Home | History | Annotate | Download | only in common 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "content/common/child_process_sandbox_support_impl_linux.h"
      6 
      7 #include <sys/stat.h>
      8 
      9 #include "base/debug/trace_event.h"
     10 #include "base/memory/scoped_ptr.h"
     11 #include "base/pickle.h"
     12 #include "base/posix/eintr_wrapper.h"
     13 #include "base/posix/unix_domain_socket_linux.h"
     14 #include "base/safe_numerics.h"
     15 #include "base/sys_byteorder.h"
     16 #include "content/common/sandbox_linux/sandbox_linux.h"
     17 #include "third_party/WebKit/public/platform/linux/WebFontFamily.h"
     18 #include "third_party/WebKit/public/platform/linux/WebFontRenderStyle.h"
     19 
     20 namespace content {
     21 
     22 void GetFontFamilyForCharacter(int32_t character,
     23                                const char* preferred_locale,
     24                                blink::WebFontFamily* family) {
     25   TRACE_EVENT0("sandbox_ipc", "GetFontFamilyForCharacter");
     26 
     27   Pickle request;
     28   request.WriteInt(LinuxSandbox::METHOD_GET_FONT_FAMILY_FOR_CHAR);
     29   request.WriteInt(character);
     30   request.WriteString(preferred_locale);
     31 
     32   uint8_t buf[512];
     33   const ssize_t n = UnixDomainSocket::SendRecvMsg(GetSandboxFD(), buf,
     34                                                   sizeof(buf), NULL, request);
     35 
     36   std::string family_name;
     37   bool isBold = false;
     38   bool isItalic = false;
     39   if (n != -1) {
     40     Pickle reply(reinterpret_cast<char*>(buf), n);
     41     PickleIterator pickle_iter(reply);
     42     if (reply.ReadString(&pickle_iter, &family_name) &&
     43         reply.ReadBool(&pickle_iter, &isBold) &&
     44         reply.ReadBool(&pickle_iter, &isItalic)) {
     45       family->name = family_name;
     46       family->isBold = isBold;
     47       family->isItalic = isItalic;
     48     }
     49   }
     50 }
     51 
     52 void GetRenderStyleForStrike(const char* family, int sizeAndStyle,
     53                              blink::WebFontRenderStyle* out) {
     54   TRACE_EVENT0("sandbox_ipc", "GetRenderStyleForStrike");
     55 
     56   Pickle request;
     57   request.WriteInt(LinuxSandbox::METHOD_GET_STYLE_FOR_STRIKE);
     58   request.WriteString(family);
     59   request.WriteInt(sizeAndStyle);
     60 
     61   uint8_t buf[512];
     62   const ssize_t n = UnixDomainSocket::SendRecvMsg(GetSandboxFD(), buf,
     63                                                   sizeof(buf), NULL, request);
     64 
     65   out->setDefaults();
     66   if (n == -1) {
     67     return;
     68   }
     69 
     70   Pickle reply(reinterpret_cast<char*>(buf), n);
     71   PickleIterator pickle_iter(reply);
     72   int useBitmaps, useAutoHint, useHinting, hintStyle, useAntiAlias;
     73   int useSubpixelRendering, useSubpixelPositioning;
     74   if (reply.ReadInt(&pickle_iter, &useBitmaps) &&
     75       reply.ReadInt(&pickle_iter, &useAutoHint) &&
     76       reply.ReadInt(&pickle_iter, &useHinting) &&
     77       reply.ReadInt(&pickle_iter, &hintStyle) &&
     78       reply.ReadInt(&pickle_iter, &useAntiAlias) &&
     79       reply.ReadInt(&pickle_iter, &useSubpixelRendering) &&
     80       reply.ReadInt(&pickle_iter, &useSubpixelPositioning)) {
     81     out->useBitmaps = useBitmaps;
     82     out->useAutoHint = useAutoHint;
     83     out->useHinting = useHinting;
     84     out->hintStyle = hintStyle;
     85     out->useAntiAlias = useAntiAlias;
     86     out->useSubpixelRendering = useSubpixelRendering;
     87     out->useSubpixelPositioning = useSubpixelPositioning;
     88   }
     89 }
     90 
     91 int MatchFontWithFallback(const std::string& face, bool bold,
     92                           bool italic, int charset) {
     93   TRACE_EVENT0("sandbox_ipc", "MatchFontWithFallback");
     94 
     95   Pickle request;
     96   request.WriteInt(LinuxSandbox::METHOD_MATCH_WITH_FALLBACK);
     97   request.WriteString(face);
     98   request.WriteBool(bold);
     99   request.WriteBool(italic);
    100   request.WriteUInt32(charset);
    101   uint8_t reply_buf[64];
    102   int fd = -1;
    103   UnixDomainSocket::SendRecvMsg(GetSandboxFD(), reply_buf, sizeof(reply_buf),
    104                                 &fd, request);
    105   return fd;
    106 }
    107 
    108 bool GetFontTable(int fd, uint32_t table_tag, off_t offset,
    109                   uint8_t* output, size_t* output_length) {
    110   if (offset < 0)
    111     return false;
    112 
    113   size_t data_length = 0;  // the length of the file data.
    114   off_t data_offset = 0;   // the offset of the data in the file.
    115   if (table_tag == 0) {
    116     // Get the entire font file.
    117     struct stat st;
    118     if (fstat(fd, &st) < 0)
    119       return false;
    120     data_length = base::checked_numeric_cast<size_t>(st.st_size);
    121   } else {
    122     // Get a font table. Read the header to find its offset in the file.
    123     uint16_t num_tables;
    124     ssize_t n = HANDLE_EINTR(pread(fd, &num_tables, sizeof(num_tables),
    125                              4 /* skip the font type */));
    126     if (n != sizeof(num_tables))
    127       return false;
    128     // Font data is stored in net (big-endian) order.
    129     num_tables = base::NetToHost16(num_tables);
    130 
    131     // Read the table directory.
    132     static const size_t kTableEntrySize = 16;
    133     const size_t directory_size = num_tables * kTableEntrySize;
    134     scoped_ptr<uint8_t[]> table_entries(new uint8_t[directory_size]);
    135     n = HANDLE_EINTR(pread(fd, table_entries.get(), directory_size,
    136                            12 /* skip the SFNT header */));
    137     if (n != base::checked_numeric_cast<ssize_t>(directory_size))
    138       return false;
    139 
    140     for (uint16_t i = 0; i < num_tables; ++i) {
    141       uint8_t* entry = table_entries.get() + i * kTableEntrySize;
    142       uint32_t tag = *reinterpret_cast<uint32_t*>(entry);
    143       if (tag == table_tag) {
    144         // Font data is stored in net (big-endian) order.
    145         data_offset =
    146             base::NetToHost32(*reinterpret_cast<uint32_t*>(entry + 8));
    147         data_length =
    148             base::NetToHost32(*reinterpret_cast<uint32_t*>(entry + 12));
    149         break;
    150       }
    151     }
    152   }
    153 
    154   if (!data_length)
    155     return false;
    156   // Clamp |offset| inside the allowable range. This allows the read to succeed
    157   // but return 0 bytes.
    158   offset = std::min(offset, base::checked_numeric_cast<off_t>(data_length));
    159   // Make sure it's safe to add the data offset and the caller's logical offset.
    160   // Define the maximum positive offset on 32 bit systems.
    161   static const off_t kMaxPositiveOffset32 = 0x7FFFFFFF;  // 2 GB - 1.
    162   if ((offset > kMaxPositiveOffset32 / 2) ||
    163       (data_offset > kMaxPositiveOffset32 / 2))
    164     return false;
    165   data_offset += offset;
    166   data_length -= offset;
    167 
    168   if (output) {
    169     // 'output_length' holds the maximum amount of data the caller can accept.
    170     data_length = std::min(data_length, *output_length);
    171     ssize_t n = HANDLE_EINTR(pread(fd, output, data_length, data_offset));
    172     if (n != base::checked_numeric_cast<ssize_t>(data_length))
    173       return false;
    174   }
    175   *output_length = data_length;
    176 
    177   return true;
    178 }
    179 
    180 }  // namespace content
    181