1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "content/common/child_process_sandbox_support_impl_linux.h"
6
7#include <sys/stat.h>
8
9#include "base/debug/trace_event.h"
10#include "base/memory/scoped_ptr.h"
11#include "base/pickle.h"
12#include "base/posix/eintr_wrapper.h"
13#include "base/posix/unix_domain_socket_linux.h"
14#include "base/safe_numerics.h"
15#include "base/sys_byteorder.h"
16#include "content/common/sandbox_linux/sandbox_linux.h"
17#include "third_party/WebKit/public/platform/linux/WebFontFamily.h"
18#include "third_party/WebKit/public/platform/linux/WebFontRenderStyle.h"
19
20namespace content {
21
22void GetFontFamilyForCharacter(int32_t character,
23                               const char* preferred_locale,
24                               blink::WebFontFamily* family) {
25  TRACE_EVENT0("sandbox_ipc", "GetFontFamilyForCharacter");
26
27  Pickle request;
28  request.WriteInt(LinuxSandbox::METHOD_GET_FONT_FAMILY_FOR_CHAR);
29  request.WriteInt(character);
30  request.WriteString(preferred_locale);
31
32  uint8_t buf[512];
33  const ssize_t n = UnixDomainSocket::SendRecvMsg(GetSandboxFD(), buf,
34                                                  sizeof(buf), NULL, request);
35
36  std::string family_name;
37  bool isBold = false;
38  bool isItalic = false;
39  if (n != -1) {
40    Pickle reply(reinterpret_cast<char*>(buf), n);
41    PickleIterator pickle_iter(reply);
42    if (reply.ReadString(&pickle_iter, &family_name) &&
43        reply.ReadBool(&pickle_iter, &isBold) &&
44        reply.ReadBool(&pickle_iter, &isItalic)) {
45      family->name = family_name;
46      family->isBold = isBold;
47      family->isItalic = isItalic;
48    }
49  }
50}
51
52void GetRenderStyleForStrike(const char* family, int sizeAndStyle,
53                             blink::WebFontRenderStyle* out) {
54  TRACE_EVENT0("sandbox_ipc", "GetRenderStyleForStrike");
55
56  Pickle request;
57  request.WriteInt(LinuxSandbox::METHOD_GET_STYLE_FOR_STRIKE);
58  request.WriteString(family);
59  request.WriteInt(sizeAndStyle);
60
61  uint8_t buf[512];
62  const ssize_t n = UnixDomainSocket::SendRecvMsg(GetSandboxFD(), buf,
63                                                  sizeof(buf), NULL, request);
64
65  out->setDefaults();
66  if (n == -1) {
67    return;
68  }
69
70  Pickle reply(reinterpret_cast<char*>(buf), n);
71  PickleIterator pickle_iter(reply);
72  int useBitmaps, useAutoHint, useHinting, hintStyle, useAntiAlias;
73  int useSubpixelRendering, useSubpixelPositioning;
74  if (reply.ReadInt(&pickle_iter, &useBitmaps) &&
75      reply.ReadInt(&pickle_iter, &useAutoHint) &&
76      reply.ReadInt(&pickle_iter, &useHinting) &&
77      reply.ReadInt(&pickle_iter, &hintStyle) &&
78      reply.ReadInt(&pickle_iter, &useAntiAlias) &&
79      reply.ReadInt(&pickle_iter, &useSubpixelRendering) &&
80      reply.ReadInt(&pickle_iter, &useSubpixelPositioning)) {
81    out->useBitmaps = useBitmaps;
82    out->useAutoHint = useAutoHint;
83    out->useHinting = useHinting;
84    out->hintStyle = hintStyle;
85    out->useAntiAlias = useAntiAlias;
86    out->useSubpixelRendering = useSubpixelRendering;
87    out->useSubpixelPositioning = useSubpixelPositioning;
88  }
89}
90
91int MatchFontWithFallback(const std::string& face, bool bold,
92                          bool italic, int charset) {
93  TRACE_EVENT0("sandbox_ipc", "MatchFontWithFallback");
94
95  Pickle request;
96  request.WriteInt(LinuxSandbox::METHOD_MATCH_WITH_FALLBACK);
97  request.WriteString(face);
98  request.WriteBool(bold);
99  request.WriteBool(italic);
100  request.WriteUInt32(charset);
101  uint8_t reply_buf[64];
102  int fd = -1;
103  UnixDomainSocket::SendRecvMsg(GetSandboxFD(), reply_buf, sizeof(reply_buf),
104                                &fd, request);
105  return fd;
106}
107
108bool GetFontTable(int fd, uint32_t table_tag, off_t offset,
109                  uint8_t* output, size_t* output_length) {
110  if (offset < 0)
111    return false;
112
113  size_t data_length = 0;  // the length of the file data.
114  off_t data_offset = 0;   // the offset of the data in the file.
115  if (table_tag == 0) {
116    // Get the entire font file.
117    struct stat st;
118    if (fstat(fd, &st) < 0)
119      return false;
120    data_length = base::checked_numeric_cast<size_t>(st.st_size);
121  } else {
122    // Get a font table. Read the header to find its offset in the file.
123    uint16_t num_tables;
124    ssize_t n = HANDLE_EINTR(pread(fd, &num_tables, sizeof(num_tables),
125                             4 /* skip the font type */));
126    if (n != sizeof(num_tables))
127      return false;
128    // Font data is stored in net (big-endian) order.
129    num_tables = base::NetToHost16(num_tables);
130
131    // Read the table directory.
132    static const size_t kTableEntrySize = 16;
133    const size_t directory_size = num_tables * kTableEntrySize;
134    scoped_ptr<uint8_t[]> table_entries(new uint8_t[directory_size]);
135    n = HANDLE_EINTR(pread(fd, table_entries.get(), directory_size,
136                           12 /* skip the SFNT header */));
137    if (n != base::checked_numeric_cast<ssize_t>(directory_size))
138      return false;
139
140    for (uint16_t i = 0; i < num_tables; ++i) {
141      uint8_t* entry = table_entries.get() + i * kTableEntrySize;
142      uint32_t tag = *reinterpret_cast<uint32_t*>(entry);
143      if (tag == table_tag) {
144        // Font data is stored in net (big-endian) order.
145        data_offset =
146            base::NetToHost32(*reinterpret_cast<uint32_t*>(entry + 8));
147        data_length =
148            base::NetToHost32(*reinterpret_cast<uint32_t*>(entry + 12));
149        break;
150      }
151    }
152  }
153
154  if (!data_length)
155    return false;
156  // Clamp |offset| inside the allowable range. This allows the read to succeed
157  // but return 0 bytes.
158  offset = std::min(offset, base::checked_numeric_cast<off_t>(data_length));
159  // Make sure it's safe to add the data offset and the caller's logical offset.
160  // Define the maximum positive offset on 32 bit systems.
161  static const off_t kMaxPositiveOffset32 = 0x7FFFFFFF;  // 2 GB - 1.
162  if ((offset > kMaxPositiveOffset32 / 2) ||
163      (data_offset > kMaxPositiveOffset32 / 2))
164    return false;
165  data_offset += offset;
166  data_length -= offset;
167
168  if (output) {
169    // 'output_length' holds the maximum amount of data the caller can accept.
170    data_length = std::min(data_length, *output_length);
171    ssize_t n = HANDLE_EINTR(pread(fd, output, data_length, data_offset));
172    if (n != base::checked_numeric_cast<ssize_t>(data_length))
173      return false;
174  }
175  *output_length = data_length;
176
177  return true;
178}
179
180}  // namespace content
181