ots.cc (37970B)
1 // Copyright (c) 2009-2017 The OTS Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "ots.h" 6 7 #include <sys/types.h> 8 #include <zlib.h> 9 10 #include <algorithm> 11 #include <cstdlib> 12 #include <cstring> 13 #include <limits> 14 #include <map> 15 #include <vector> 16 17 #include "../RLBoxWOFF2Host.h" 18 19 // The OpenType Font File 20 // http://www.microsoft.com/typography/otspec/otff.htm 21 22 #include "avar.h" 23 #include "cff.h" 24 #include "cmap.h" 25 #include "colr.h" 26 #include "cpal.h" 27 #include "cvar.h" 28 #include "cvt.h" 29 #include "fpgm.h" 30 #include "fvar.h" 31 #include "gasp.h" 32 #include "gdef.h" 33 #include "glyf.h" 34 #include "gpos.h" 35 #include "gsub.h" 36 #include "gvar.h" 37 #include "hdmx.h" 38 #include "head.h" 39 #include "hhea.h" 40 #include "hmtx.h" 41 #include "hvar.h" 42 #include "kern.h" 43 #include "loca.h" 44 #include "ltsh.h" 45 #include "math_.h" 46 #include "maxp.h" 47 #include "mvar.h" 48 #include "name.h" 49 #include "os2.h" 50 #include "ots.h" 51 #include "post.h" 52 #include "prep.h" 53 #include "stat.h" 54 #include "vdmx.h" 55 #include "vhea.h" 56 #include "vmtx.h" 57 #include "vorg.h" 58 #include "vvar.h" 59 60 // Graphite tables 61 #ifdef OTS_GRAPHITE 62 #include "feat.h" 63 #include "glat.h" 64 #include "gloc.h" 65 #include "sile.h" 66 #include "silf.h" 67 #include "sill.h" 68 #endif 69 70 namespace ots { 71 72 struct Arena { 73 public: 74 ~Arena() { 75 for (auto& hunk : hunks_) { 76 delete[] hunk; 77 } 78 } 79 80 uint8_t* Allocate(size_t length) { 81 uint8_t* p = new uint8_t[length]; 82 hunks_.push_back(p); 83 return p; 84 } 85 86 private: 87 std::vector<uint8_t*> hunks_; 88 }; 89 90 bool CheckTag(uint32_t tag_value) { 91 for (unsigned i = 0; i < 4; ++i) { 92 const uint32_t check = tag_value & 0xff; 93 if (check < 32 || check > 126) { 94 return false; // non-ASCII character found. 95 } 96 tag_value >>= 8; 97 } 98 return true; 99 } 100 101 }; // namespace ots 102 103 namespace { 104 105 // ots_msg_tag emits the tag as hex if it is not valid, to avoid putting NUL or 106 // other non-printables into the message string. 107 static inline void ots_msg_tag(int level, const ots::FontFile* otf, const char* msg, uint32_t tag) { 108 if (ots::CheckTag(tag)) { 109 OTS_MESSAGE_(level, otf, "%c%c%c%c: %s", OTS_UNTAG(tag), msg); 110 } else { 111 OTS_MESSAGE_(level, otf, "<%08X>: %s", tag, msg); 112 } 113 } 114 115 // Generate a message with or without a table tag, when 'header' is the FontFile pointer 116 #define OTS_FAILURE_MSG_TAG(msg_,tag_) (ots_msg_tag(0, header, msg_, tag_), false) 117 #define OTS_FAILURE_MSG_HDR(...) OTS_FAILURE_MSG_(header, __VA_ARGS__) 118 #define OTS_WARNING_MSG_HDR(...) OTS_WARNING_MSG_(header, __VA_ARGS__) 119 120 121 const struct { 122 uint32_t tag; 123 bool required; 124 } supported_tables[] = { 125 { OTS_TAG_MAXP, true }, 126 { OTS_TAG_HEAD, true }, 127 { OTS_TAG_OS2, true }, 128 { OTS_TAG_CMAP, true }, 129 { OTS_TAG_HHEA, true }, 130 { OTS_TAG_HMTX, true }, 131 { OTS_TAG_NAME, true }, 132 { OTS_TAG_POST, true }, 133 { OTS_TAG_LOCA, false }, 134 { OTS_TAG_GLYF, false }, 135 { OTS_TAG_CFF, false }, 136 { OTS_TAG_VDMX, false }, 137 { OTS_TAG_HDMX, false }, 138 { OTS_TAG_GASP, false }, 139 { OTS_TAG_CVT, false }, 140 { OTS_TAG_FPGM, false }, 141 { OTS_TAG_PREP, false }, 142 { OTS_TAG_LTSH, false }, 143 { OTS_TAG_VORG, false }, 144 { OTS_TAG_KERN, false }, 145 // We need to parse fvar table before other tables that may need to know 146 // the number of variation axes (if any) 147 { OTS_TAG_FVAR, false }, 148 { OTS_TAG_AVAR, false }, 149 { OTS_TAG_CVAR, false }, 150 { OTS_TAG_GVAR, false }, 151 { OTS_TAG_HVAR, false }, 152 { OTS_TAG_MVAR, false }, 153 { OTS_TAG_STAT, false }, 154 { OTS_TAG_VVAR, false }, 155 { OTS_TAG_CFF2, false }, 156 // Color font tables. 157 // We need to parse CPAL before COLR so that the number of palette entries 158 // is known; and these tables follow fvar because COLR may use variations. 159 { OTS_TAG_CPAL, false }, 160 { OTS_TAG_COLR, false }, 161 // We need to parse GDEF table in advance of parsing GSUB/GPOS tables 162 // because they could refer GDEF table. 163 { OTS_TAG_GDEF, false }, 164 { OTS_TAG_GPOS, false }, 165 { OTS_TAG_GSUB, false }, 166 { OTS_TAG_VHEA, false }, 167 { OTS_TAG_VMTX, false }, 168 { OTS_TAG_MATH, false }, 169 // Graphite tables 170 #ifdef OTS_GRAPHITE 171 { OTS_TAG_GLOC, false }, 172 { OTS_TAG_GLAT, false }, 173 { OTS_TAG_FEAT, false }, 174 { OTS_TAG_SILF, false }, 175 { OTS_TAG_SILE, false }, 176 { OTS_TAG_SILL, false }, 177 #endif 178 { 0, false }, 179 }; 180 181 bool ValidateVersionTag(ots::Font *font) { 182 switch (font->version) { 183 case 0x000010000: 184 case OTS_TAG('O','T','T','O'): 185 return true; 186 case OTS_TAG('t','r','u','e'): 187 font->version = 0x000010000; 188 return true; 189 default: 190 return false; 191 } 192 } 193 194 bool ProcessGeneric(ots::FontFile *header, 195 ots::Font *font, 196 uint32_t signature, 197 ots::OTSStream *output, 198 const uint8_t *data, size_t length, 199 const std::vector<ots::TableEntry>& tables, 200 ots::Buffer& file); 201 202 bool ProcessTTF(ots::FontFile *header, 203 ots::Font *font, 204 ots::OTSStream *output, const uint8_t *data, size_t length, 205 uint32_t offset = 0) { 206 ots::Buffer file(data + offset, length - offset); 207 208 if (offset > length) { 209 return OTS_FAILURE_MSG_HDR("offset beyond end of file"); 210 } 211 212 // we disallow all files > 1GB in size for sanity. 213 if (length > 1024 * 1024 * 1024) { 214 return OTS_FAILURE_MSG_HDR("file exceeds 1GB"); 215 } 216 217 if (!file.ReadU32(&font->version)) { 218 return OTS_FAILURE_MSG_HDR("error reading sfntVersion"); 219 } 220 if (!ValidateVersionTag(font)) { 221 return OTS_FAILURE_MSG_HDR("invalid sfntVersion: %d", font->version); 222 } 223 224 if (!file.ReadU16(&font->num_tables) || 225 !file.ReadU16(&font->search_range) || 226 !file.ReadU16(&font->entry_selector) || 227 !file.ReadU16(&font->range_shift)) { 228 return OTS_FAILURE_MSG_HDR("error reading table directory search header"); 229 } 230 231 // search_range is (Maximum power of 2 <= numTables) x 16. Thus, to avoid 232 // overflow num_tables is, at most, 2^16 / 16 = 2^12 233 if (font->num_tables >= 4096 || font->num_tables < 1) { 234 return OTS_FAILURE_MSG_HDR("excessive (or zero) number of tables"); 235 } 236 237 unsigned max_pow2 = 0; 238 while (1u << (max_pow2 + 1) <= font->num_tables) { 239 max_pow2++; 240 } 241 const uint16_t expected_search_range = (1u << max_pow2) << 4; 242 243 // Don't call ots_failure() here since ~25% of fonts (250+ fonts) in 244 // http://www.princexml.com/fonts/ have unexpected search_range value. 245 if (font->search_range != expected_search_range) { 246 OTS_WARNING_MSG_HDR("bad table directory searchRange"); 247 font->search_range = expected_search_range; // Fix the value. 248 } 249 250 // entry_selector is Log2(maximum power of 2 <= numTables) 251 if (font->entry_selector != max_pow2) { 252 OTS_WARNING_MSG_HDR("bad table directory entrySelector"); 253 font->entry_selector = max_pow2; // Fix the value. 254 } 255 256 // range_shift is NumTables x 16-searchRange. We know that 16*num_tables 257 // doesn't over flow because we range checked it above. Also, we know that 258 // it's > font->search_range by construction of search_range. 259 const uint16_t expected_range_shift = 260 16 * font->num_tables - font->search_range; 261 if (font->range_shift != expected_range_shift) { 262 OTS_WARNING_MSG_HDR("bad table directory rangeShift"); 263 font->range_shift = expected_range_shift; // the same as above. 264 } 265 266 // Next up is the list of tables. 267 std::vector<ots::TableEntry> tables; 268 269 for (unsigned i = 0; i < font->num_tables; ++i) { 270 ots::TableEntry table; 271 if (!file.ReadU32(&table.tag) || 272 !file.ReadU32(&table.chksum) || 273 !file.ReadU32(&table.offset) || 274 !file.ReadU32(&table.length)) { 275 return OTS_FAILURE_MSG_HDR("error reading table directory"); 276 } 277 278 table.uncompressed_length = table.length; 279 tables.push_back(table); 280 } 281 282 return ProcessGeneric(header, font, font->version, output, data, length, 283 tables, file); 284 } 285 286 bool ProcessTTC(ots::FontFile *header, 287 ots::OTSStream *output, 288 const uint8_t *data, 289 size_t length, 290 uint32_t index) { 291 ots::Buffer file(data, length); 292 293 // we disallow all files > 1GB in size for sanity. 294 if (length > 1024 * 1024 * 1024) { 295 return OTS_FAILURE_MSG_HDR("file exceeds 1GB"); 296 } 297 298 uint32_t ttc_tag; 299 if (!file.ReadU32(&ttc_tag)) { 300 return OTS_FAILURE_MSG_HDR("Error reading TTC tag"); 301 } 302 if (ttc_tag != OTS_TAG('t','t','c','f')) { 303 return OTS_FAILURE_MSG_HDR("Invalid TTC tag"); 304 } 305 306 uint32_t ttc_version; 307 if (!file.ReadU32(&ttc_version)) { 308 return OTS_FAILURE_MSG_HDR("Error reading TTC version"); 309 } 310 if (ttc_version != 0x00010000 && ttc_version != 0x00020000) { 311 return OTS_FAILURE_MSG_HDR("Invalid TTC version"); 312 } 313 314 uint32_t num_fonts; 315 if (!file.ReadU32(&num_fonts)) { 316 return OTS_FAILURE_MSG_HDR("Error reading number of TTC fonts"); 317 } 318 // Limit the allowed number of subfonts to have same memory allocation. 319 if (num_fonts > 0x10000) { 320 return OTS_FAILURE_MSG_HDR("Too many fonts in TTC"); 321 } 322 323 std::vector<uint32_t> offsets(num_fonts); 324 for (unsigned i = 0; i < num_fonts; i++) { 325 if (!file.ReadU32(&offsets[i])) { 326 return OTS_FAILURE_MSG_HDR("Error reading offset to OffsetTable"); 327 } 328 } 329 330 if (ttc_version == 0x00020000) { 331 // We don't care about these fields of the header: 332 // uint32_t dsig_tag, dsig_length, dsig_offset 333 if (!file.Skip(3 * 4)) { 334 return OTS_FAILURE_MSG_HDR("Error reading DSIG offset and length in TTC font"); 335 } 336 } 337 338 if (index == static_cast<uint32_t>(-1)) { 339 if (!output->WriteU32(ttc_tag) || 340 !output->WriteU32(0x00010000) || 341 !output->WriteU32(num_fonts) || 342 !output->Seek((3 + num_fonts) * 4)) { 343 return OTS_FAILURE_MSG_HDR("Error writing output"); 344 } 345 346 // Keep references to the fonts processed in the loop below, as we need 347 // them for reused tables. 348 std::vector<ots::Font> fonts(num_fonts, ots::Font(header)); 349 350 for (unsigned i = 0; i < num_fonts; i++) { 351 uint32_t out_offset = output->Tell(); 352 if (!output->Seek((3 + i) * 4) || 353 !output->WriteU32(out_offset) || 354 !output->Seek(out_offset)) { 355 return OTS_FAILURE_MSG_HDR("Error writing output"); 356 } 357 if (!ProcessTTF(header, &fonts[i], output, data, length, offsets[i])) { 358 return false; 359 } 360 } 361 362 return true; 363 } else { 364 if (index >= num_fonts) { 365 return OTS_FAILURE_MSG_HDR("Requested font index is bigger than the number of fonts in the TTC file"); 366 } 367 368 ots::Font font(header); 369 return ProcessTTF(header, &font, output, data, length, offsets[index]); 370 } 371 } 372 373 bool ProcessWOFF(ots::FontFile *header, 374 ots::Font *font, 375 ots::OTSStream *output, const uint8_t *data, size_t length) { 376 ots::Buffer file(data, length); 377 378 // we disallow all files > 1GB in size for sanity. 379 if (length > 1024 * 1024 * 1024) { 380 return OTS_FAILURE_MSG_HDR("file exceeds 1GB"); 381 } 382 383 uint32_t woff_tag; 384 if (!file.ReadU32(&woff_tag)) { 385 return OTS_FAILURE_MSG_HDR("error reading WOFF marker"); 386 } 387 388 if (woff_tag != OTS_TAG('w','O','F','F')) { 389 return OTS_FAILURE_MSG_HDR("invalid WOFF marker"); 390 } 391 392 if (!file.ReadU32(&font->version)) { 393 return OTS_FAILURE_MSG_HDR("error reading sfntVersion"); 394 } 395 if (!ValidateVersionTag(font)) { 396 return OTS_FAILURE_MSG_HDR("invalid sfntVersion: %d", font->version); 397 } 398 399 uint32_t reported_length; 400 if (!file.ReadU32(&reported_length) || length != reported_length) { 401 return OTS_FAILURE_MSG_HDR("incorrect file size in WOFF header"); 402 } 403 404 if (!file.ReadU16(&font->num_tables) || !font->num_tables) { 405 return OTS_FAILURE_MSG_HDR("error reading number of tables"); 406 } 407 408 uint16_t reserved_value; 409 if (!file.ReadU16(&reserved_value) || reserved_value) { 410 return OTS_FAILURE_MSG_HDR("error in reserved field of WOFF header"); 411 } 412 413 uint32_t reported_total_sfnt_size; 414 if (!file.ReadU32(&reported_total_sfnt_size)) { 415 return OTS_FAILURE_MSG_HDR("error reading total sfnt size"); 416 } 417 418 // We don't care about these fields of the header: 419 // uint16_t major_version, minor_version 420 if (!file.Skip(2 * 2)) { 421 return OTS_FAILURE_MSG_HDR("Failed to read 'majorVersion' or 'minorVersion'"); 422 } 423 424 // Checks metadata block size. 425 uint32_t meta_offset; 426 uint32_t meta_length; 427 uint32_t meta_length_orig; 428 if (!file.ReadU32(&meta_offset) || 429 !file.ReadU32(&meta_length) || 430 !file.ReadU32(&meta_length_orig)) { 431 return OTS_FAILURE_MSG_HDR("Failed to read header metadata block fields"); 432 } 433 if (meta_offset) { 434 if (meta_offset >= length || length - meta_offset < meta_length) { 435 return OTS_FAILURE_MSG_HDR("Invalid metadata block offset or length"); 436 } 437 } 438 439 // Checks private data block size. 440 uint32_t priv_offset; 441 uint32_t priv_length; 442 if (!file.ReadU32(&priv_offset) || 443 !file.ReadU32(&priv_length)) { 444 return OTS_FAILURE_MSG_HDR("Failed to read header private block fields"); 445 } 446 if (priv_offset) { 447 if (priv_offset >= length || length - priv_offset < priv_length) { 448 return OTS_FAILURE_MSG_HDR("Invalid private block offset or length"); 449 } 450 } 451 452 // Next up is the list of tables. 453 std::vector<ots::TableEntry> tables; 454 455 uint32_t first_index = 0; 456 uint32_t last_index = 0; 457 // Size of sfnt header plus size of table records. 458 uint64_t total_sfnt_size = 12 + 16 * font->num_tables; 459 for (unsigned i = 0; i < font->num_tables; ++i) { 460 ots::TableEntry table; 461 if (!file.ReadU32(&table.tag) || 462 !file.ReadU32(&table.offset) || 463 !file.ReadU32(&table.length) || 464 !file.ReadU32(&table.uncompressed_length) || 465 !file.ReadU32(&table.chksum)) { 466 return OTS_FAILURE_MSG_HDR("error reading table directory"); 467 } 468 469 total_sfnt_size += ots::Round4(table.uncompressed_length); 470 if (total_sfnt_size > std::numeric_limits<uint32_t>::max()) { 471 return OTS_FAILURE_MSG_HDR("sfnt size overflow"); 472 } 473 tables.push_back(table); 474 if (i == 0 || tables[first_index].offset > table.offset) 475 first_index = i; 476 if (i == 0 || tables[last_index].offset < table.offset) 477 last_index = i; 478 } 479 480 if (reported_total_sfnt_size != total_sfnt_size) { 481 return OTS_FAILURE_MSG_HDR("uncompressed sfnt size mismatch"); 482 } 483 484 // Table data must follow immediately after the header. 485 if (tables[first_index].offset != ots::Round4(file.offset())) { 486 return OTS_FAILURE_MSG_HDR("junk before tables in WOFF file"); 487 } 488 489 if (tables[last_index].offset >= length || 490 length - tables[last_index].offset < tables[last_index].length) { 491 return OTS_FAILURE_MSG_HDR("invalid table location/size"); 492 } 493 // Blocks must follow immediately after the previous block. 494 // (Except for padding with a maximum of three null bytes) 495 uint64_t block_end = ots::Round4( 496 static_cast<uint64_t>(tables[last_index].offset) + 497 static_cast<uint64_t>(tables[last_index].length)); 498 if (block_end > std::numeric_limits<uint32_t>::max()) { 499 return OTS_FAILURE_MSG_HDR("invalid table location/size"); 500 } 501 if (meta_offset) { 502 if (block_end != meta_offset) { 503 return OTS_FAILURE_MSG_HDR("Invalid metadata block offset"); 504 } 505 block_end = ots::Round4(static_cast<uint64_t>(meta_offset) + 506 static_cast<uint64_t>(meta_length)); 507 if (block_end > std::numeric_limits<uint32_t>::max()) { 508 return OTS_FAILURE_MSG_HDR("Invalid metadata block length"); 509 } 510 } 511 if (priv_offset) { 512 if (block_end != priv_offset) { 513 return OTS_FAILURE_MSG_HDR("Invalid private block offset"); 514 } 515 block_end = ots::Round4(static_cast<uint64_t>(priv_offset) + 516 static_cast<uint64_t>(priv_length)); 517 if (block_end > std::numeric_limits<uint32_t>::max()) { 518 return OTS_FAILURE_MSG_HDR("Invalid private block length"); 519 } 520 } 521 if (block_end != ots::Round4(length)) { 522 return OTS_FAILURE_MSG_HDR("File length mismatch (trailing junk?)"); 523 } 524 525 return ProcessGeneric(header, font, woff_tag, output, data, length, tables, file); 526 } 527 528 bool ProcessWOFF2(ots::FontFile* header, ots::OTSStream* output, 529 const uint8_t* data, size_t length, uint32_t index) { 530 return RLBoxProcessWOFF2(header, output, data, length, index, ProcessTTC, ProcessTTF); 531 } 532 533 ots::TableAction GetTableAction(const ots::FontFile *header, uint32_t tag) { 534 ots::TableAction action = header->context->GetTableAction(tag); 535 536 if (action == ots::TABLE_ACTION_DEFAULT) { 537 action = ots::TABLE_ACTION_DROP; 538 539 for (unsigned i = 0; ; ++i) { 540 if (supported_tables[i].tag == 0) break; 541 542 if (supported_tables[i].tag == tag) { 543 action = ots::TABLE_ACTION_SANITIZE; 544 break; 545 } 546 } 547 } 548 549 assert(action != ots::TABLE_ACTION_DEFAULT); // Should never return this. 550 return action; 551 } 552 553 bool GetTableData(const uint8_t *data, 554 const ots::TableEntry& table, 555 ots::Arena &arena, 556 size_t *table_length, 557 const uint8_t **table_data) { 558 if (table.uncompressed_length != table.length) { 559 // Compressed table. Need to uncompress into memory first. 560 *table_length = table.uncompressed_length; 561 *table_data = arena.Allocate(*table_length); 562 uLongf dest_len = *table_length; 563 int r = uncompress((Bytef*) *table_data, &dest_len, 564 data + table.offset, table.length); 565 if (r != Z_OK || dest_len != *table_length) { 566 return false; 567 } 568 } else { 569 // Uncompressed table. We can process directly from memory. 570 *table_data = data + table.offset; 571 *table_length = table.length; 572 } 573 574 return true; 575 } 576 577 bool ProcessGeneric(ots::FontFile *header, 578 ots::Font *font, 579 uint32_t signature, 580 ots::OTSStream *output, 581 const uint8_t *data, size_t length, 582 const std::vector<ots::TableEntry>& tables, 583 ots::Buffer& file) { 584 const size_t data_offset = file.offset(); 585 586 uint32_t uncompressed_sum = 0; 587 588 for (unsigned i = 0; i < font->num_tables; ++i) { 589 // the tables must be sorted by tag (when taken as big-endian numbers). 590 // This also remove the possibility of duplicate tables. 591 if (i) { 592 const uint32_t this_tag = tables[i].tag; 593 const uint32_t prev_tag = tables[i - 1].tag; 594 if (this_tag <= prev_tag) { 595 OTS_WARNING_MSG_HDR("Table directory is not correctly ordered"); 596 } 597 } 598 599 // all tag names must be built from printable ASCII characters 600 if (!ots::CheckTag(tables[i].tag)) { 601 OTS_WARNING_MSG_HDR("Invalid table tag: 0x%X", tables[i].tag); 602 } 603 604 // tables must be 4-byte aligned 605 if (tables[i].offset & 3) { 606 return OTS_FAILURE_MSG_TAG("misaligned table", tables[i].tag); 607 } 608 609 // and must be within the file 610 if (tables[i].offset < data_offset || tables[i].offset >= length) { 611 return OTS_FAILURE_MSG_TAG("invalid table offset", tables[i].tag); 612 } 613 // disallow all tables with a zero length 614 if (tables[i].length < 1) { 615 // Note: malayalam.ttf has zero length CVT table... 616 return OTS_FAILURE_MSG_TAG("zero-length table", tables[i].tag); 617 } 618 // disallow all tables with a length > 1GB 619 if (tables[i].length > 1024 * 1024 * 1024) { 620 return OTS_FAILURE_MSG_TAG("table length exceeds 1GB", tables[i].tag); 621 } 622 // disallow tables where the uncompressed size is < the compressed size. 623 if (tables[i].uncompressed_length < tables[i].length) { 624 return OTS_FAILURE_MSG_TAG("invalid compressed table", tables[i].tag); 625 } 626 if (tables[i].uncompressed_length > tables[i].length) { 627 // We'll probably be decompressing this table. 628 629 // disallow all tables which decompress to > OTS_MAX_DECOMPRESSED_TABLE_SIZE 630 if (tables[i].uncompressed_length > OTS_MAX_DECOMPRESSED_TABLE_SIZE) { 631 return OTS_FAILURE_MSG_HDR("%c%c%c%c: decompressed table length exceeds %gMB", 632 OTS_UNTAG(tables[i].tag), 633 OTS_MAX_DECOMPRESSED_TABLE_SIZE / (1024.0 * 1024.0)); 634 } 635 if (uncompressed_sum + tables[i].uncompressed_length < uncompressed_sum) { 636 return OTS_FAILURE_MSG_TAG("overflow of decompressed sum", tables[i].tag); 637 } 638 639 uncompressed_sum += tables[i].uncompressed_length; 640 } 641 // since we required that the file be < 1GB in length, and that the table 642 // length is < 1GB, the following addtion doesn't overflow 643 uint32_t end_byte = tables[i].offset + tables[i].length; 644 // Tables in the WOFF file must be aligned 4-byte boundary. 645 if (signature == OTS_TAG('w','O','F','F')) { 646 end_byte = ots::Round4(end_byte); 647 } 648 if (!end_byte || end_byte > length) { 649 return OTS_FAILURE_MSG_TAG("table overruns end of file", tables[i].tag); 650 } 651 } 652 653 // All decompressed tables decompressed must be <= OTS_MAX_DECOMPRESSED_FILE_SIZE. 654 if (uncompressed_sum > OTS_MAX_DECOMPRESSED_FILE_SIZE) { 655 return OTS_FAILURE_MSG_HDR("decompressed sum exceeds %gMB", 656 OTS_MAX_DECOMPRESSED_FILE_SIZE / (1024.0 * 1024.0)); 657 } 658 659 if (uncompressed_sum > output->size()) { 660 return OTS_FAILURE_MSG_HDR("decompressed sum exceeds output size (%gMB)", output->size() / (1024.0 * 1024.0)); 661 } 662 663 // check that the tables are not overlapping. 664 std::vector<std::pair<uint32_t, uint8_t> > overlap_checker; 665 for (unsigned i = 0; i < font->num_tables; ++i) { 666 overlap_checker.push_back( 667 std::make_pair(tables[i].offset, static_cast<uint8_t>(1) /* start */)); 668 overlap_checker.push_back( 669 std::make_pair(tables[i].offset + tables[i].length, 670 static_cast<uint8_t>(0) /* end */)); 671 } 672 std::sort(overlap_checker.begin(), overlap_checker.end()); 673 int overlap_count = 0; 674 for (unsigned i = 0; i < overlap_checker.size(); ++i) { 675 overlap_count += (overlap_checker[i].second ? 1 : -1); 676 if (overlap_count > 1) { 677 return OTS_FAILURE_MSG_HDR("overlapping tables"); 678 } 679 } 680 681 std::map<uint32_t, ots::TableEntry> table_map; 682 for (unsigned i = 0; i < font->num_tables; ++i) { 683 table_map[tables[i].tag] = tables[i]; 684 } 685 686 ots::Arena arena; 687 // Parse known tables first as we need to parse them in specific order. 688 for (unsigned i = 0; ; ++i) { 689 if (supported_tables[i].tag == 0) break; 690 691 uint32_t tag = supported_tables[i].tag; 692 const auto &it = table_map.find(tag); 693 if (it == table_map.cend()) { 694 if (supported_tables[i].required) { 695 return OTS_FAILURE_MSG_TAG("missing required table", tag); 696 } 697 } else { 698 if (!font->ParseTable(it->second, data, arena)) { 699 return OTS_FAILURE_MSG_TAG("Failed to parse table", tag); 700 } 701 } 702 } 703 704 // Then parse any tables left. 705 for (const auto &table_entry : tables) { 706 if (!font->GetTable(table_entry.tag)) { 707 if (!font->ParseTable(table_entry, data, arena)) { 708 return OTS_FAILURE_MSG_TAG("Failed to parse table", table_entry.tag); 709 } 710 } 711 } 712 713 #ifdef OTS_SYNTHESIZE_MISSING_GVAR 714 // If there was an fvar table but no gvar, synthesize an empty gvar to avoid 715 // issues with rasterizers (e.g. Core Text) that assume it must be present. 716 if (font->GetTable(OTS_TAG_FVAR) && !font->GetTable(OTS_TAG_GVAR)) { 717 ots::TableEntry table_entry{ OTS_TAG_GVAR, 0, 0, 0, 0 }; 718 const auto &it = font->file->tables.find(table_entry); 719 if (it != font->file->tables.end()) { 720 table_map[OTS_TAG_GVAR] = table_entry; 721 font->AddTable(table_entry, it->second); 722 } else { 723 ots::OpenTypeGVAR *gvar = new ots::OpenTypeGVAR(font, OTS_TAG_GVAR); 724 if (gvar->InitEmpty()) { 725 table_map[OTS_TAG_GVAR] = table_entry; 726 font->AddTable(table_entry, gvar); 727 } else { 728 delete gvar; 729 } 730 } 731 } 732 #endif 733 734 ots::Table *glyf = font->GetTable(OTS_TAG_GLYF); 735 ots::Table *loca = font->GetTable(OTS_TAG_LOCA); 736 ots::Table *cff = font->GetTable(OTS_TAG_CFF); 737 ots::Table *cff2 = font->GetTable(OTS_TAG_CFF2); 738 ots::OpenTypeMAXP *maxp = static_cast<ots::OpenTypeMAXP*>( 739 font->GetTypedTable(OTS_TAG_MAXP)); 740 741 if (glyf && loca) { 742 if (font->version != 0x000010000) { 743 OTS_WARNING_MSG_HDR("wrong sfntVersion for glyph data"); 744 font->version = 0x000010000; 745 } 746 if (!maxp->version_1) { 747 return OTS_FAILURE_MSG_TAG("wrong maxp version for glyph data", 748 OTS_TAG_MAXP); 749 } 750 if (cff) 751 cff->Drop("font contains both CFF and glyf/loca tables"); 752 if (cff2) 753 cff2->Drop("font contains both CFF and glyf/loca tables"); 754 } else if (cff || cff2) { 755 if (font->version != OTS_TAG('O','T','T','O')) { 756 OTS_WARNING_MSG_HDR("wrong sfntVersion for glyph data"); 757 font->version = OTS_TAG('O','T','T','O'); 758 } 759 if (glyf) 760 glyf->Drop("font contains both CFF and glyf tables"); 761 if (loca) 762 loca->Drop("font contains both CFF and loca tables"); 763 if (maxp->version_1) { 764 OTS_WARNING_MSG_HDR("fixing incorrect maxp version for CFF font"); 765 maxp->version_1 = false; 766 } 767 } else if (font->GetTable(OTS_TAG('C','B','D','T')) && 768 font->GetTable(OTS_TAG('C','B','L','C'))) { 769 // We don't sanitize bitmap tables, but don’t reject bitmap-only fonts if 770 // we are asked to pass them thru. 771 } else { 772 return OTS_FAILURE_MSG_HDR("no supported glyph data table(s) present"); 773 } 774 775 uint16_t num_output_tables = 0; 776 for (const auto &it : table_map) { 777 ots::Table *table = font->GetTable(it.first); 778 if (table) 779 num_output_tables++; 780 } 781 782 uint16_t max_pow2 = 0; 783 while (1u << (max_pow2 + 1) <= num_output_tables) { 784 max_pow2++; 785 } 786 const uint16_t output_search_range = (1u << max_pow2) << 4; 787 788 // most of the errors here are highly unlikely - they'd only occur if the 789 // output stream returns a failure, e.g. lack of space to write 790 output->ResetChecksum(); 791 if (!output->WriteU32(font->version) || 792 !output->WriteU16(num_output_tables) || 793 !output->WriteU16(output_search_range) || 794 !output->WriteU16(max_pow2) || 795 !output->WriteU16((num_output_tables << 4) - output_search_range)) { 796 return OTS_FAILURE_MSG_HDR("error writing output"); 797 } 798 const uint32_t offset_table_chksum = output->chksum(); 799 800 const size_t table_record_offset = output->Tell(); 801 if (!output->Pad(16 * num_output_tables)) { 802 return OTS_FAILURE_MSG_HDR("error writing output"); 803 } 804 805 std::vector<ots::TableEntry> out_tables; 806 807 size_t head_table_offset = 0; 808 for (const auto &it : table_map) { 809 uint32_t input_offset = it.second.offset; 810 const auto &ot = header->table_entries.find(input_offset); 811 if (ot != header->table_entries.end()) { 812 ots::TableEntry out = ot->second; 813 if (out.tag == OTS_TAG('h','e','a','d')) { 814 head_table_offset = out.offset; 815 } 816 out_tables.push_back(out); 817 } else { 818 ots::TableEntry out; 819 out.tag = it.first; 820 out.offset = output->Tell(); 821 822 if (out.tag == OTS_TAG('h','e','a','d')) { 823 head_table_offset = out.offset; 824 } 825 826 ots::Table *table = font->GetTable(out.tag); 827 if (table) { 828 output->ResetChecksum(); 829 if (!table->Serialize(output)) { 830 return OTS_FAILURE_MSG_TAG("Failed to serialize table", out.tag); 831 } 832 833 const size_t end_offset = output->Tell(); 834 if (end_offset <= out.offset) { 835 // paranoid check. |end_offset| is supposed to be greater than the offset, 836 // as long as the Tell() interface is implemented correctly. 837 return OTS_FAILURE_MSG_TAG("Table is empty or have -ve size", out.tag); 838 } 839 out.length = end_offset - out.offset; 840 841 // align tables to four bytes 842 if (!output->Pad((4 - (end_offset & 3)) % 4)) { 843 return OTS_FAILURE_MSG_TAG("Failed to pad table to 4 bytes", out.tag); 844 } 845 out.chksum = output->chksum(); 846 out_tables.push_back(out); 847 header->table_entries[input_offset] = out; 848 } 849 } 850 } 851 852 const size_t end_of_file = output->Tell(); 853 854 // Need to sort the output tables for inclusion in the file 855 std::sort(out_tables.begin(), out_tables.end()); 856 if (!output->Seek(table_record_offset)) { 857 return OTS_FAILURE_MSG_HDR("error writing output"); 858 } 859 860 output->ResetChecksum(); 861 uint32_t tables_chksum = 0; 862 for (unsigned i = 0; i < out_tables.size(); ++i) { 863 if (!output->WriteU32(out_tables[i].tag) || 864 !output->WriteU32(out_tables[i].chksum) || 865 !output->WriteU32(out_tables[i].offset) || 866 !output->WriteU32(out_tables[i].length)) { 867 return OTS_FAILURE_MSG_HDR("error writing output"); 868 } 869 tables_chksum += out_tables[i].chksum; 870 } 871 const uint32_t table_record_chksum = output->chksum(); 872 873 // http://www.microsoft.com/typography/otspec/otff.htm 874 const uint32_t file_chksum 875 = offset_table_chksum + tables_chksum + table_record_chksum; 876 const uint32_t chksum_magic = static_cast<uint32_t>(0xb1b0afba) - file_chksum; 877 878 // seek into the 'head' table and write in the checksum magic value 879 if (!head_table_offset) { 880 return OTS_FAILURE_MSG_HDR("internal error!"); 881 } 882 if (!output->Seek(head_table_offset + 8)) { 883 return OTS_FAILURE_MSG_HDR("error writing output"); 884 } 885 if (!output->WriteU32(chksum_magic)) { 886 return OTS_FAILURE_MSG_HDR("error writing output"); 887 } 888 889 if (!output->Seek(end_of_file)) { 890 return OTS_FAILURE_MSG_HDR("error writing output"); 891 } 892 893 return true; 894 } 895 896 bool IsGraphiteTag(uint32_t tag) { 897 if (tag == OTS_TAG_FEAT || 898 tag == OTS_TAG_GLAT || 899 tag == OTS_TAG_GLOC || 900 tag == OTS_TAG_SILE || 901 tag == OTS_TAG_SILF || 902 tag == OTS_TAG_SILL) { 903 return true; 904 } 905 return false; 906 } 907 908 bool IsVariationsTag(uint32_t tag) { 909 if (tag == OTS_TAG_AVAR || 910 tag == OTS_TAG_CVAR || 911 tag == OTS_TAG_FVAR || 912 tag == OTS_TAG_GVAR || 913 tag == OTS_TAG_HVAR || 914 tag == OTS_TAG_MVAR || 915 tag == OTS_TAG_STAT || 916 tag == OTS_TAG_VVAR) { 917 return true; 918 } 919 return false; 920 } 921 922 } // namespace 923 924 namespace ots { 925 926 FontFile::~FontFile() { 927 for (const auto& it : tables) { 928 delete it.second; 929 } 930 tables.clear(); 931 } 932 933 bool Font::ParseTable(const TableEntry& table_entry, const uint8_t* data, 934 Arena &arena) { 935 uint32_t tag = table_entry.tag; 936 TableAction action = GetTableAction(file, tag); 937 if (action == TABLE_ACTION_DROP) { 938 return true; 939 } 940 941 const auto &it = file->tables.find(table_entry); 942 if (it != file->tables.end()) { 943 m_tables[tag] = it->second; 944 return true; 945 } 946 947 Table *table = NULL; 948 bool ret = false; 949 950 if (action == TABLE_ACTION_PASSTHRU) { 951 table = new TablePassthru(this, tag); 952 } else { 953 switch (tag) { 954 case OTS_TAG_AVAR: table = new OpenTypeAVAR(this, tag); break; 955 case OTS_TAG_CFF: table = new OpenTypeCFF(this, tag); break; 956 case OTS_TAG_CFF2: table = new OpenTypeCFF2(this, tag); break; 957 case OTS_TAG_CMAP: table = new OpenTypeCMAP(this, tag); break; 958 case OTS_TAG_COLR: table = new OpenTypeCOLR(this, tag); break; 959 case OTS_TAG_CPAL: table = new OpenTypeCPAL(this, tag); break; 960 case OTS_TAG_CVAR: table = new OpenTypeCVAR(this, tag); break; 961 case OTS_TAG_CVT: table = new OpenTypeCVT(this, tag); break; 962 case OTS_TAG_FPGM: table = new OpenTypeFPGM(this, tag); break; 963 case OTS_TAG_FVAR: table = new OpenTypeFVAR(this, tag); break; 964 case OTS_TAG_GASP: table = new OpenTypeGASP(this, tag); break; 965 case OTS_TAG_GDEF: table = new OpenTypeGDEF(this, tag); break; 966 case OTS_TAG_GLYF: table = new OpenTypeGLYF(this, tag); break; 967 case OTS_TAG_GPOS: table = new OpenTypeGPOS(this, tag); break; 968 case OTS_TAG_GSUB: table = new OpenTypeGSUB(this, tag); break; 969 case OTS_TAG_GVAR: table = new OpenTypeGVAR(this, tag); break; 970 case OTS_TAG_HDMX: table = new OpenTypeHDMX(this, tag); break; 971 case OTS_TAG_HEAD: table = new OpenTypeHEAD(this, tag); break; 972 case OTS_TAG_HHEA: table = new OpenTypeHHEA(this, tag); break; 973 case OTS_TAG_HMTX: table = new OpenTypeHMTX(this, tag); break; 974 case OTS_TAG_HVAR: table = new OpenTypeHVAR(this, tag); break; 975 case OTS_TAG_KERN: table = new OpenTypeKERN(this, tag); break; 976 case OTS_TAG_LOCA: table = new OpenTypeLOCA(this, tag); break; 977 case OTS_TAG_LTSH: table = new OpenTypeLTSH(this, tag); break; 978 case OTS_TAG_MATH: table = new OpenTypeMATH(this, tag); break; 979 case OTS_TAG_MAXP: table = new OpenTypeMAXP(this, tag); break; 980 case OTS_TAG_MVAR: table = new OpenTypeMVAR(this, tag); break; 981 case OTS_TAG_NAME: table = new OpenTypeNAME(this, tag); break; 982 case OTS_TAG_OS2: table = new OpenTypeOS2(this, tag); break; 983 case OTS_TAG_POST: table = new OpenTypePOST(this, tag); break; 984 case OTS_TAG_PREP: table = new OpenTypePREP(this, tag); break; 985 case OTS_TAG_STAT: table = new OpenTypeSTAT(this, tag); break; 986 case OTS_TAG_VDMX: table = new OpenTypeVDMX(this, tag); break; 987 case OTS_TAG_VHEA: table = new OpenTypeVHEA(this, tag); break; 988 case OTS_TAG_VMTX: table = new OpenTypeVMTX(this, tag); break; 989 case OTS_TAG_VORG: table = new OpenTypeVORG(this, tag); break; 990 case OTS_TAG_VVAR: table = new OpenTypeVVAR(this, tag); break; 991 // Graphite tables 992 #ifdef OTS_GRAPHITE 993 case OTS_TAG_FEAT: table = new OpenTypeFEAT(this, tag); break; 994 case OTS_TAG_GLAT: table = new OpenTypeGLAT(this, tag); break; 995 case OTS_TAG_GLOC: table = new OpenTypeGLOC(this, tag); break; 996 case OTS_TAG_SILE: table = new OpenTypeSILE(this, tag); break; 997 case OTS_TAG_SILF: table = new OpenTypeSILF(this, tag); break; 998 case OTS_TAG_SILL: table = new OpenTypeSILL(this, tag); break; 999 #endif 1000 default: break; 1001 } 1002 } 1003 1004 if (table) { 1005 const uint8_t* table_data; 1006 size_t table_length; 1007 1008 ret = GetTableData(data, table_entry, arena, &table_length, &table_data); 1009 if (ret) { 1010 ret = table->Parse(table_data, table_length); 1011 if (ret) 1012 AddTable(table_entry, table); 1013 else if (action == TABLE_ACTION_SANITIZE_SOFT) { 1014 // We're dropping the table (having reported whatever errors we found), 1015 // but do not return failure, so that processing continues. 1016 delete table; 1017 ret = true; 1018 } 1019 } 1020 } 1021 1022 if (!ret) 1023 delete table; 1024 1025 return ret; 1026 } 1027 1028 Table* Font::GetTable(uint32_t tag) const { 1029 const auto &it = m_tables.find(tag); 1030 if (it != m_tables.end() && it->second && it->second->ShouldSerialize()) 1031 return it->second; 1032 return NULL; 1033 } 1034 1035 Table* Font::GetTypedTable(uint32_t tag) const { 1036 Table* t = GetTable(tag); 1037 if (t && t->Type() == tag) 1038 return t; 1039 return NULL; 1040 } 1041 1042 void Font::AddTable(TableEntry entry, Table* table) { 1043 // Attempting to add a duplicate table would be an error; this should only 1044 // be used to add a table that does not already exist. 1045 assert(m_tables.find(table->Tag()) == m_tables.end()); 1046 m_tables[table->Tag()] = table; 1047 file->tables[entry] = table; 1048 } 1049 1050 void Font::DropGraphite() { 1051 file->context->Message(0, "Dropping all Graphite tables"); 1052 for (const std::pair<uint32_t, Table*> entry : m_tables) { 1053 if (IsGraphiteTag(entry.first)) { 1054 entry.second->Drop("Discarding Graphite table"); 1055 } 1056 } 1057 } 1058 1059 void Font::DropVariations() { 1060 file->context->Message(0, "Dropping all Variation tables"); 1061 for (const std::pair<uint32_t, Table*> entry : m_tables) { 1062 if (IsVariationsTag(entry.first)) { 1063 entry.second->Drop("Discarding Variations table"); 1064 } 1065 } 1066 } 1067 1068 bool Table::ShouldSerialize() { 1069 return m_shouldSerialize; 1070 } 1071 1072 void Table::Message(int level, const char *format, va_list va) { 1073 char msg[206] = { OTS_UNTAG(m_tag), ':', ' ' }; 1074 std::vsnprintf(msg + 6, 200, format, va); 1075 m_font->file->context->Message(level, msg); 1076 } 1077 1078 bool Table::Error(const char *format, ...) { 1079 va_list va; 1080 va_start(va, format); 1081 Message(0, format, va); 1082 va_end(va); 1083 1084 return false; 1085 } 1086 1087 bool Table::Warning(const char *format, ...) { 1088 va_list va; 1089 va_start(va, format); 1090 Message(1, format, va); 1091 va_end(va); 1092 1093 return true; 1094 } 1095 1096 bool Table::Drop(const char *format, ...) { 1097 m_shouldSerialize = false; 1098 1099 va_list va; 1100 va_start(va, format); 1101 Message(0, format, va); 1102 m_font->file->context->Message(0, "Table discarded"); 1103 va_end(va); 1104 1105 return true; 1106 } 1107 1108 bool Table::DropGraphite(const char *format, ...) { 1109 va_list va; 1110 va_start(va, format); 1111 Message(0, format, va); 1112 va_end(va); 1113 1114 m_font->DropGraphite(); 1115 if (IsGraphiteTag(m_tag)) 1116 Drop("Discarding Graphite table"); 1117 1118 return true; 1119 } 1120 1121 bool Table::DropVariations(const char *format, ...) { 1122 va_list va; 1123 va_start(va, format); 1124 Message(0, format, va); 1125 va_end(va); 1126 1127 m_font->DropVariations(); 1128 if (IsVariationsTag(m_tag)) 1129 Drop("Discarding Variations table"); 1130 1131 return true; 1132 } 1133 1134 bool TablePassthru::Parse(const uint8_t *data, size_t length) { 1135 m_data = data; 1136 m_length = length; 1137 return true; 1138 } 1139 1140 bool TablePassthru::Serialize(OTSStream *out) { 1141 if (!out->Write(m_data, m_length)) { 1142 return Error("Failed to write table"); 1143 } 1144 1145 return true; 1146 } 1147 1148 bool OTSContext::Process(OTSStream *output, 1149 const uint8_t *data, 1150 size_t length, 1151 uint32_t index) { 1152 FontFile header; 1153 Font font(&header); 1154 header.context = this; 1155 1156 if (length < 4) { 1157 return OTS_FAILURE_MSG_(&header, "file less than 4 bytes"); 1158 } 1159 1160 bool result; 1161 if (data[0] == 'w' && data[1] == 'O' && data[2] == 'F' && data[3] == 'F') { 1162 result = ProcessWOFF(&header, &font, output, data, length); 1163 } else if (data[0] == 'w' && data[1] == 'O' && data[2] == 'F' && data[3] == '2') { 1164 result = ProcessWOFF2(&header, output, data, length, index); 1165 } else if (data[0] == 't' && data[1] == 't' && data[2] == 'c' && data[3] == 'f') { 1166 result = ProcessTTC(&header, output, data, length, index); 1167 } else { 1168 result = ProcessTTF(&header, &font, output, data, length); 1169 } 1170 1171 return result; 1172 } 1173 1174 } // namespace ots