1 /**************************************************************************** 2 * 3 * t1parse.c 4 * 5 * Type 1 parser (body). 6 * 7 * Copyright 1996-2018 by 8 * David Turner, Robert Wilhelm, and Werner Lemberg. 9 * 10 * This file is part of the FreeType project, and may only be used, 11 * modified, and distributed under the terms of the FreeType project 12 * license, LICENSE.TXT. By continuing to use, modify, or distribute 13 * this file you indicate that you have read the license and 14 * understand and accept it fully. 15 * 16 */ 17 18 19 /************************************************************************** 20 * 21 * The Type 1 parser is in charge of the following: 22 * 23 * - provide an implementation of a growing sequence of objects called 24 * a `T1_Table' (used to build various tables needed by the loader). 25 * 26 * - opening .pfb and .pfa files to extract their top-level and private 27 * dictionaries. 28 * 29 * - read numbers, arrays & strings from any dictionary. 30 * 31 * See `t1load.c' to see how data is loaded from the font file. 32 * 33 */ 34 35 36 #include <ft2build.h> 37 #include FT_INTERNAL_DEBUG_H 38 #include FT_INTERNAL_STREAM_H 39 #include FT_INTERNAL_POSTSCRIPT_AUX_H 40 41 #include "t1parse.h" 42 43 #include "t1errors.h" 44 45 46 /************************************************************************** 47 * 48 * The macro FT_COMPONENT is used in trace mode. It is an implicit 49 * parameter of the FT_TRACE() and FT_ERROR() macros, used to print/log 50 * messages during execution. 51 */ 52 #undef FT_COMPONENT 53 #define FT_COMPONENT trace_t1parse 54 55 56 /*************************************************************************/ 57 /*************************************************************************/ 58 /*************************************************************************/ 59 /***** *****/ 60 /***** INPUT STREAM PARSER *****/ 61 /***** *****/ 62 /*************************************************************************/ 63 /*************************************************************************/ 64 /*************************************************************************/ 65 66 67 /* see Adobe Technical Note 5040.Download_Fonts.pdf */ 68 69 static FT_Error 70 read_pfb_tag( FT_Stream stream, 71 FT_UShort *atag, 72 FT_ULong *asize ) 73 { 74 FT_Error error; 75 FT_UShort tag; 76 FT_ULong size; 77 78 79 *atag = 0; 80 *asize = 0; 81 82 if ( !FT_READ_USHORT( tag ) ) 83 { 84 if ( tag == 0x8001U || tag == 0x8002U ) 85 { 86 if ( !FT_READ_ULONG_LE( size ) ) 87 *asize = size; 88 } 89 90 *atag = tag; 91 } 92 93 return error; 94 } 95 96 97 static FT_Error 98 check_type1_format( FT_Stream stream, 99 const char* header_string, 100 size_t header_length ) 101 { 102 FT_Error error; 103 FT_UShort tag; 104 FT_ULong dummy; 105 106 107 if ( FT_STREAM_SEEK( 0 ) ) 108 goto Exit; 109 110 error = read_pfb_tag( stream, &tag, &dummy ); 111 if ( error ) 112 goto Exit; 113 114 /* We assume that the first segment in a PFB is always encoded as */ 115 /* text. This might be wrong (and the specification doesn't insist */ 116 /* on that), but we have never seen a counterexample. */ 117 if ( tag != 0x8001U && FT_STREAM_SEEK( 0 ) ) 118 goto Exit; 119 120 if ( !FT_FRAME_ENTER( header_length ) ) 121 { 122 error = FT_Err_Ok; 123 124 if ( ft_memcmp( stream->cursor, header_string, header_length ) != 0 ) 125 error = FT_THROW( Unknown_File_Format ); 126 127 FT_FRAME_EXIT(); 128 } 129 130 Exit: 131 return error; 132 } 133 134 135 FT_LOCAL_DEF( FT_Error ) 136 T1_New_Parser( T1_Parser parser, 137 FT_Stream stream, 138 FT_Memory memory, 139 PSAux_Service psaux ) 140 { 141 FT_Error error; 142 FT_UShort tag; 143 FT_ULong size; 144 145 146 psaux->ps_parser_funcs->init( &parser->root, NULL, NULL, memory ); 147 148 parser->stream = stream; 149 parser->base_len = 0; 150 parser->base_dict = NULL; 151 parser->private_len = 0; 152 parser->private_dict = NULL; 153 parser->in_pfb = 0; 154 parser->in_memory = 0; 155 parser->single_block = 0; 156 157 /* check the header format */ 158 error = check_type1_format( stream, "%!PS-AdobeFont", 14 ); 159 if ( error ) 160 { 161 if ( FT_ERR_NEQ( error, Unknown_File_Format ) ) 162 goto Exit; 163 164 error = check_type1_format( stream, "%!FontType", 10 ); 165 if ( error ) 166 { 167 FT_TRACE2(( " not a Type 1 font\n" )); 168 goto Exit; 169 } 170 } 171 172 /******************************************************************* 173 * 174 * Here a short summary of what is going on: 175 * 176 * When creating a new Type 1 parser, we try to locate and load 177 * the base dictionary if this is possible (i.e., for PFB 178 * files). Otherwise, we load the whole font into memory. 179 * 180 * When `loading' the base dictionary, we only setup pointers 181 * in the case of a memory-based stream. Otherwise, we 182 * allocate and load the base dictionary in it. 183 * 184 * parser->in_pfb is set if we are in a binary (`.pfb') font. 185 * parser->in_memory is set if we have a memory stream. 186 */ 187 188 /* try to compute the size of the base dictionary; */ 189 /* look for a Postscript binary file tag, i.e., 0x8001 */ 190 if ( FT_STREAM_SEEK( 0L ) ) 191 goto Exit; 192 193 error = read_pfb_tag( stream, &tag, &size ); 194 if ( error ) 195 goto Exit; 196 197 if ( tag != 0x8001U ) 198 { 199 /* assume that this is a PFA file for now; an error will */ 200 /* be produced later when more things are checked */ 201 if ( FT_STREAM_SEEK( 0L ) ) 202 goto Exit; 203 size = stream->size; 204 } 205 else 206 parser->in_pfb = 1; 207 208 /* now, try to load `size' bytes of the `base' dictionary we */ 209 /* found previously */ 210 211 /* if it is a memory-based resource, set up pointers */ 212 if ( !stream->read ) 213 { 214 parser->base_dict = (FT_Byte*)stream->base + stream->pos; 215 parser->base_len = size; 216 parser->in_memory = 1; 217 218 /* check that the `size' field is valid */ 219 if ( FT_STREAM_SKIP( size ) ) 220 goto Exit; 221 } 222 else 223 { 224 /* read segment in memory -- this is clumsy, but so does the format */ 225 if ( FT_ALLOC( parser->base_dict, size ) || 226 FT_STREAM_READ( parser->base_dict, size ) ) 227 goto Exit; 228 parser->base_len = size; 229 } 230 231 parser->root.base = parser->base_dict; 232 parser->root.cursor = parser->base_dict; 233 parser->root.limit = parser->root.cursor + parser->base_len; 234 235 Exit: 236 if ( error && !parser->in_memory ) 237 FT_FREE( parser->base_dict ); 238 239 return error; 240 } 241 242 243 FT_LOCAL_DEF( void ) 244 T1_Finalize_Parser( T1_Parser parser ) 245 { 246 FT_Memory memory = parser->root.memory; 247 248 249 /* always free the private dictionary */ 250 FT_FREE( parser->private_dict ); 251 252 /* free the base dictionary only when we have a disk stream */ 253 if ( !parser->in_memory ) 254 FT_FREE( parser->base_dict ); 255 256 parser->root.funcs.done( &parser->root ); 257 } 258 259 260 FT_LOCAL_DEF( FT_Error ) 261 T1_Get_Private_Dict( T1_Parser parser, 262 PSAux_Service psaux ) 263 { 264 FT_Stream stream = parser->stream; 265 FT_Memory memory = parser->root.memory; 266 FT_Error error = FT_Err_Ok; 267 FT_ULong size; 268 269 270 if ( parser->in_pfb ) 271 { 272 /* in the case of the PFB format, the private dictionary can be */ 273 /* made of several segments. We thus first read the number of */ 274 /* segments to compute the total size of the private dictionary */ 275 /* then re-read them into memory. */ 276 FT_ULong start_pos = FT_STREAM_POS(); 277 FT_UShort tag; 278 279 280 parser->private_len = 0; 281 for (;;) 282 { 283 error = read_pfb_tag( stream, &tag, &size ); 284 if ( error ) 285 goto Fail; 286 287 if ( tag != 0x8002U ) 288 break; 289 290 parser->private_len += size; 291 292 if ( FT_STREAM_SKIP( size ) ) 293 goto Fail; 294 } 295 296 /* Check that we have a private dictionary there */ 297 /* and allocate private dictionary buffer */ 298 if ( parser->private_len == 0 ) 299 { 300 FT_ERROR(( "T1_Get_Private_Dict:" 301 " invalid private dictionary section\n" )); 302 error = FT_THROW( Invalid_File_Format ); 303 goto Fail; 304 } 305 306 if ( FT_STREAM_SEEK( start_pos ) || 307 FT_ALLOC( parser->private_dict, parser->private_len ) ) 308 goto Fail; 309 310 parser->private_len = 0; 311 for (;;) 312 { 313 error = read_pfb_tag( stream, &tag, &size ); 314 if ( error || tag != 0x8002U ) 315 { 316 error = FT_Err_Ok; 317 break; 318 } 319 320 if ( FT_STREAM_READ( parser->private_dict + parser->private_len, 321 size ) ) 322 goto Fail; 323 324 parser->private_len += size; 325 } 326 } 327 else 328 { 329 /* We have already `loaded' the whole PFA font file into memory; */ 330 /* if this is a memory resource, allocate a new block to hold */ 331 /* the private dict. Otherwise, simply overwrite into the base */ 332 /* dictionary block in the heap. */ 333 334 /* first of all, look at the `eexec' keyword */ 335 FT_Byte* cur = parser->base_dict; 336 FT_Byte* limit = cur + parser->base_len; 337 FT_Pointer pos_lf; 338 FT_Bool test_cr; 339 340 341 Again: 342 for (;;) 343 { 344 if ( cur[0] == 'e' && 345 cur + 9 < limit ) /* 9 = 5 letters for `eexec' + */ 346 /* whitespace + 4 chars */ 347 { 348 if ( cur[1] == 'e' && 349 cur[2] == 'x' && 350 cur[3] == 'e' && 351 cur[4] == 'c' ) 352 break; 353 } 354 cur++; 355 if ( cur >= limit ) 356 { 357 FT_ERROR(( "T1_Get_Private_Dict:" 358 " could not find `eexec' keyword\n" )); 359 error = FT_THROW( Invalid_File_Format ); 360 goto Exit; 361 } 362 } 363 364 /* check whether `eexec' was real -- it could be in a comment */ 365 /* or string (as e.g. in u003043t.gsf from ghostscript) */ 366 367 parser->root.cursor = parser->base_dict; 368 /* set limit to `eexec' + whitespace + 4 characters */ 369 parser->root.limit = cur + 10; 370 371 cur = parser->root.cursor; 372 limit = parser->root.limit; 373 374 while ( cur < limit ) 375 { 376 if ( cur[0] == 'e' && 377 cur + 5 < limit ) 378 { 379 if ( cur[1] == 'e' && 380 cur[2] == 'x' && 381 cur[3] == 'e' && 382 cur[4] == 'c' ) 383 goto Found; 384 } 385 386 T1_Skip_PS_Token( parser ); 387 if ( parser->root.error ) 388 break; 389 T1_Skip_Spaces ( parser ); 390 cur = parser->root.cursor; 391 } 392 393 /* we haven't found the correct `eexec'; go back and continue */ 394 /* searching */ 395 396 cur = limit; 397 limit = parser->base_dict + parser->base_len; 398 399 if ( cur >= limit ) 400 { 401 FT_ERROR(( "T1_Get_Private_Dict:" 402 " premature end in private dictionary\n" )); 403 error = FT_THROW( Invalid_File_Format ); 404 goto Exit; 405 } 406 407 goto Again; 408 409 /* now determine where to write the _encrypted_ binary private */ 410 /* dictionary. We overwrite the base dictionary for disk-based */ 411 /* resources and allocate a new block otherwise */ 412 413 Found: 414 parser->root.limit = parser->base_dict + parser->base_len; 415 416 T1_Skip_PS_Token( parser ); 417 cur = parser->root.cursor; 418 limit = parser->root.limit; 419 420 /* According to the Type 1 spec, the first cipher byte must not be */ 421 /* an ASCII whitespace character code (blank, tab, carriage return */ 422 /* or line feed). We have seen Type 1 fonts with two line feed */ 423 /* characters... So skip now all whitespace character codes. */ 424 /* */ 425 /* On the other hand, Adobe's Type 1 parser handles fonts just */ 426 /* fine that are violating this limitation, so we add a heuristic */ 427 /* test to stop at \r only if it is not used for EOL. */ 428 429 pos_lf = ft_memchr( cur, '\n', (size_t)( limit - cur ) ); 430 test_cr = FT_BOOL( !pos_lf || 431 pos_lf > ft_memchr( cur, 432 '\r', 433 (size_t)( limit - cur ) ) ); 434 435 while ( cur < limit && 436 ( *cur == ' ' || 437 *cur == '\t' || 438 (test_cr && *cur == '\r' ) || 439 *cur == '\n' ) ) 440 cur++; 441 if ( cur >= limit ) 442 { 443 FT_ERROR(( "T1_Get_Private_Dict:" 444 " `eexec' not properly terminated\n" )); 445 error = FT_THROW( Invalid_File_Format ); 446 goto Exit; 447 } 448 449 size = parser->base_len - (FT_ULong)( cur - parser->base_dict ); 450 451 if ( parser->in_memory ) 452 { 453 /* note that we allocate one more byte to put a terminating `0' */ 454 if ( FT_ALLOC( parser->private_dict, size + 1 ) ) 455 goto Fail; 456 parser->private_len = size; 457 } 458 else 459 { 460 parser->single_block = 1; 461 parser->private_dict = parser->base_dict; 462 parser->private_len = size; 463 parser->base_dict = NULL; 464 parser->base_len = 0; 465 } 466 467 /* now determine whether the private dictionary is encoded in binary */ 468 /* or hexadecimal ASCII format -- decode it accordingly */ 469 470 /* we need to access the next 4 bytes (after the final whitespace */ 471 /* following the `eexec' keyword); if they all are hexadecimal */ 472 /* digits, then we have a case of ASCII storage */ 473 474 if ( cur + 3 < limit && 475 ft_isxdigit( cur[0] ) && ft_isxdigit( cur[1] ) && 476 ft_isxdigit( cur[2] ) && ft_isxdigit( cur[3] ) ) 477 { 478 /* ASCII hexadecimal encoding */ 479 FT_ULong len; 480 481 482 parser->root.cursor = cur; 483 (void)psaux->ps_parser_funcs->to_bytes( &parser->root, 484 parser->private_dict, 485 parser->private_len, 486 &len, 487 0 ); 488 parser->private_len = len; 489 490 /* put a safeguard */ 491 parser->private_dict[len] = '\0'; 492 } 493 else 494 /* binary encoding -- copy the private dict */ 495 FT_MEM_MOVE( parser->private_dict, cur, size ); 496 } 497 498 /* we now decrypt the encoded binary private dictionary */ 499 psaux->t1_decrypt( parser->private_dict, parser->private_len, 55665U ); 500 501 if ( parser->private_len < 4 ) 502 { 503 FT_ERROR(( "T1_Get_Private_Dict:" 504 " invalid private dictionary section\n" )); 505 error = FT_THROW( Invalid_File_Format ); 506 goto Fail; 507 } 508 509 /* replace the four random bytes at the beginning with whitespace */ 510 parser->private_dict[0] = ' '; 511 parser->private_dict[1] = ' '; 512 parser->private_dict[2] = ' '; 513 parser->private_dict[3] = ' '; 514 515 parser->root.base = parser->private_dict; 516 parser->root.cursor = parser->private_dict; 517 parser->root.limit = parser->root.cursor + parser->private_len; 518 519 Fail: 520 Exit: 521 return error; 522 } 523 524 525 /* END */ 526
