1/* 2 * Copyright (c) 2008, 2009, Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * * Neither the name of Google Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived from 16 * this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31#include <stdint.h> 32#include <stdlib.h> 33#include <string.h> 34 35#include "wtf/ByteOrder.h" 36 37// Buffer helper class 38// 39// This class perform some trival buffer operations while checking for 40// out-of-bounds errors. As a family they return false if anything is amiss, 41// updating the current offset otherwise. 42class Buffer { 43public: 44 Buffer(const uint8_t* buffer, size_t length) 45 : m_buffer(buffer) 46 , m_length(length) 47 , m_offset(0) { } 48 49 bool skip(size_t numBytes) 50 { 51 if (m_offset + numBytes > m_length) 52 return false; 53 m_offset += numBytes; 54 return true; 55 } 56 57 bool readU8(uint8_t* value) 58 { 59 if (m_offset + sizeof(uint8_t) > m_length) 60 return false; 61 *value = m_buffer[m_offset]; 62 m_offset += sizeof(uint8_t); 63 return true; 64 } 65 66 bool readU16(uint16_t* value) 67 { 68 if (m_offset + sizeof(uint16_t) > m_length) 69 return false; 70 memcpy(value, m_buffer + m_offset, sizeof(uint16_t)); 71 *value = ntohs(*value); 72 m_offset += sizeof(uint16_t); 73 return true; 74 } 75 76 bool readS16(int16_t* value) 77 { 78 return readU16(reinterpret_cast<uint16_t*>(value)); 79 } 80 81 size_t offset() const 82 { 83 return m_offset; 84 } 85 86 void setOffset(size_t newoffset) 87 { 88 m_offset = newoffset; 89 } 90 91private: 92 const uint8_t *const m_buffer; 93 const size_t m_length; 94 size_t m_offset; 95}; 96 97// VDMX parsing code. 98// 99// VDMX tables are found in some TrueType/OpenType fonts and contain 100// ascender/descender overrides for certain (usually small) sizes. This is 101// needed in order to match font metrics on Windows. 102// 103// Freetype does not parse these tables so we do so here. 104 105namespace WebCore { 106 107// Parse a TrueType VDMX table. 108// yMax: (output) the ascender value from the table 109// yMin: (output) the descender value from the table (negative!) 110// vdmx: the table bytes 111// vdmxLength: length of @vdmx, in bytes 112// targetPixelSize: the pixel size of the font (e.g. 16) 113// 114// Returns true iff a suitable match are found. Otherwise, *yMax and *yMin are 115// untouched. size_t must be 32-bits to avoid overflow. 116// 117// See http://www.microsoft.com/opentype/otspec/vdmx.htm 118bool parseVDMX(int* yMax, int* yMin, 119 const uint8_t* vdmx, size_t vdmxLength, 120 unsigned targetPixelSize) 121{ 122 Buffer buf(vdmx, vdmxLength); 123 124 // We ignore the version. Future tables should be backwards compatible with 125 // this layout. 126 uint16_t numRatios; 127 if (!buf.skip(4) || !buf.readU16(&numRatios)) 128 return false; 129 130 // Now we have two tables. Firstly we have @numRatios Ratio records, then a 131 // matching array of @numRatios offsets. We save the offset of the beginning 132 // of this second table. 133 // 134 // Range 6 <= x <= 262146 135 unsigned long offsetTableOffset = 136 buf.offset() + 4 /* sizeof struct ratio */ * numRatios; 137 138 unsigned desiredRatio = 0xffffffff; 139 // We read 4 bytes per record, so the offset range is 140 // 6 <= x <= 524286 141 for (unsigned i = 0; i < numRatios; ++i) { 142 uint8_t xRatio, yRatio1, yRatio2; 143 144 if (!buf.skip(1) 145 || !buf.readU8(&xRatio) 146 || !buf.readU8(&yRatio1) 147 || !buf.readU8(&yRatio2)) 148 return false; 149 150 // This either covers 1:1, or this is the default entry (0, 0, 0) 151 if ((xRatio == 1 && yRatio1 <= 1 && yRatio2 >= 1) 152 || (xRatio == 0 && yRatio1 == 0 && yRatio2 == 0)) { 153 desiredRatio = i; 154 break; 155 } 156 } 157 158 if (desiredRatio == 0xffffffff) // no ratio found 159 return false; 160 161 // Range 10 <= x <= 393216 162 buf.setOffset(offsetTableOffset + sizeof(uint16_t) * desiredRatio); 163 164 // Now we read from the offset table to get the offset of another array 165 uint16_t groupOffset; 166 if (!buf.readU16(&groupOffset)) 167 return false; 168 // Range 0 <= x <= 65535 169 buf.setOffset(groupOffset); 170 171 uint16_t numRecords; 172 if (!buf.readU16(&numRecords) || !buf.skip(sizeof(uint16_t))) 173 return false; 174 175 // We read 6 bytes per record, so the offset range is 176 // 4 <= x <= 458749 177 for (unsigned i = 0; i < numRecords; ++i) { 178 uint16_t pixelSize; 179 if (!buf.readU16(&pixelSize)) 180 return false; 181 // the entries are sorted, so we can abort early if need be 182 if (pixelSize > targetPixelSize) 183 return false; 184 185 if (pixelSize == targetPixelSize) { 186 int16_t tempYMax, tempYMin; 187 if (!buf.readS16(&tempYMax) 188 || !buf.readS16(&tempYMin)) 189 return false; 190 *yMin = tempYMin; 191 *yMax = tempYMax; 192 return true; 193 } 194 if (!buf.skip(2 * sizeof(int16_t))) 195 return false; 196 } 197 198 return false; 199} 200 201} // namespace WebCore 202