYIsSame; | |
| 325 } else if (dy > -256 && dy < 256) { | |
| 326 flag |= kGlyfYShort | (dy > 0 ? kGlyfThisYIsSame : 0); | |
| 327 y_bytes += 1; | |
| 328 } else { | |
| 329 y_bytes += 2; | |
| 330 } | |
| 331 | |
| 332 if (flag == last_flag && repeat_count != 255) { | |
| 333 dst[flag_offset - 1] |= kGlyfRepeat; | |
| 334 repeat_count++; | |
| 335 } else { | |
| 336 if (repeat_count != 0) { | |
| 337 if (flag_offset >= dst_size) { | |
| 338 return OTS_FAILURE(); | |
| 339 } | |
| 340 dst[flag_offset++] = repeat_count; | |
| 341 } | |
| 342 if (flag_offset >= dst_size) { | |
| 343 return OTS_FAILURE(); | |
| 344 } | |
| 345 dst[flag_offset++] = flag; | |
| 346 repeat_count = 0; | |
| 347 } | |
| 348 last_x = point.x; | |
| 349 last_y = point.y; | |
| 350 last_flag = flag; | |
| 351 } | |
| 352 | |
| 353 if (repeat_count != 0) { | |
| 354 if (flag_offset >= dst_size) { | |
| 355 return OTS_FAILURE(); | |
| 356 } | |
| 357 dst[flag_offset++] = repeat_count; | |
| 358 } | |
| 359 unsigned int xy_bytes = x_bytes + y_bytes; | |
| 360 if (xy_bytes < x_bytes || | |
| 361 flag_offset + xy_bytes < flag_offset || | |
| 362 flag_offset + xy_bytes > dst_size) { | |
| 363 return OTS_FAILURE(); | |
| 364 } | |
| 365 | |
| 366 int x_offset = flag_offset; | |
| 367 int y_offset = flag_offset + x_bytes; | |
| 368 last_x = 0; | |
| 369 last_y = 0; | |
| 370 for (size_t i = 0; i < points.size(); ++i) { | |
| 371 int dx = points.at(i).x - last_x; | |
| 372 if (dx == 0) { | |
| 373 // pass | |
| 374 } else if (dx > -256 && dx < 256) { | |
| 375 dst[x_offset++] = static_cast<uint8_t>(std::abs(dx)); | |
| 376 } else { | |
| 377 // will always fit for valid input, but overflow is harmless | |
| 378 x_offset = StoreU16(dst, x_offset, static_cast<uint16_t>(dx)); | |
| 379 } | |
| 380 last_x += dx; | |
| 381 int dy = points.at(i).y - last_y; | |
| 382 if (dy == 0) { | |
| 383 // pass | |
| 384 } else if (dy > -256 && dy < 256) { | |
| 385 dst[y_offset++] = static_cast<uint8_t>(std::abs(dy)); | |
| 386 } else { | |
| 387 y_offset = StoreU16(dst, y_offset, static_cast<uint16_t>(dy)); | |
| 388 } | |
| 389 last_y += dy; | |
| 390 } | |
| 391 *glyph_size = y_offset; | |
| 392 return true; | |
| 393 } | |
| 394 | |
| 395 // Compute the bounding box of the coordinates, and store into a glyf buffer. | |
| 396 // A precondition is that there are at least 10 bytes available. | |
| 397 void ComputeBbox(const std::vector<Point>& points, uint8_t* dst) { | |
| 398 int16_t x_min = 0; | |
| 399 int16_t y_min = 0; | |
| 400 int16_t x_max = 0; | |
| 401 int16_t y_max = 0; | |
| 402 | |
| 403 for (size_t i = 0; i < points.size(); ++i) { | |
| 404 int16_t x = points.at(i).x; | |
| 405 int16_t y = points.at(i).y; | |
| 406 if (i == 0 || x < x_min) x_min = x; | |
| 407 if (i == 0 || x > x_max) x_max = x; | |
| 408 if (i == 0 || y < y_min) y_min = y; | |
| 409 if (i == 0 || y > y_max) y_max = y; | |
| 410 } | |
| 411 size_t offset = 2; | |
| 412 offset = StoreU16(dst, offset, x_min); | |
| 413 offset = StoreU16(dst, offset, y_min); | |
| 414 offset = StoreU16(dst, offset, x_max); | |
| 415 offset = StoreU16(dst, offset, y_max); | |
| 416 } | |
| 417 | |
| 418 // Process entire bbox stream. This is done as a separate pass to allow for | |
| 419 // composite bbox computations (an optional more aggressive transform). | |
| 420 bool ProcessBboxStream(ots::Buffer* bbox_stream, unsigned int n_glyphs, | |
| 421 const std::vector<uint32_t>& loca_values, uint8_t* glyf_buf, | |
| 422 size_t glyf_buf_length) { | |
| 423 const uint8_t* buf = bbox_stream->buffer(); | |
| 424 if (n_glyphs >= 65536 || loca_values.size() != n_glyphs + 1) { | |
| 425 return OTS_FAILURE(); | |
| 426 } | |
| 427 // Safe because n_glyphs is bounded | |
| 428 unsigned int bitmap_length = ((n_glyphs + 31) >> 5) << 2; | |
| 429 if (!bbox_stream->Skip(bitmap_length)) { | |
| 430 return OTS_FAILURE(); | |
| 431 } | |
| 432 for (unsigned int i = 0; i < n_glyphs; ++i) { | |
| 433 if (buf[i >> 3] & (0x80 >> (i & 7))) { | |
| 434 uint32_t loca_offset = loca_values.at(i); | |
| 435 if (loca_values.at(i + 1) - loca_offset < kEndPtsOfContoursOffset) { | |
| 436 return OTS_FAILURE(); | |
| 437 } | |
| 438 if (glyf_buf_length < 2 + 10 || | |
| 439 loca_offset > glyf_buf_length - 2 - 10) { | |
| 440 return OTS_FAILURE(); | |
| 441 } | |
| 442 if (!bbox_stream->Read(glyf_buf + loca_offset + 2, 8)) { | |
| 443 return OTS_FAILURE(); | |
| 444 } | |
| 445 } | |
| 446 } | |
| 447 return true; | |
| 448 } | |
| 449 | |
| 450 bool ProcessComposite(ots::Buffer* composite_stream, uint8_t* dst, | |
| 451 size_t dst_size, size_t* glyph_size, bool* have_instructions) { | |
| 452 size_t start_offset = composite_stream->offset(); | |
| 453 bool we_have_instructions = false; | |
| 454 | |
| 455 uint16_t flags = FLAG_MORE_COMPONENTS; | |
| 456 while (flags & FLAG_MORE_COMPONENTS) { | |
| 457 if (!composite_stream->ReadU16(&flags)) { | |
| 458 return OTS_FAILURE(); | |
| 459 } | |
| 460 we_have_instructions |= (flags & FLAG_WE_HAVE_INSTRUCTIONS) != 0; | |
| 461 size_t arg_size = 2; // glyph index | |
| 462 if (flags & FLAG_ARG_1_AND_2_ARE_WORDS) { | |
| 463 arg_size += 4; | |
| 464 } else { | |
| 465 arg_size += 2; | |
| 466 } | |
| 467 if (flags & FLAG_WE_HAVE_A_SCALE) { | |
| 468 arg_size += 2; | |
| 469 } else if (flags & FLAG_WE_HAVE_AN_X_AND_Y_SCALE) { | |
| 470 arg_size += 4; | |
| 471 } else if (flags & FLAG_WE_HAVE_A_TWO_BY_TWO) { | |
| 472 arg_size += 8; | |
| 473 } | |
| 474 if (!composite_stream->Skip(arg_size)) { | |
| 475 return OTS_FAILURE(); | |
| 476 } | |
| 477 } | |
| 478 size_t composite_glyph_size = composite_stream->offset() - start_offset; | |
| 479 if (composite_glyph_size + kCompositeGlyphBegin > dst_size) { | |
| 480 return OTS_FAILURE(); | |
| 481 } | |
| 482 StoreU16(dst, 0, 0xffff); // nContours = -1 for composite glyph | |
| 483 std::memcpy(dst + kCompositeGlyphBegin, | |
| 484 composite_stream->buffer() + start_offset, | |
| 485 composite_glyph_size); | |
| 486 *glyph_size = kCompositeGlyphBegin + composite_glyph_size; | |
| 487 *have_instructions = we_have_instructions; | |
| 488 return true; | |
| 489 } | |
| 490 | |
| 491 // Build TrueType loca table | |
| 492 bool StoreLoca(const std::vector<uint32_t>& loca_values, int index_format, | |
| 493 uint8_t* dst, size_t dst_size) { | |
| 494 const uint64_t loca_size = loca_values.size(); | |
| 495 const uint64_t offset_size = index_format ? 4 : 2; | |
| 496 if ((loca_size << 2) >> 2 != loca_size) { | |
| 497 return OTS_FAILURE(); | |
| 498 } | |
| 499 // No integer overflow here (loca_size <= 2^16). | |
| 500 if (offset_size * loca_size > dst_size) { | |
| 501 return OTS_FAILURE(); | |
| 502 } | |
| 503 size_t offset = 0; | |
| 504 for (size_t i = 0; i < loca_values.size(); ++i) { | |
| 505 uint32_t value = loca_values.at(i); | |
| 506 if (index_format) { | |
| 507 offset = StoreU32(dst, offset, value); | |
| 508 } else { | |
| 509 offset = StoreU16(dst, offset, static_cast<uint16_t>(value >> 1)); | |
| 510 } | |
| 511 } | |
| 512 return true; | |
| 513 } | |
| 514 | |
| 515 // Reconstruct entire glyf table based on transformed original | |
| 516 bool ReconstructGlyf(ots::Font *font, | |
| 517 const uint8_t* data, size_t data_size, | |
| 518 uint8_t* dst, size_t dst_size, | |
| 519 uint8_t* loca_buf, size_t loca_size) { | |
| 520 static const int kNumSubStreams = 7; | |
| 521 ots::Buffer buffer(data, data_size); | |
| 522 uint32_t version; | |
| 523 std::vector<std::pair<const uint8_t*, size_t> > substreams(kNumSubStreams); | |
| 524 | |
| 525 if (!buffer.ReadU32(&version)) { | |
| 526 return OTS_FAILURE_MSG("Failed to read 'version' of transformed 'glyf' table
"); | |
| 527 } | |
| 528 uint16_t num_glyphs; | |
| 529 if (!buffer.ReadU16(&num_glyphs)) { | |
| 530 return OTS_FAILURE_MSG("Failed to read 'numGlyphs' from transformed 'glyf' t
able"); | |
| 531 } | |
| 532 uint16_t index_format; | |
| 533 if (!buffer.ReadU16(&index_format)) { | |
| 534 return OTS_FAILURE_MSG("Failed to read 'indexFormat' from transformed 'glyf'
table"); | |
| 535 } | |
| 536 unsigned int offset = (2 + kNumSubStreams) * 4; | |
| 537 if (offset > data_size) { | |
| 538 return OTS_FAILURE_MSG("Size of transformed 'glyf' table is too small to fit
its data"); | |
| 539 } | |
| 540 // Invariant from here on: data_size >= offset | |
| 541 for (int i = 0; i < kNumSubStreams; ++i) { | |
| 542 uint32_t substream_size; | |
| 543 if (!buffer.ReadU32(&substream_size)) { | |
| 544 return OTS_FAILURE_MSG("Failed to read substream size %d of transformed 'g
lyf' table", i); | |
| 545 } | |
| 546 if (substream_size > data_size - offset) { | |
| 547 return OTS_FAILURE_MSG("Size of substream %d of transformed 'glyf' table d
oes not fit in table size"); | |
| 548 } | |
| 549 substreams.at(i) = std::make_pair(data + offset, substream_size); | |
| 550 offset += substream_size; | |
| 551 } | |
| 552 ots::Buffer n_contour_stream(substreams.at(0).first, substreams.at(0).second); | |
| 553 ots::Buffer n_points_stream(substreams.at(1).first, substreams.at(1).second); | |
| 554 ots::Buffer flag_stream(substreams.at(2).first, substreams.at(2).second); | |
| 555 ots::Buffer glyph_stream(substreams.at(3).first, substreams.at(3).second); | |
| 556 ots::Buffer composite_stream(substreams.at(4).first, substreams.at(4).second); | |
| 557 ots::Buffer bbox_stream(substreams.at(5).first, substreams.at(5).second); | |
| 558 ots::Buffer instruction_stream(substreams.at(6).first, | |
| 559 substreams.at(6).second); | |
| 560 | |
| 561 std::vector<uint32_t> loca_values; | |
| 562 loca_values.reserve(num_glyphs + 1); | |
| 563 std::vector<uint16_t> n_points_vec; | |
| 564 std::vector<Point> points; | |
| 565 uint32_t loca_offset = 0; | |
| 566 const uint8_t* bbox_bitmap = bbox_stream.buffer(); | |
| 567 for (unsigned int i = 0; i < num_glyphs; ++i) { | |
| 568 size_t glyph_size = 0; | |
| 569 uint16_t n_contours = 0; | |
| 570 if (!n_contour_stream.ReadU16(&n_contours)) { | |
| 571 return OTS_FAILURE_MSG("Filed to read 'numberOfContours' of glyph %d from
transformed 'glyf' table", i); | |
| 572 } | |
| 573 uint8_t* glyf_dst = dst + loca_offset; | |
| 574 size_t glyf_dst_size = dst_size - loca_offset; | |
| 575 if (n_contours == 0xffff) { | |
| 576 // composite glyph | |
| 577 if (!(bbox_bitmap[i >> 3] & (0x80 >> (i & 7)))) { | |
| 578 return OTS_FAILURE_MSG("Composite glyph %d without bbox", i); | |
| 579 } | |
| 580 bool have_instructions = false; | |
| 581 uint16_t instruction_size = 0; | |
| 582 if (!ProcessComposite(&composite_stream, glyf_dst, glyf_dst_size, | |
| 583 &glyph_size, &have_instructions)) { | |
| 584 return OTS_FAILURE_MSG("Filed to process composite glyph %d from transfo
rmed 'glyf' table", i); | |
| 585 } | |
| 586 if (have_instructions) { | |
| 587 if (!Read255UShort(&glyph_stream, &instruction_size)) { | |
| 588 return OTS_FAILURE_MSG("Failed to read 'instructionLength' of glyph %d
from transformed 'glyf' table", i); | |
| 589 } | |
| 590 // No integer overflow here (instruction_size < 2^16). | |
| 591 if (instruction_size + 2U > glyf_dst_size - glyph_size) { | |
| 592 return OTS_FAILURE_MSG("'instructionLength' of glyph %d from transform
ed 'glyf' table does not fit in the destination glyph size", i); | |
| 593 } | |
| 594 StoreU16(glyf_dst, glyph_size, instruction_size); | |
| 595 if (!instruction_stream.Read(glyf_dst + glyph_size + 2, | |
| 596 instruction_size)) { | |
| 597 return OTS_FAILURE_MSG("Filed to read instructions of glyph %d from tr
ansformed 'glyf' table", i); | |
| 598 } | |
| 599 glyph_size += instruction_size + 2; | |
| 600 } | |
| 601 } else if (n_contours > 0) { | |
| 602 // simple glyph | |
| 603 n_points_vec.clear(); | |
| 604 points.clear(); | |
| 605 uint32_t total_n_points = 0; | |
| 606 uint16_t n_points_contour; | |
| 607 for (uint32_t j = 0; j < n_contours; ++j) { | |
| 608 if (!Read255UShort(&n_points_stream, &n_points_contour)) { | |
| 609 return OTS_FAILURE_MSG("Filed to read number of points of contour %d o
f glyph %d from transformed 'glyf' table", j, i); | |
| 610 } | |
| 611 n_points_vec.push_back(n_points_contour); | |
| 612 if (total_n_points + n_points_contour < total_n_points) { | |
| 613 return OTS_FAILURE_MSG("Negative number of points of contour %d of gly
ph %d from transformed 'glyf' table", j, i); | |
| 614 } | |
| 615 total_n_points += n_points_contour; | |
| 616 } | |
| 617 uint32_t flag_size = total_n_points; | |
| 618 if (flag_size > flag_stream.length() - flag_stream.offset()) { | |
| 619 return OTS_FAILURE(); | |
| 620 } | |
| 621 const uint8_t* flags_buf = flag_stream.buffer() + flag_stream.offset(); | |
| 622 const uint8_t* triplet_buf = glyph_stream.buffer() + | |
| 623 glyph_stream.offset(); | |
| 624 size_t triplet_size = glyph_stream.length() - glyph_stream.offset(); | |
| 625 size_t triplet_bytes_consumed = 0; | |
| 626 if (!TripletDecode(flags_buf, triplet_buf, triplet_size, total_n_points, | |
| 627 &points, &triplet_bytes_consumed)) { | |
| 628 return OTS_FAILURE(); | |
| 629 } | |
| 630 const uint32_t header_and_endpts_contours_size = | |
| 631 kEndPtsOfContoursOffset + 2 * n_contours; | |
| 632 if (glyf_dst_size < header_and_endpts_contours_size) { | |
| 633 return OTS_FAILURE(); | |
| 634 } | |
| 635 StoreU16(glyf_dst, 0, n_contours); | |
| 636 ComputeBbox(points, glyf_dst); | |
| 637 size_t endpts_offset = kEndPtsOfContoursOffset; | |
| 638 int end_point = -1; | |
| 639 for (unsigned int contour_ix = 0; contour_ix < n_contours; ++contour_ix) { | |
| 640 end_point += n_points_vec.at(contour_ix); | |
| 641 if (end_point >= 65536) { | |
| 642 return OTS_FAILURE(); | |
| 643 } | |
| 644 endpts_offset = StoreU16(glyf_dst, endpts_offset, static_cast<uint16_t>(
end_point)); | |
| 645 } | |
| 646 if (!flag_stream.Skip(flag_size)) { | |
| 647 return OTS_FAILURE(); | |
| 648 } | |
| 649 if (!glyph_stream.Skip(triplet_bytes_consumed)) { | |
| 650 return OTS_FAILURE(); | |
| 651 } | |
| 652 uint16_t instruction_size; | |
| 653 if (!Read255UShort(&glyph_stream, &instruction_size)) { | |
| 654 return OTS_FAILURE(); | |
| 655 } | |
| 656 // No integer overflow here (instruction_size < 2^16). | |
| 657 if (glyf_dst_size - header_and_endpts_contours_size < | |
| 658 instruction_size + 2U) { | |
| 659 return OTS_FAILURE(); | |
| 660 } | |
| 661 uint8_t* instruction_dst = glyf_dst + header_and_endpts_contours_size; | |
| 662 StoreU16(instruction_dst, 0, instruction_size); | |
| 663 if (!instruction_stream.Read(instruction_dst + 2, instruction_size)) { | |
| 664 return OTS_FAILURE(); | |
| 665 } | |
| 666 if (!StorePoints(points, n_contours, instruction_size, | |
| 667 glyf_dst, glyf_dst_size, &glyph_size)) { | |
| 668 return OTS_FAILURE_MSG("Failed to store points of glyph %d from the tran
sformed 'glyf' table", i); | |
| 669 } | |
| 670 } else { | |
| 671 glyph_size = 0; | |
| 672 } | |
| 673 loca_values.push_back(loca_offset); | |
| 674 if (glyph_size + 3 < glyph_size) { | |
| 675 return OTS_FAILURE(); | |
| 676 } | |
| 677 glyph_size = ots::Round2(glyph_size); | |
| 678 if (glyph_size > dst_size - loca_offset) { | |
| 679 // This shouldn't happen, but this test defensively maintains the | |
| 680 // invariant that loca_offset <= dst_size. | |
| 681 return OTS_FAILURE(); | |
| 682 } | |
| 683 loca_offset += glyph_size; | |
| 684 } | |
| 685 loca_values.push_back(loca_offset); | |
| 686 assert(loca_values.size() == static_cast<size_t>(num_glyphs + 1)); | |
| 687 if (!ProcessBboxStream(&bbox_stream, num_glyphs, loca_values, | |
| 688 dst, dst_size)) { | |
| 689 return OTS_FAILURE_MSG("Filed to process 'bboxStream' from the transformed '
glyf' table"); | |
| 690 } | |
| 691 return StoreLoca(loca_values, index_format, loca_buf, loca_size); | |
| 692 } | |
| 693 | |
| 694 // This is linear search, but could be changed to binary because we | |
| 695 // do have a guarantee that the tables are sorted by tag. But the total | |
| 696 // cpu time is expected to be very small in any case. | |
| 697 const Table* FindTable(const std::vector<Table>& tables, uint32_t tag) { | |
| 698 size_t n_tables = tables.size(); | |
| 699 for (size_t i = 0; i < n_tables; ++i) { | |
| 700 if (tables.at(i).tag == tag) { | |
| 701 return &tables.at(i); | |
| 702 } | |
| 703 } | |
| 704 return NULL; | |
| 705 } | |
| 706 | |
| 707 bool ReconstructTransformed(ots::Font *font, | |
| 708 const std::vector<Table>& tables, uint32_t tag, | |
| 709 const uint8_t* transformed_buf, size_t transformed_size, | |
| 710 uint8_t* dst, size_t dst_length) { | |
| 711 if (tag == OTS_TAG('g','l','y','f')) { | |
| 712 const Table* glyf_table = FindTable(tables, tag); | |
| 713 const Table* loca_table = FindTable(tables, OTS_TAG('l','o','c','a')); | |
| 714 if (glyf_table == NULL || loca_table == NULL) { | |
| 715 return OTS_FAILURE(); | |
| 716 } | |
| 717 if (static_cast<uint64_t>(glyf_table->dst_offset) + glyf_table->dst_length > | |
| 718 dst_length) { | |
| 719 return OTS_FAILURE(); | |
| 720 } | |
| 721 if (static_cast<uint64_t>(loca_table->dst_offset) + loca_table->dst_length > | |
| 722 dst_length) { | |
| 723 return OTS_FAILURE(); | |
| 724 } | |
| 725 return ReconstructGlyf(font, transformed_buf, transformed_size, | |
| 726 dst + glyf_table->dst_offset, glyf_table->dst_length, | |
| 727 dst + loca_table->dst_offset, loca_table->dst_length); | |
| 728 } else if (tag == OTS_TAG('l','o','c','a')) { | |
| 729 // processing was already done by glyf table, but validate | |
| 730 if (!FindTable(tables, OTS_TAG('g','l','y','f'))) { | |
| 731 return OTS_FAILURE(); | |
| 732 } | |
| 733 } else { | |
| 734 // transform for the tag is not known | |
| 735 return OTS_FAILURE(); | |
| 736 } | |
| 737 return true; | |
| 738 } | |
| 739 | |
| 740 uint32_t ComputeChecksum(const uint8_t* buf, size_t size) { | |
| 741 uint32_t checksum = 0; | |
| 742 for (size_t i = 0; i < size; i += 4) { | |
| 743 // We assume the addition is mod 2^32, which is valid because unsigned | |
| 744 checksum += (buf[i] << 24) | (buf[i + 1] << 16) | | |
| 745 (buf[i + 2] << 8) | buf[i + 3]; | |
| 746 } | |
| 747 return checksum; | |
| 748 } | |
| 749 | |
| 750 bool FixChecksums(const std::vector<Table>& tables, uint8_t* dst) { | |
| 751 const Table* head_table = FindTable(tables, OTS_TAG('h','e','a','d')); | |
| 752 if (head_table == NULL || | |
| 753 head_table->dst_length < kCheckSumAdjustmentOffset + 4) { | |
| 754 return OTS_FAILURE(); | |
| 755 } | |
| 756 size_t adjustment_offset = head_table->dst_offset + kCheckSumAdjustmentOffset; | |
| 757 if (adjustment_offset < head_table->dst_offset) { | |
| 758 return OTS_FAILURE(); | |
| 759 } | |
| 760 StoreU32(dst, adjustment_offset, 0); | |
| 761 size_t n_tables = tables.size(); | |
| 762 uint32_t file_checksum = 0; | |
| 763 for (size_t i = 0; i < n_tables; ++i) { | |
| 764 const Table* table = &tables.at(i); | |
| 765 size_t table_length = table->dst_length; | |
| 766 uint8_t* table_data = dst + table->dst_offset; | |
| 767 uint32_t checksum = ComputeChecksum(table_data, table_length); | |
| 768 StoreU32(dst, kSfntHeaderSize + i * kSfntEntrySize + 4, checksum); | |
| 769 file_checksum += checksum; // The addition is mod 2^32 | |
| 770 } | |
| 771 file_checksum += ComputeChecksum(dst, | |
| 772 kSfntHeaderSize + kSfntEntrySize * n_tables); | |
| 773 uint32_t checksum_adjustment = 0xb1b0afba - file_checksum; | |
| 774 StoreU32(dst, adjustment_offset, checksum_adjustment); | |
| 775 return true; | |
| 776 } | |
| 777 | |
| 778 bool ReadTableDirectory(ots::Font *font, | |
| 779 ots::Buffer* buffer, std::vector<Table>* tables, | |
| 780 size_t num_tables) { | |
| 781 for (size_t i = 0; i < num_tables; ++i) { | |
| 782 Table* table = &tables->at(i); | |
| 783 uint8_t flag_byte; | |
| 784 if (!buffer->ReadU8(&flag_byte)) { | |
| 785 return OTS_FAILURE_MSG("Failed to read the flags of table directory entry
%d", i); | |
| 786 } | |
| 787 uint32_t tag; | |
| 788 if ((flag_byte & 0x3f) == 0x3f) { | |
| 789 if (!buffer->ReadU32(&tag)) { | |
| 790 return OTS_FAILURE_MSG("Failed to read the tag of table directory entry
%d", i); | |
| 791 } | |
| 792 } else { | |
| 793 tag = kKnownTags[flag_byte & 0x3f]; | |
| 794 } | |
| 795 // Bits 6 and 7 are reserved and must be 0. | |
| 796 if ((flag_byte & 0xc0) != 0) { | |
| 797 return OTS_FAILURE_MSG("Bits 6 and 7 are not 0 for table directory entry %
d", i); | |
| 798 } | |
| 799 uint32_t flags = 0; | |
| 800 // Always transform the glyf and loca tables | |
| 801 if (tag == OTS_TAG('g','l','y','f') || | |
| 802 tag == OTS_TAG('l','o','c','a')) { | |
| 803 flags |= kWoff2FlagsTransform; | |
| 804 } | |
| 805 uint32_t dst_length; | |
| 806 if (!ReadBase128(buffer, &dst_length)) { | |
| 807 return OTS_FAILURE_MSG("Failed to read 'origLength' for table '%c%c%c%c'",
OTS_UNTAG(tag)); | |
| 808 } | |
| 809 uint32_t transform_length = dst_length; | |
| 810 if ((flags & kWoff2FlagsTransform) != 0) { | |
| 811 if (!ReadBase128(buffer, &transform_length)) { | |
| 812 return OTS_FAILURE_MSG("Failed to read 'transformLength' for table '%c%c
%c%c'", OTS_UNTAG(tag)); | |
| 813 } | |
| 814 | |
| 815 if (tag == OTS_TAG('l','o','c','a') && transform_length != 0) { | |
| 816 return OTS_FAILURE_MSG("The 'transformLength' of 'loca' table must be ze
ro: %d", transform_length); | |
| 817 } | |
| 818 } | |
| 819 // Disallow huge numbers (> 1GB) for sanity. | |
| 820 if (transform_length > 1024 * 1024 * 1024 || | |
| 821 dst_length > 1024 * 1024 * 1024) { | |
| 822 return OTS_FAILURE_MSG("'origLength' or 'transformLength' > 1GB"); | |
| 823 } | |
| 824 table->tag = tag; | |
| 825 table->flags = flags; | |
| 826 table->transform_length = transform_length; | |
| 827 table->dst_length = dst_length; | |
| 828 } | |
| 829 return true; | |
| 830 } | |
| 831 | |
| 832 } // namespace | |
| 833 | |
| 834 namespace ots { | |
| 835 | |
| 836 size_t ComputeWOFF2FinalSize(const uint8_t* data, size_t length) { | |
| 837 ots::Buffer file(data, length); | |
| 838 uint32_t total_length; | |
| 839 | |
| 840 if (!file.Skip(16) || | |
| 841 !file.ReadU32(&total_length)) { | |
| 842 return 0; | |
| 843 } | |
| 844 return total_length; | |
| 845 } | |
| 846 | |
| 847 bool ConvertWOFF2ToSFNT(ots::Font *font, | |
| 848 uint8_t* result, size_t result_length, | |
| 849 const uint8_t* data, size_t length) { | |
| 850 static const uint32_t kWoff2Signature = 0x774f4632; // "wOF2" | |
| 851 ots::Buffer buffer(data, length); | |
| 852 | |
| 853 uint32_t signature; | |
| 854 uint32_t flavor = 0; | |
| 855 if (!buffer.ReadU32(&signature) || signature != kWoff2Signature || | |
| 856 !buffer.ReadU32(&flavor)) { | |
| 857 return OTS_FAILURE_MSG("Failed to read 'signature' or 'flavor', or not WOFF2
signature"); | |
| 858 } | |
| 859 | |
| 860 if (!IsValidVersionTag(flavor)) { | |
| 861 return OTS_FAILURE_MSG("Invalid 'flavor'"); | |
| 862 } | |
| 863 | |
| 864 uint32_t reported_length; | |
| 865 if (!buffer.ReadU32(&reported_length) || length != reported_length) { | |
| 866 return OTS_FAILURE_MSG("Failed to read 'length' or it does not match the act
ual file size"); | |
| 867 } | |
| 868 uint16_t num_tables; | |
| 869 if (!buffer.ReadU16(&num_tables) || !num_tables) { | |
| 870 return OTS_FAILURE_MSG("Failed to read 'numTables'"); | |
| 871 } | |
| 872 | |
| 873 uint16_t reserved_value; | |
| 874 if (!buffer.ReadU16(&reserved_value)) { | |
| 875 return OTS_FAILURE_MSG("Failed to read 'reserved' field"); | |
| 876 } | |
| 877 | |
| 878 // We don't care about these fields of the header: | |
| 879 // uint32_t total_sfnt_size, the caller already passes it as result_length | |
| 880 if (!buffer.Skip(4)) { | |
| 881 return OTS_FAILURE_MSG("Failed to read 'totalSfntSize'"); | |
| 882 } | |
| 883 uint32_t compressed_length; | |
| 884 if (!buffer.ReadU32(&compressed_length)) { | |
| 885 return OTS_FAILURE_MSG("Failed to read 'totalCompressedSize'"); | |
| 886 } | |
| 887 if (compressed_length > std::numeric_limits<uint32_t>::max()) { | |
| 888 return OTS_FAILURE(); | |
| 889 } | |
| 890 | |
| 891 // We don't care about these fields of the header: | |
| 892 // uint16_t major_version, minor_version | |
| 893 if (!buffer.Skip(2 * 2)) { | |
| 894 return OTS_FAILURE_MSG("Failed to read 'majorVersion' or 'minorVersion'"); | |
| 895 } | |
| 896 | |
| 897 // Checks metadata block size. | |
| 898 uint32_t meta_offset; | |
| 899 uint32_t meta_length; | |
| 900 uint32_t meta_length_orig; | |
| 901 if (!buffer.ReadU32(&meta_offset) || | |
| 902 !buffer.ReadU32(&meta_length) || | |
| 903 !buffer.ReadU32(&meta_length_orig)) { | |
| 904 return OTS_FAILURE_MSG("Failed to read header metadata block fields"); | |
| 905 } | |
| 906 if (meta_offset) { | |
| 907 if (meta_offset >= length || length - meta_offset < meta_length) { | |
| 908 return OTS_FAILURE_MSG("Invalid metadata block offset or length"); | |
| 909 } | |
| 910 } | |
| 911 | |
| 912 // Checks private data block size. | |
| 913 uint32_t priv_offset; | |
| 914 uint32_t priv_length; | |
| 915 if (!buffer.ReadU32(&priv_offset) || | |
| 916 !buffer.ReadU32(&priv_length)) { | |
| 917 return OTS_FAILURE_MSG("Failed to read header private block fields"); | |
| 918 } | |
| 919 if (priv_offset) { | |
| 920 if (priv_offset >= length || length - priv_offset < priv_length) { | |
| 921 return OTS_FAILURE_MSG("Invalid private block offset or length"); | |
| 922 } | |
| 923 } | |
| 924 | |
| 925 std::vector<Table> tables(num_tables); | |
| 926 if (!ReadTableDirectory(font, &buffer, &tables, num_tables)) { | |
| 927 return OTS_FAILURE_MSG("Failed to read table directory"); | |
| 928 } | |
| 929 uint64_t compressed_offset = buffer.offset(); | |
| 930 if (compressed_offset > std::numeric_limits<uint32_t>::max()) { | |
| 931 return OTS_FAILURE(); | |
| 932 } | |
| 933 uint64_t dst_offset = kSfntHeaderSize + | |
| 934 kSfntEntrySize * static_cast<uint64_t>(num_tables); | |
| 935 for (uint16_t i = 0; i < num_tables; ++i) { | |
| 936 Table* table = &tables.at(i); | |
| 937 table->dst_offset = static_cast<uint32_t>(dst_offset); | |
| 938 dst_offset += table->dst_length; | |
| 939 if (dst_offset > std::numeric_limits<uint32_t>::max()) { | |
| 940 return OTS_FAILURE(); | |
| 941 } | |
| 942 dst_offset = ots::Round4(dst_offset); | |
| 943 } | |
| 944 | |
| 945 uint64_t block_end = ots::Round4(compressed_offset + compressed_length); | |
| 946 if (block_end > length || dst_offset != result_length) { | |
| 947 return OTS_FAILURE_MSG("Uncompressed sfnt size mismatch"); | |
| 948 } | |
| 949 | |
| 950 const uint32_t sfnt_header_and_table_directory_size = 12 + 16 * num_tables; | |
| 951 if (sfnt_header_and_table_directory_size > result_length) { | |
| 952 return OTS_FAILURE(); | |
| 953 } | |
| 954 | |
| 955 if (meta_offset) { | |
| 956 if (block_end != meta_offset) { | |
| 957 return OTS_FAILURE_MSG("Invalid metadata block offset"); | |
| 958 } | |
| 959 block_end = ots::Round4(static_cast<uint64_t>(meta_offset) + | |
| 960 static_cast<uint64_t>(meta_length)); | |
| 961 if (block_end > std::numeric_limits<uint32_t>::max()) { | |
| 962 return OTS_FAILURE_MSG("Invalid metadata block length"); | |
| 963 } | |
| 964 } | |
| 965 | |
| 966 if (priv_offset) { | |
| 967 if (block_end != priv_offset) { | |
| 968 return OTS_FAILURE_MSG("Invalid private block offset"); | |
| 969 } | |
| 970 block_end = ots::Round4(static_cast<uint64_t>(priv_offset) + | |
| 971 static_cast<uint64_t>(priv_length)); | |
| 972 if (block_end > std::numeric_limits<uint32_t>::max()) { | |
| 973 return OTS_FAILURE_MSG("Invalid private block length"); | |
| 974 } | |
| 975 } | |
| 976 | |
| 977 if (block_end != ots::Round4(length)) { | |
| 978 return OTS_FAILURE_MSG("File length mismatch (trailing junk?)"); | |
| 979 } | |
| 980 | |
| 981 // Start building the font | |
| 982 size_t offset = 0; | |
| 983 offset = StoreU32(result, offset, flavor); | |
| 984 offset = StoreU16(result, offset, num_tables); | |
| 985 uint8_t max_pow2 = 0; | |
| 986 while (1u << (max_pow2 + 1) <= num_tables) { | |
| 987 max_pow2++; | |
| 988 } | |
| 989 const uint16_t output_search_range = (1u << max_pow2) << 4; | |
| 990 offset = StoreU16(result, offset, output_search_range); | |
| 991 offset = StoreU16(result, offset, max_pow2); | |
| 992 offset = StoreU16(result, offset, (num_tables << 4) - output_search_range); | |
| 993 | |
| 994 // sort tags in the table directory in ascending alphabetical order | |
| 995 std::vector<Table> sorted_tables(tables); | |
| 996 std::sort(sorted_tables.begin(), sorted_tables.end()); | |
| 997 | |
| 998 for (uint16_t i = 0; i < num_tables; ++i) { | |
| 999 const Table* table = &sorted_tables.at(i); | |
| 1000 offset = StoreU32(result, offset, table->tag); | |
| 1001 offset = StoreU32(result, offset, 0); // checksum, to fill in later | |
| 1002 offset = StoreU32(result, offset, table->dst_offset); | |
| 1003 offset = StoreU32(result, offset, table->dst_length); | |
| 1004 } | |
| 1005 std::vector<uint8_t> uncompressed_buf; | |
| 1006 const uint8_t* transform_buf = NULL; | |
| 1007 uint64_t total_size = 0; | |
| 1008 | |
| 1009 for (uint16_t i = 0; i < num_tables; ++i) { | |
| 1010 total_size += tables.at(i).transform_length; | |
| 1011 if (total_size > std::numeric_limits<uint32_t>::max()) { | |
| 1012 return OTS_FAILURE(); | |
| 1013 } | |
| 1014 } | |
| 1015 // Enforce same 30M limit on uncompressed tables as OTS | |
| 1016 if (total_size > 30 * 1024 * 1024) { | |
| 1017 return OTS_FAILURE(); | |
| 1018 } | |
| 1019 size_t uncompressed_size = static_cast<size_t>(total_size); | |
| 1020 uncompressed_buf.resize(uncompressed_size); | |
| 1021 const uint8_t* compressed_buf = data + compressed_offset; | |
| 1022 if (!BrotliDecompressBuffer(compressed_length, compressed_buf, | |
| 1023 &uncompressed_size, &uncompressed_buf[0])) { | |
| 1024 return OTS_FAILURE_MSG("Failed to uncompress font data"); | |
| 1025 } | |
| 1026 if (uncompressed_size != static_cast<size_t>(total_size)) { | |
| 1027 return OTS_FAILURE_MSG("Decompressed font data size does not match the sum o
f 'origLength' and 'transformLength'"); | |
| 1028 } | |
| 1029 transform_buf = &uncompressed_buf[0]; | |
| 1030 | |
| 1031 for (uint16_t i = 0; i < num_tables; ++i) { | |
| 1032 const Table* table = &tables.at(i); | |
| 1033 uint32_t flags = table->flags; | |
| 1034 size_t transform_length = table->transform_length; | |
| 1035 | |
| 1036 if ((flags & kWoff2FlagsTransform) == 0) { | |
| 1037 if (transform_length != table->dst_length) { | |
| 1038 return OTS_FAILURE(); | |
| 1039 } | |
| 1040 if (static_cast<uint64_t>(table->dst_offset) + transform_length > | |
| 1041 result_length) { | |
| 1042 return OTS_FAILURE(); | |
| 1043 } | |
| 1044 std::memcpy(result + table->dst_offset, transform_buf, | |
| 1045 transform_length); | |
| 1046 } else { | |
| 1047 if (!ReconstructTransformed(font, tables, table->tag, | |
| 1048 transform_buf, transform_length, result, result_length)) { | |
| 1049 return OTS_FAILURE_MSG("Failed to reconstruct '%c%c%c%c' table", OTS_UNT
AG(table->tag)); | |
| 1050 } | |
| 1051 } | |
| 1052 | |
| 1053 transform_buf += transform_length; | |
| 1054 if (transform_buf > &uncompressed_buf[0] + uncompressed_buf.size()) { | |
| 1055 return OTS_FAILURE(); | |
| 1056 } | |
| 1057 } | |
| 1058 | |
| 1059 return FixChecksums(sorted_tables, result); | |
| 1060 } | |
| 1061 | |
| 1062 } // namespace ots | |
| 1063 | |
| 1064 #undef TABLE_NAME | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1487543005:
Update OTS to revision 99a3b7f (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master