hb-open-type-private.hh revision 01c01618e98283611628cd54d5ba4bf122f24cd9
1/* 2 * Copyright (C) 2007,2008,2009,2010 Red Hat, Inc. 3 * 4 * This is part of HarfBuzz, an OpenType Layout engine library. 5 * 6 * Permission is hereby granted, without written agreement and without 7 * license or royalty fees, to use, copy, modify, and distribute this 8 * software and its documentation for any purpose, provided that the 9 * above copyright notice and the following two paragraphs appear in 10 * all copies of this software. 11 * 12 * IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR 13 * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES 14 * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN 15 * IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH 16 * DAMAGE. 17 * 18 * THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, 19 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND 20 * FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS 21 * ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO 22 * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. 23 * 24 * Red Hat Author(s): Behdad Esfahbod 25 */ 26 27#ifndef HB_OPEN_TYPES_PRIVATE_HH 28#define HB_OPEN_TYPES_PRIVATE_HH 29 30#include "hb-private.h" 31 32#include "hb-blob.h" 33 34 35#define NO_INDEX ((unsigned int) 0xFFFF) 36 37 38/* 39 * Casts 40 */ 41 42template <typename Type> inline const char * ConstCharP (const Type X) { return reinterpret_cast<const char *>(X); } 43template <typename Type> inline char * CharP (Type X) { return reinterpret_cast<char *>(X); } 44template <typename Type> inline char * DeConstCharP (const Type X) { return (char *) reinterpret_cast<const char *>(X); } 45 46#define CONST_CAST(T,X,Ofs) (*(reinterpret_cast<const T *>(ConstCharP(&(X)) + Ofs))) 47#define DECONST_CAST(T,X,Ofs) (*(reinterpret_cast<T *>((char *)ConstCharP(&(X)) + Ofs))) 48#define CAST(T,X,Ofs) (*(reinterpret_cast<T *>(CharP(&(X)) + Ofs))) 49 50 51/* StructAfter<T>(X) returns the struct T& that is placed after X. 52 * Works with X of variable size also. */ 53template<typename Type, typename TObject> 54inline const Type& StructAfter(const TObject &X) 55{ 56 return * reinterpret_cast<const Type*> (ConstCharP (&X) + X.get_size()); 57} 58template<typename Type, typename TObject> 59inline Type& StructAfter(TObject &X) 60{ 61 return * reinterpret_cast<Type*> (CharP (&X) + X.get_size()); 62} 63 64 65/* 66 * Class features 67 */ 68 69 70/* Null objects */ 71 72/* Global nul-content Null pool. Enlarge as necessary. */ 73static const void *_NullPool[32 / sizeof (void *)]; 74 75/* Generic template for nul-content sizeof-sized Null objects. */ 76template <typename Type> 77static inline const Type& Null () { 78 ASSERT_STATIC (sizeof (Type) <= sizeof (_NullPool)); 79 return CONST_CAST (Type, *_NullPool, 0); 80} 81 82/* Specializaiton for arbitrary-content arbitrary-sized Null objects. */ 83#define DEFINE_NULL_DATA(Type, size, data) \ 84static const char _Null##Type[size + 1] = data; \ 85template <> \ 86inline const Type& Null<Type> () { \ 87 return CONST_CAST (Type, *_Null##Type, 0); \ 88} 89 90/* Accessor macro. */ 91#define Null(Type) Null<Type>() 92 93 94/* get_for_data() is a static class method returning a reference to an 95 * instance of Type located at the input data location. It's just a 96 * fancy, NULL-safe, cast! */ 97#define STATIC_DEFINE_GET_FOR_DATA(Type) \ 98 static inline const Type& get_for_data (const char *data) \ 99 { \ 100 if (HB_UNLIKELY (data == NULL)) return Null(Type); \ 101 return CONST_CAST (Type, *data, 0); \ 102 } 103/* Like get_for_data(), but checks major version first. */ 104#define STATIC_DEFINE_GET_FOR_DATA_CHECK_MAJOR_VERSION(Type, MajorMin, MajorMax) \ 105 static inline const Type& get_for_data (const char *data) \ 106 { \ 107 if (HB_UNLIKELY (data == NULL)) return Null(Type); \ 108 const Type& t = CONST_CAST (Type, *data, 0); \ 109 if (HB_UNLIKELY (t.version.major < MajorMin || t.version.major > MajorMax)) return Null(Type); \ 110 return t; \ 111 } 112 113 114/* 115 * Sanitize 116 */ 117 118#ifndef HB_DEBUG_SANITIZE 119#define HB_DEBUG_SANITIZE HB_DEBUG 120#endif 121 122#if HB_DEBUG_SANITIZE 123#include <stdio.h> 124#define TRACE_SANITIZE_ARG_DEF , unsigned int sanitize_depth HB_GNUC_UNUSED 125#define TRACE_SANITIZE_ARG , sanitize_depth + 1 126#define TRACE_SANITIZE_ARG_INIT , 1 127#define TRACE_SANITIZE() \ 128 HB_STMT_START { \ 129 if (sanitize_depth < HB_DEBUG_SANITIZE) \ 130 fprintf (stderr, "SANITIZE(%p) %-*d-> %s\n", \ 131 (ConstCharP (this) == ConstCharP (&NullPool)) ? 0 : this, \ 132 sanitize_depth, sanitize_depth, \ 133 __PRETTY_FUNCTION__); \ 134 } HB_STMT_END 135#else 136#define TRACE_SANITIZE_ARG_DEF 137#define TRACE_SANITIZE_ARG 138#define TRACE_SANITIZE_ARG_INIT 139#define TRACE_SANITIZE() HB_STMT_START {} HB_STMT_END 140#endif 141 142#define SANITIZE_ARG_DEF \ 143 hb_sanitize_context_t *context TRACE_SANITIZE_ARG_DEF 144#define SANITIZE_ARG \ 145 context TRACE_SANITIZE_ARG 146#define SANITIZE_ARG_INIT \ 147 &context TRACE_SANITIZE_ARG_INIT 148 149typedef struct _hb_sanitize_context_t hb_sanitize_context_t; 150struct _hb_sanitize_context_t 151{ 152 const char *start, *end; 153 int edit_count; 154 hb_blob_t *blob; 155}; 156 157static HB_GNUC_UNUSED void 158_hb_sanitize_init (hb_sanitize_context_t *context, 159 hb_blob_t *blob) 160{ 161 context->blob = blob; 162 context->start = hb_blob_lock (blob); 163 context->end = context->start + hb_blob_get_length (blob); 164 context->edit_count = 0; 165 166#if HB_DEBUG_SANITIZE 167 fprintf (stderr, "sanitize %p init [%p..%p] (%u bytes)\n", 168 context->blob, context->start, context->end, context->end - context->start); 169#endif 170} 171 172static HB_GNUC_UNUSED void 173_hb_sanitize_fini (hb_sanitize_context_t *context, 174 bool unlock) 175{ 176#if HB_DEBUG_SANITIZE 177 fprintf (stderr, "sanitize %p fini [%p..%p] %u edit requests\n", 178 context->blob, context->start, context->end, context->edit_count); 179#endif 180 181 if (unlock) 182 hb_blob_unlock (context->blob); 183} 184 185static HB_GNUC_UNUSED inline bool 186_hb_sanitize_check (SANITIZE_ARG_DEF, 187 const char *base, 188 unsigned int len) 189{ 190 bool ret = context->start <= base && 191 base <= context->end && 192 (unsigned int) (context->end - base) >= len; 193 194#if HB_DEBUG_SANITIZE 195 if (sanitize_depth < HB_DEBUG_SANITIZE) \ 196 fprintf (stderr, "SANITIZE(%p) %-*d-> check [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \ 197 base, 198 sanitize_depth, sanitize_depth, 199 base, base+len, len, 200 context->start, context->end, 201 ret ? "pass" : "FAIL"); 202#endif 203 return ret; 204} 205 206static HB_GNUC_UNUSED inline bool 207_hb_sanitize_array (SANITIZE_ARG_DEF, 208 const char *base, 209 unsigned int record_size, 210 unsigned int len) 211{ 212 bool overflows = len >= ((unsigned int) -1) / record_size; 213 214#if HB_DEBUG_SANITIZE 215 if (sanitize_depth < HB_DEBUG_SANITIZE) \ 216 fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n", \ 217 base, 218 sanitize_depth, sanitize_depth, 219 base, base + (record_size * len), record_size, len, (unsigned long) record_size * len, 220 context->start, context->end, 221 !overflows ? "does not overflow" : "OVERFLOWS FAIL"); 222#endif 223 return HB_LIKELY (!overflows) && _hb_sanitize_check (SANITIZE_ARG, base, record_size * len); 224} 225 226static HB_GNUC_UNUSED inline bool 227_hb_sanitize_edit (SANITIZE_ARG_DEF, 228 const char *base HB_GNUC_UNUSED, 229 unsigned int len HB_GNUC_UNUSED) 230{ 231 bool perm = hb_blob_try_writable_inplace (context->blob); 232 context->edit_count++; 233 234#if HB_DEBUG_SANITIZE 235 fprintf (stderr, "SANITIZE(%p) %-*d-> edit(%u) [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \ 236 base, 237 sanitize_depth, sanitize_depth, 238 context->edit_count, 239 base, base+len, len, 240 context->start, context->end, 241 perm ? "granted" : "REJECTED"); 242#endif 243 return perm; 244} 245 246#define SANITIZE(X) HB_LIKELY ((X).sanitize (SANITIZE_ARG)) 247#define SANITIZE2(X,Y) (SANITIZE (X) && SANITIZE (Y)) 248 249#define SANITIZE_THIS(X) HB_LIKELY ((X).sanitize (SANITIZE_ARG, ConstCharP(this))) 250#define SANITIZE_THIS2(X,Y) (SANITIZE_THIS (X) && SANITIZE_THIS (Y)) 251#define SANITIZE_THIS3(X,Y,Z) (SANITIZE_THIS (X) && SANITIZE_THIS (Y) && SANITIZE_THIS(Z)) 252 253#define SANITIZE_BASE(X,B) HB_LIKELY ((X).sanitize (SANITIZE_ARG, B)) 254#define SANITIZE_BASE2(X,Y,B) (SANITIZE_BASE (X,B) && SANITIZE_BASE (Y,B)) 255 256#define SANITIZE_SELF() SANITIZE_OBJ (*this) 257#define SANITIZE_OBJ(X) SANITIZE_MEM(&(X), sizeof (X)) 258#define SANITIZE_GET_SIZE() SANITIZE_SELF() && SANITIZE_MEM (this, this->get_size ()) 259 260#define SANITIZE_MEM(B,L) HB_LIKELY (_hb_sanitize_check (SANITIZE_ARG, ConstCharP(B), (L))) 261 262#define SANITIZE_ARRAY(A,S,L) HB_LIKELY (_hb_sanitize_array (SANITIZE_ARG, ConstCharP(A), S, L)) 263 264#define NEUTER(Var, Val) \ 265 (SANITIZE_OBJ (Var) && \ 266 _hb_sanitize_edit (SANITIZE_ARG, ConstCharP(&(Var)), sizeof (Var)) && \ 267 ((Var).set (Val), true)) 268 269 270/* Template to sanitize an object. */ 271template <typename Type> 272struct Sanitizer 273{ 274 static hb_blob_t *sanitize (hb_blob_t *blob) { 275 hb_sanitize_context_t context; 276 bool sane; 277 278 /* TODO is_sane() stuff */ 279 280 retry: 281#if HB_DEBUG_SANITIZE 282 fprintf (stderr, "Sanitizer %p start %s\n", blob, __PRETTY_FUNCTION__); 283#endif 284 285 _hb_sanitize_init (&context, blob); 286 287 Type *t = &CAST (Type, *DeConstCharP(context.start), 0); 288 289 sane = t->sanitize (SANITIZE_ARG_INIT); 290 if (sane) { 291 if (context.edit_count) { 292#if HB_DEBUG_SANITIZE 293 fprintf (stderr, "Sanitizer %p passed first round with %d edits; going a second round %s\n", 294 blob, context.edit_count, __PRETTY_FUNCTION__); 295#endif 296 /* sanitize again to ensure no toe-stepping */ 297 context.edit_count = 0; 298 sane = t->sanitize (SANITIZE_ARG_INIT); 299 if (context.edit_count) { 300#if HB_DEBUG_SANITIZE 301 fprintf (stderr, "Sanitizer %p requested %d edits in second round; FAILLING %s\n", 302 blob, context.edit_count, __PRETTY_FUNCTION__); 303#endif 304 sane = false; 305 } 306 } 307 _hb_sanitize_fini (&context, true); 308 } else { 309 unsigned int edit_count = context.edit_count; 310 _hb_sanitize_fini (&context, true); 311 if (edit_count && !hb_blob_is_writable (blob) && hb_blob_try_writable (blob)) { 312 /* ok, we made it writable by relocating. try again */ 313#if HB_DEBUG_SANITIZE 314 fprintf (stderr, "Sanitizer %p retry %s\n", blob, __PRETTY_FUNCTION__); 315#endif 316 goto retry; 317 } 318 } 319 320#if HB_DEBUG_SANITIZE 321 fprintf (stderr, "Sanitizer %p %s %s\n", blob, sane ? "passed" : "FAILED", __PRETTY_FUNCTION__); 322#endif 323 if (sane) 324 return blob; 325 else { 326 hb_blob_destroy (blob); 327 return hb_blob_create_empty (); 328 } 329 } 330 331 static const Type& lock_instance (hb_blob_t *blob) { 332 return Type::get_for_data (hb_blob_lock (blob)); 333 } 334}; 335 336 337/* 338 * 339 * The OpenType Font File: Data Types 340 */ 341 342 343/* "The following data types are used in the OpenType font file. 344 * All OpenType fonts use Motorola-style byte ordering (Big Endian):" */ 345 346/* 347 * Int types 348 */ 349 350 351template <typename Type, int Bytes> class BEInt; 352 353template <typename Type> 354class BEInt<Type, 2> 355{ 356 public: 357 inline class BEInt<Type,2>& operator = (Type i) { hb_be_uint16_put (v,i); return *this; } 358 inline operator Type () const { return hb_be_uint16_get (v); } 359 inline bool operator == (const BEInt<Type, 2>& o) const { return hb_be_uint16_cmp (v, o.v); } 360 inline bool operator != (const BEInt<Type, 2>& o) const { return !(*this == o); } 361 private: uint8_t v[2]; 362}; 363template <typename Type> 364class BEInt<Type, 4> 365{ 366 public: 367 inline class BEInt<Type,4>& operator = (Type i) { hb_be_uint32_put (v,i); return *this; } 368 inline operator Type () const { return hb_be_uint32_get (v); } 369 inline bool operator == (const BEInt<Type, 4>& o) const { return hb_be_uint32_cmp (v, o.v); } 370 inline bool operator != (const BEInt<Type, 4>& o) const { return !(*this == o); } 371 private: uint8_t v[4]; 372}; 373 374template <typename Type> 375struct IntType 376{ 377 static inline unsigned int get_size () { return sizeof (Type); } 378 inline void set (Type i) { v = i; } 379 inline operator Type(void) const { return v; } 380 inline bool operator == (const IntType<Type> &o) const { return v == o.v; } 381 inline bool operator != (const IntType<Type> &o) const { return v != o.v; } 382 inline bool sanitize (SANITIZE_ARG_DEF) { 383 TRACE_SANITIZE (); 384 return SANITIZE_SELF (); 385 } 386 private: BEInt<Type, sizeof (Type)> v; 387}; 388 389typedef IntType<uint16_t> USHORT; /* 16-bit unsigned integer. */ 390typedef IntType<int16_t> SHORT; /* 16-bit signed integer. */ 391typedef IntType<uint32_t> ULONG; /* 32-bit unsigned integer. */ 392typedef IntType<int32_t> LONG; /* 32-bit signed integer. */ 393 394ASSERT_SIZE (USHORT, 2); 395ASSERT_SIZE (SHORT, 2); 396ASSERT_SIZE (ULONG, 4); 397ASSERT_SIZE (LONG, 4); 398 399/* Array of four uint8s (length = 32 bits) used to identify a script, language 400 * system, feature, or baseline */ 401struct Tag : ULONG 402{ 403 /* What the char* converters return is NOT nul-terminated. Print using "%.4s" */ 404 inline operator const char* (void) const { return ConstCharP(this); } 405 inline operator char* (void) { return CharP(this); } 406 407 inline bool sanitize (SANITIZE_ARG_DEF) { 408 TRACE_SANITIZE (); 409 /* Note: Only accept ASCII-visible tags (mind DEL) 410 * This is one of the few places (only place?) that we check 411 * for data integrity, as opposed to just boundary checks. 412 */ 413 return SANITIZE_SELF () && (((uint32_t) *this) & 0x80808080) == 0; 414 } 415}; 416ASSERT_SIZE (Tag, 4); 417DEFINE_NULL_DATA (Tag, 4, " "); 418 419/* Glyph index number, same as uint16 (length = 16 bits) */ 420typedef USHORT GlyphID; 421 422/* Offset to a table, same as uint16 (length = 16 bits), Null offset = 0x0000 */ 423typedef USHORT Offset; 424 425/* LongOffset to a table, same as uint32 (length = 32 bits), Null offset = 0x00000000 */ 426typedef ULONG LongOffset; 427 428 429/* CheckSum */ 430struct CheckSum : ULONG 431{ 432 static uint32_t CalcTableChecksum (ULONG *Table, uint32_t Length) 433 { 434 uint32_t Sum = 0L; 435 ULONG *EndPtr = Table+((Length+3) & ~3) / ULONG::get_size (); 436 437 while (Table < EndPtr) 438 Sum += *Table++; 439 return Sum; 440 } 441}; 442ASSERT_SIZE (CheckSum, 4); 443 444 445/* 446 * Version Numbers 447 */ 448 449struct FixedVersion 450{ 451 inline operator uint32_t (void) const { return (major << 16) + minor; } 452 453 inline bool sanitize (SANITIZE_ARG_DEF) { 454 TRACE_SANITIZE (); 455 return SANITIZE_SELF (); 456 } 457 458 USHORT major; 459 USHORT minor; 460}; 461ASSERT_SIZE (FixedVersion, 4); 462 463 464 465/* 466 * Template subclasses of Offset and LongOffset that do the dereferencing. 467 * Use: (this+memberName) 468 */ 469 470template <typename OffsetType, typename Type> 471struct GenericOffsetTo : OffsetType 472{ 473 inline const Type& operator () (const void *base) const 474 { 475 unsigned int offset = *this; 476 if (HB_UNLIKELY (!offset)) return Null(Type); 477 return CONST_CAST(Type, *ConstCharP(base), offset); 478 } 479 480 inline bool sanitize (SANITIZE_ARG_DEF, const void *base) { 481 TRACE_SANITIZE (); 482 if (!SANITIZE_SELF ()) return false; 483 unsigned int offset = *this; 484 if (HB_UNLIKELY (!offset)) return true; 485 return SANITIZE (CAST(Type, *DeConstCharP(base), offset)) || NEUTER (DECONST_CAST(OffsetType,*this,0), 0); 486 } 487 inline bool sanitize (SANITIZE_ARG_DEF, const void *base, const void *base2) { 488 TRACE_SANITIZE (); 489 if (!SANITIZE_SELF ()) return false; 490 unsigned int offset = *this; 491 if (HB_UNLIKELY (!offset)) return true; 492 return SANITIZE_BASE (CAST(Type, *DeConstCharP(base), offset), base2) || NEUTER (DECONST_CAST(OffsetType,*this,0), 0); 493 } 494 inline bool sanitize (SANITIZE_ARG_DEF, const void *base, unsigned int user_data) { 495 TRACE_SANITIZE (); 496 if (!SANITIZE_SELF ()) return false; 497 unsigned int offset = *this; 498 if (HB_UNLIKELY (!offset)) return true; 499 return SANITIZE_BASE (CAST(Type, *DeConstCharP(base), offset), user_data) || NEUTER (DECONST_CAST(OffsetType,*this,0), 0); 500 } 501}; 502template <typename Base, typename OffsetType, typename Type> 503inline const Type& operator + (const Base &base, GenericOffsetTo<OffsetType, Type> offset) { return offset (base); } 504 505template <typename Type> 506struct OffsetTo : GenericOffsetTo<Offset, Type> {}; 507 508template <typename Type> 509struct LongOffsetTo : GenericOffsetTo<LongOffset, Type> {}; 510 511 512/* 513 * Array Types 514 */ 515 516template <typename LenType, typename Type> 517struct GenericArrayOf 518{ 519 const Type *array(void) const { return &StructAfter<Type> (len); } 520 Type *array(void) { return &StructAfter<Type> (len); } 521 522 const Type *const_sub_array (unsigned int start_offset, unsigned int *pcount /* IN/OUT */) const 523 { 524 unsigned int count = len; 525 if (HB_UNLIKELY (start_offset > count)) 526 count = 0; 527 else 528 count -= start_offset; 529 count = MIN (count, *pcount); 530 *pcount = count; 531 return array() + start_offset; 532 } 533 534 inline const Type& operator [] (unsigned int i) const 535 { 536 if (HB_UNLIKELY (i >= len)) return Null(Type); 537 return array()[i]; 538 } 539 inline unsigned int get_size () const 540 { return len.get_size () + len * Type::get_size (); } 541 542 inline bool sanitize (SANITIZE_ARG_DEF) { 543 TRACE_SANITIZE (); 544 if (!SANITIZE_GET_SIZE()) return false; 545 /* Note: for structs that do not reference other structs, 546 * we do not need to call their sanitize() as we already did 547 * a bound check on the aggregate array size, hence the return. 548 */ 549 return true; 550 /* We do keep this code though to make sure the structs pointed 551 * to do have a simple sanitize(), ie. they do not reference 552 * other structs. */ 553 unsigned int count = len; 554 for (unsigned int i = 0; i < count; i++) 555 if (!SANITIZE (array()[i])) 556 return false; 557 return true; 558 } 559 inline bool sanitize (SANITIZE_ARG_DEF, const void *base) { 560 TRACE_SANITIZE (); 561 if (!SANITIZE_GET_SIZE()) return false; 562 unsigned int count = len; 563 for (unsigned int i = 0; i < count; i++) 564 if (!array()[i].sanitize (SANITIZE_ARG, base)) 565 return false; 566 return true; 567 } 568 inline bool sanitize (SANITIZE_ARG_DEF, const void *base, const void *base2) { 569 TRACE_SANITIZE (); 570 if (!SANITIZE_GET_SIZE()) return false; 571 unsigned int count = len; 572 for (unsigned int i = 0; i < count; i++) 573 if (!array()[i].sanitize (SANITIZE_ARG, base, base2)) 574 return false; 575 return true; 576 } 577 inline bool sanitize (SANITIZE_ARG_DEF, const void *base, unsigned int user_data) { 578 TRACE_SANITIZE (); 579 if (!SANITIZE_GET_SIZE()) return false; 580 unsigned int count = len; 581 for (unsigned int i = 0; i < count; i++) 582 if (!array()[i].sanitize (SANITIZE_ARG, base, user_data)) 583 return false; 584 return true; 585 } 586 587 LenType len; 588/*Type array[VAR];*/ 589}; 590 591/* An array with a USHORT number of elements. */ 592template <typename Type> 593struct ArrayOf : GenericArrayOf<USHORT, Type> {}; 594 595/* An array with a ULONG number of elements. */ 596template <typename Type> 597struct LongArrayOf : GenericArrayOf<ULONG, Type> {}; 598 599/* Array of Offset's */ 600template <typename Type> 601struct OffsetArrayOf : ArrayOf<OffsetTo<Type> > {}; 602 603/* Array of LongOffset's */ 604template <typename Type> 605struct LongOffsetArrayOf : ArrayOf<LongOffsetTo<Type> > {}; 606 607/* LongArray of LongOffset's */ 608template <typename Type> 609struct LongOffsetLongArrayOf : LongArrayOf<LongOffsetTo<Type> > {}; 610 611/* Array of offsets relative to the beginning of the array itself. */ 612template <typename Type> 613struct OffsetListOf : OffsetArrayOf<Type> 614{ 615 inline const Type& operator [] (unsigned int i) const 616 { 617 if (HB_UNLIKELY (i >= this->len)) return Null(Type); 618 return this+this->array()[i]; 619 } 620 621 inline bool sanitize (SANITIZE_ARG_DEF) { 622 TRACE_SANITIZE (); 623 return OffsetArrayOf<Type>::sanitize (SANITIZE_ARG, ConstCharP(this)); 624 } 625 inline bool sanitize (SANITIZE_ARG_DEF, unsigned int user_data) { 626 TRACE_SANITIZE (); 627 return OffsetArrayOf<Type>::sanitize (SANITIZE_ARG, ConstCharP(this), user_data); 628 } 629}; 630 631 632/* An array with a USHORT number of elements, 633 * starting at second element. */ 634template <typename Type> 635struct HeadlessArrayOf 636{ 637 const Type *array(void) const { return &StructAfter<Type> (len); } 638 Type *array(void) { return &StructAfter<Type> (len); } 639 640 inline const Type& operator [] (unsigned int i) const 641 { 642 if (HB_UNLIKELY (i >= len || !i)) return Null(Type); 643 return array()[i-1]; 644 } 645 inline unsigned int get_size () const 646 { return len.get_size () + (len ? len - 1 : 0) * Type::get_size (); } 647 648 inline bool sanitize (SANITIZE_ARG_DEF) { 649 TRACE_SANITIZE (); 650 if (!SANITIZE_GET_SIZE()) return false; 651 /* Note: for structs that do not reference other structs, 652 * we do not need to call their sanitize() as we already did 653 * a bound check on the aggregate array size, hence the return. 654 */ 655 return true; 656 /* We do keep this code though to make sure the structs pointed 657 * to do have a simple sanitize(), ie. they do not reference 658 * other structs. */ 659 unsigned int count = len ? len - 1 : 0; 660 Type *a = array(); 661 for (unsigned int i = 0; i < count; i++) 662 if (!SANITIZE (a[i])) 663 return false; 664 return true; 665 } 666 667 USHORT len; 668/*Type array[VAR];*/ 669}; 670 671 672#endif /* HB_OPEN_TYPE_PRIVATE_HH */ 673