Home | History | Annotate | Download | only in chromium 
      1 /*
      2  * Copyright (c) 2008, 2009, Google Inc. All rights reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions are
      6  * met:
      7  *
      8  *     * Redistributions of source code must retain the above copyright
      9  * notice, this list of conditions and the following disclaimer.
     10  *     * Redistributions in binary form must reproduce the above
     11  * copyright notice, this list of conditions and the following disclaimer
     12  * in the documentation and/or other materials provided with the
     13  * distribution.
     14  *     * Neither the name of Google Inc. nor the names of its
     15  * contributors may be used to endorse or promote products derived from
     16  * this software without specific prior written permission.
     17  *
     18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     29  */
     30 
     31 #include <stdint.h>
     32 #include <stdlib.h>
     33 #include <string.h>
     34 #include <sys/types.h>
     35 
     36 // For htons/ntohs
     37 #include <arpa/inet.h>
     38 
     39 // Buffer helper class
     40 //
     41 // This class perform some trival buffer operations while checking for
     42 // out-of-bounds errors. As a family they return false if anything is amiss,
     43 // updating the current offset otherwise.
     44 class Buffer {
     45 public:
     46     Buffer(const uint8_t* buffer, size_t length)
     47         : m_buffer(buffer)
     48         , m_length(length)
     49         , m_offset(0) { }
     50 
     51     bool skip(size_t numBytes)
     52     {
     53         if (m_offset + numBytes > m_length)
     54             return false;
     55         m_offset += numBytes;
     56         return true;
     57     }
     58 
     59     bool readU8(uint8_t* value)
     60     {
     61         if (m_offset + sizeof(uint8_t) > m_length)
     62             return false;
     63         *value = m_buffer[m_offset];
     64         m_offset += sizeof(uint8_t);
     65         return true;
     66     }
     67 
     68     bool readU16(uint16_t* value)
     69     {
     70         if (m_offset + sizeof(uint16_t) > m_length)
     71             return false;
     72         memcpy(value, m_buffer + m_offset, sizeof(uint16_t));
     73         *value = ntohs(*value);
     74         m_offset += sizeof(uint16_t);
     75         return true;
     76     }
     77 
     78     bool readS16(int16_t* value)
     79     {
     80         return readU16(reinterpret_cast<uint16_t*>(value));
     81     }
     82 
     83     size_t offset() const
     84     {
     85         return m_offset;
     86     }
     87 
     88     void setOffset(size_t newoffset)
     89     {
     90         m_offset = newoffset;
     91     }
     92 
     93 private:
     94     const uint8_t *const m_buffer;
     95     const size_t m_length;
     96     size_t m_offset;
     97 };
     98 
     99 // VDMX parsing code.
    100 //
    101 // VDMX tables are found in some TrueType/OpenType fonts and contain
    102 // ascender/descender overrides for certain (usually small) sizes. This is
    103 // needed in order to match font metrics on Windows.
    104 //
    105 // Freetype does not parse these tables so we do so here.
    106 
    107 namespace WebCore {
    108 
    109 // Parse a TrueType VDMX table.
    110 //   yMax: (output) the ascender value from the table
    111 //   yMin: (output) the descender value from the table (negative!)
    112 //   vdmx: the table bytes
    113 //   vdmxLength: length of @vdmx, in bytes
    114 //   targetPixelSize: the pixel size of the font (e.g. 16)
    115 //
    116 // Returns true iff a suitable match are found. Otherwise, *yMax and *yMin are
    117 // untouched. size_t must be 32-bits to avoid overflow.
    118 //
    119 // See http://www.microsoft.com/opentype/otspec/vdmx.htm
    120 bool parseVDMX(int* yMax, int* yMin,
    121                const uint8_t* vdmx, size_t vdmxLength,
    122                unsigned targetPixelSize)
    123 {
    124     Buffer buf(vdmx, vdmxLength);
    125 
    126     // We ignore the version. Future tables should be backwards compatible with
    127     // this layout.
    128     uint16_t numRatios;
    129     if (!buf.skip(4) || !buf.readU16(&numRatios))
    130         return false;
    131 
    132     // Now we have two tables. Firstly we have @numRatios Ratio records, then a
    133     // matching array of @numRatios offsets. We save the offset of the beginning
    134     // of this second table.
    135     //
    136     // Range 6 <= x <= 262146
    137     unsigned long offsetTableOffset =
    138         buf.offset() + 4 /* sizeof struct ratio */ * numRatios;
    139 
    140     unsigned desiredRatio = 0xffffffff;
    141     // We read 4 bytes per record, so the offset range is
    142     //   6 <= x <= 524286
    143     for (unsigned i = 0; i < numRatios; ++i) {
    144         uint8_t xRatio, yRatio1, yRatio2;
    145 
    146         if (!buf.skip(1)
    147             || !buf.readU8(&xRatio)
    148             || !buf.readU8(&yRatio1)
    149             || !buf.readU8(&yRatio2))
    150             return false;
    151 
    152         // This either covers 1:1, or this is the default entry (0, 0, 0)
    153         if ((xRatio == 1 && yRatio1 <= 1 && yRatio2 >= 1)
    154             || (xRatio == 0 && yRatio1 == 0 && yRatio2 == 0)) {
    155             desiredRatio = i;
    156             break;
    157         }
    158     }
    159 
    160     if (desiredRatio == 0xffffffff) // no ratio found
    161         return false;
    162 
    163     // Range 10 <= x <= 393216
    164     buf.setOffset(offsetTableOffset + sizeof(uint16_t) * desiredRatio);
    165 
    166     // Now we read from the offset table to get the offset of another array
    167     uint16_t groupOffset;
    168     if (!buf.readU16(&groupOffset))
    169         return false;
    170     // Range 0 <= x <= 65535
    171     buf.setOffset(groupOffset);
    172 
    173     uint16_t numRecords;
    174     if (!buf.readU16(&numRecords) || !buf.skip(sizeof(uint16_t)))
    175         return false;
    176 
    177     // We read 6 bytes per record, so the offset range is
    178     //   4 <= x <= 458749
    179     for (unsigned i = 0; i < numRecords; ++i) {
    180         uint16_t pixelSize;
    181         if (!buf.readU16(&pixelSize))
    182             return false;
    183         // the entries are sorted, so we can abort early if need be
    184         if (pixelSize > targetPixelSize)
    185             return false;
    186 
    187         if (pixelSize == targetPixelSize) {
    188             int16_t tempYMax, tempYMin;
    189             if (!buf.readS16(&tempYMax)
    190                 || !buf.readS16(&tempYMin))
    191                 return false;
    192             *yMin = tempYMin;
    193             *yMax = tempYMax;
    194             return true;
    195         }
    196         if (!buf.skip(2 * sizeof(int16_t)))
    197             return false;
    198     }
    199 
    200     return false;
    201 }
    202 
    203 } // namespace WebCore
    204