hb-open-type-private.hh revision bc200457430c083914a64bf4b056153506749610
1/* 2 * Copyright (C) 2007,2008,2009,2010 Red Hat, Inc. 3 * 4 * This is part of HarfBuzz, a text shaping library. 5 * 6 * Permission is hereby granted, without written agreement and without 7 * license or royalty fees, to use, copy, modify, and distribute this 8 * software and its documentation for any purpose, provided that the 9 * above copyright notice and the following two paragraphs appear in 10 * all copies of this software. 11 * 12 * IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR 13 * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES 14 * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN 15 * IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH 16 * DAMAGE. 17 * 18 * THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, 19 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND 20 * FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS 21 * ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO 22 * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. 23 * 24 * Red Hat Author(s): Behdad Esfahbod 25 */ 26 27#ifndef HB_OPEN_TYPES_PRIVATE_HH 28#define HB_OPEN_TYPES_PRIVATE_HH 29 30#include "hb-private.h" 31 32#include "hb-blob.h" 33 34 35/* Table/script/language-system/feature/... not found */ 36#define NO_INDEX ((unsigned int) 0xFFFF) 37 38 39 40/* 41 * Casts 42 */ 43 44/* Cast to "const char *" and "char *" */ 45template <typename Type> 46inline const char * CharP (const Type* X) 47{ return reinterpret_cast<const char *>(X); } 48template <typename Type> 49inline char * CharP (Type* X) 50{ return reinterpret_cast<char *>(X); } 51 52/* Cast to struct T, reference to reference */ 53template<typename Type, typename TObject> 54inline const Type& CastR(const TObject &X) 55{ return reinterpret_cast<const Type&> (X); } 56template<typename Type, typename TObject> 57inline Type& CastR(TObject &X) 58{ return reinterpret_cast<Type&> (X); } 59 60/* Cast to struct T, pointer to pointer */ 61template<typename Type, typename TObject> 62inline const Type* CastP(const TObject *X) 63{ return reinterpret_cast<const Type*> (X); } 64template<typename Type, typename TObject> 65inline Type* CastP(TObject *X) 66{ return reinterpret_cast<Type*> (X); } 67 68/* StructAtOffset<T>(X,Ofs) returns the struct T& that is placed at memory 69 * location of X plus Ofs bytes. */ 70template<typename Type, typename TObject> 71inline const Type& StructAtOffset(const TObject &X, unsigned int offset) 72{ return * reinterpret_cast<const Type*> (CharP(&X) + offset); } 73template<typename Type, typename TObject> 74inline Type& StructAtOffset(TObject &X, unsigned int offset) 75{ return * reinterpret_cast<Type*> (CharP(&X) + offset); } 76 77/* StructAfter<T>(X) returns the struct T& that is placed after X. 78 * Works with X of variable size also. X must implement get_size() */ 79template<typename Type, typename TObject> 80inline const Type& StructAfter(const TObject &X) 81{ return StructAtOffset<Type>(X, X.get_size()); } 82template<typename Type, typename TObject> 83inline Type& StructAfter(TObject &X) 84{ return StructAtOffset<Type>(X, X.get_size()); } 85 86 87 88/* 89 * Class features 90 */ 91 92 93/* Null objects */ 94 95/* Global nul-content Null pool. Enlarge as necessary. */ 96static const void *_NullPool[32 / sizeof (void *)]; 97 98/* Generic template for nul-content sizeof-sized Null objects. */ 99template <typename Type> 100static inline const Type& Null () { 101 ASSERT_STATIC (sizeof (Type) <= sizeof (_NullPool)); 102 return *CastP<Type> (_NullPool); 103} 104 105/* Specializaiton for arbitrary-content arbitrary-sized Null objects. */ 106#define DEFINE_NULL_DATA(Type, size, data) \ 107static const char _Null##Type[size + 1] = data; /* +1 is for nul-termination in data */ \ 108template <> \ 109inline const Type& Null<Type> () { \ 110 return *CastP<Type> (_Null##Type); \ 111} /* The following line really exists such that we end in a place needing semicolon */ \ 112ASSERT_STATIC (sizeof (Type) + 1 <= sizeof (_Null##Type)) 113 114/* Accessor macro. */ 115#define Null(Type) Null<Type>() 116 117 118 119/* 120 * Sanitize 121 */ 122 123#ifndef HB_DEBUG_SANITIZE 124#define HB_DEBUG_SANITIZE HB_DEBUG+0 125#endif 126 127#define TRACE_SANITIZE() \ 128 HB_STMT_START { \ 129 if (HB_DEBUG_SANITIZE) \ 130 _hb_trace ("SANITIZE", __PRETTY_FUNCTION__, this, sanitize_depth, HB_DEBUG_SANITIZE); \ 131 } HB_STMT_END 132 133 134#define SANITIZE_ARG_DEF \ 135 hb_sanitize_context_t *context, \ 136 unsigned int sanitize_depth HB_GNUC_UNUSED 137#define SANITIZE_ARG \ 138 context, \ 139 (HB_DEBUG_SANITIZE ? sanitize_depth + 1 : 0) 140#define SANITIZE_ARG_INIT \ 141 &context, \ 142 1 143 144typedef struct _hb_sanitize_context_t hb_sanitize_context_t; 145struct _hb_sanitize_context_t 146{ 147 const char *start, *end; 148 hb_bool_t writable; 149 unsigned int edit_count; 150}; 151 152static HB_GNUC_UNUSED void 153_hb_sanitize_init (hb_sanitize_context_t *context, 154 hb_blob_t *blob) 155{ 156 context->start = hb_blob_lock (blob); 157 context->end = context->start + hb_blob_get_length (blob); 158 context->writable = hb_blob_is_writable (blob); 159 context->edit_count = 0; 160 161#if HB_DEBUG_SANITIZE 162 fprintf (stderr, "sanitize %p init [%p..%p] (%u bytes)\n", 163 blob, context->start, context->end, context->end - context->start); 164#endif 165} 166 167static HB_GNUC_UNUSED void 168_hb_sanitize_fini (hb_sanitize_context_t *context HB_GNUC_UNUSED, 169 hb_blob_t *blob) 170{ 171#if HB_DEBUG_SANITIZE 172 fprintf (stderr, "sanitize %p fini [%p..%p] %u edit requests\n", 173 blob, context->start, context->end, context->edit_count); 174#endif 175 176 hb_blob_unlock (blob); 177} 178 179static HB_GNUC_UNUSED inline bool 180_hb_sanitize_check (SANITIZE_ARG_DEF, 181 const char *base, 182 unsigned int len) 183{ 184 bool ret = context->start <= base && 185 base <= context->end && 186 (unsigned int) (context->end - base) >= len; 187 188#if HB_DEBUG_SANITIZE 189 if (sanitize_depth < HB_DEBUG_SANITIZE) \ 190 fprintf (stderr, "SANITIZE(%p) %-*d-> check [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \ 191 base, 192 sanitize_depth, sanitize_depth, 193 base, base+len, len, 194 context->start, context->end, 195 ret ? "pass" : "FAIL"); 196#endif 197 return ret; 198} 199 200static HB_GNUC_UNUSED inline bool 201_hb_sanitize_array (SANITIZE_ARG_DEF, 202 const char *base, 203 unsigned int record_size, 204 unsigned int len) 205{ 206 bool overflows = len >= ((unsigned int) -1) / record_size; 207 208#if HB_DEBUG_SANITIZE 209 if (sanitize_depth < HB_DEBUG_SANITIZE) \ 210 fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n", \ 211 base, 212 sanitize_depth, sanitize_depth, 213 base, base + (record_size * len), record_size, len, (unsigned long) record_size * len, 214 context->start, context->end, 215 !overflows ? "does not overflow" : "OVERFLOWS FAIL"); 216#endif 217 218 return HB_LIKELY (!overflows) && _hb_sanitize_check (SANITIZE_ARG, base, record_size * len); 219} 220 221static HB_GNUC_UNUSED inline bool 222_hb_sanitize_edit (SANITIZE_ARG_DEF, 223 const char *base HB_GNUC_UNUSED, 224 unsigned int len HB_GNUC_UNUSED) 225{ 226 context->edit_count++; 227 228#if HB_DEBUG_SANITIZE 229 fprintf (stderr, "SANITIZE(%p) %-*d-> edit(%u) [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \ 230 base, 231 sanitize_depth, sanitize_depth, 232 context->edit_count, 233 base, base+len, len, 234 context->start, context->end, 235 context->writable ? "granted" : "REJECTED"); 236#endif 237 238 return context->writable; 239} 240 241#define SANITIZE(X) HB_LIKELY ((X).sanitize (SANITIZE_ARG)) 242#define SANITIZE2(X,Y) (SANITIZE (X) && SANITIZE (Y)) 243 244#define SANITIZE_THIS(X) HB_LIKELY ((X).sanitize (SANITIZE_ARG, CharP(this))) 245#define SANITIZE_THIS2(X,Y) (SANITIZE_THIS (X) && SANITIZE_THIS (Y)) 246#define SANITIZE_THIS3(X,Y,Z) (SANITIZE_THIS (X) && SANITIZE_THIS (Y) && SANITIZE_THIS(Z)) 247 248#define SANITIZE_BASE(X,B) HB_LIKELY ((X).sanitize (SANITIZE_ARG, B)) 249#define SANITIZE_BASE2(X,Y,B) (SANITIZE_BASE (X,B) && SANITIZE_BASE (Y,B)) 250 251#define SANITIZE_SELF() SANITIZE_OBJ (*this) 252#define SANITIZE_OBJ(X) SANITIZE_MEM(&(X), sizeof (X)) 253 254#define SANITIZE_MEM(B,L) HB_LIKELY (_hb_sanitize_check (SANITIZE_ARG, CharP(B), (L))) 255 256#define SANITIZE_ARRAY(A,S,L) HB_LIKELY (_hb_sanitize_array (SANITIZE_ARG, CharP(A), S, L)) 257 258#define NEUTER(Obj, Val) \ 259 (SANITIZE_OBJ (Obj) && \ 260 _hb_sanitize_edit (SANITIZE_ARG, CharP(&(Obj)), (Obj).get_size ()) && \ 261 ((Obj).set (Val), true)) 262 263 264/* Template to sanitize an object. */ 265template <typename Type> 266struct Sanitizer 267{ 268 static hb_blob_t *sanitize (hb_blob_t *blob) { 269 hb_sanitize_context_t context; 270 bool sane; 271 272 /* TODO is_sane() stuff */ 273 274 retry: 275#if HB_DEBUG_SANITIZE 276 fprintf (stderr, "Sanitizer %p start %s\n", blob, __PRETTY_FUNCTION__); 277#endif 278 279 _hb_sanitize_init (&context, blob); 280 281 /* Note: We drop const here */ 282 Type *t = CastP<Type> ((void *) context.start); 283 284 sane = t->sanitize (SANITIZE_ARG_INIT); 285 if (sane) { 286 if (context.edit_count) { 287#if HB_DEBUG_SANITIZE 288 fprintf (stderr, "Sanitizer %p passed first round with %d edits; doing a second round %s\n", 289 blob, context.edit_count, __PRETTY_FUNCTION__); 290#endif 291 /* sanitize again to ensure no toe-stepping */ 292 context.edit_count = 0; 293 sane = t->sanitize (SANITIZE_ARG_INIT); 294 if (context.edit_count) { 295#if HB_DEBUG_SANITIZE 296 fprintf (stderr, "Sanitizer %p requested %d edits in second round; FAILLING %s\n", 297 blob, context.edit_count, __PRETTY_FUNCTION__); 298#endif 299 sane = false; 300 } 301 } 302 _hb_sanitize_fini (&context, blob); 303 } else { 304 unsigned int edit_count = context.edit_count; 305 _hb_sanitize_fini (&context, blob); 306 if (edit_count && !hb_blob_is_writable (blob) && hb_blob_try_writable (blob)) { 307 /* ok, we made it writable by relocating. try again */ 308#if HB_DEBUG_SANITIZE 309 fprintf (stderr, "Sanitizer %p retry %s\n", blob, __PRETTY_FUNCTION__); 310#endif 311 goto retry; 312 } 313 } 314 315#if HB_DEBUG_SANITIZE 316 fprintf (stderr, "Sanitizer %p %s %s\n", blob, sane ? "passed" : "FAILED", __PRETTY_FUNCTION__); 317#endif 318 if (sane) 319 return blob; 320 else { 321 hb_blob_destroy (blob); 322 return hb_blob_create_empty (); 323 } 324 } 325}; 326 327 328/* 329 * 330 * The OpenType Font File: Data Types 331 */ 332 333 334/* "The following data types are used in the OpenType font file. 335 * All OpenType fonts use Motorola-style byte ordering (Big Endian):" */ 336 337/* 338 * Int types 339 */ 340 341 342template <typename Type, int Bytes> class BEInt; 343 344/* LONGTERMTODO: On machines allowing unaligned access, we can make the 345 * following tighter by using byteswap instructions on ints directly. */ 346template <typename Type> 347class BEInt<Type, 2> 348{ 349 public: 350 inline class BEInt<Type,2>& operator = (Type i) { hb_be_uint16_put (v,i); return *this; } 351 inline operator Type () const { return hb_be_uint16_get (v); } 352 inline bool operator == (const BEInt<Type, 2>& o) const { return hb_be_uint16_cmp (v, o.v); } 353 inline bool operator != (const BEInt<Type, 2>& o) const { return !(*this == o); } 354 private: uint8_t v[2]; 355}; 356template <typename Type> 357class BEInt<Type, 4> 358{ 359 public: 360 inline class BEInt<Type,4>& operator = (Type i) { hb_be_uint32_put (v,i); return *this; } 361 inline operator Type () const { return hb_be_uint32_get (v); } 362 inline bool operator == (const BEInt<Type, 4>& o) const { return hb_be_uint32_cmp (v, o.v); } 363 inline bool operator != (const BEInt<Type, 4>& o) const { return !(*this == o); } 364 private: uint8_t v[4]; 365}; 366 367/* Integer types in big-endian order and no alignment requirement */ 368template <typename Type> 369struct IntType 370{ 371 static inline unsigned int get_size () { return sizeof (Type); } 372 inline void set (Type i) { v = i; } 373 inline operator Type(void) const { return v; } 374 inline bool operator == (const IntType<Type> &o) const { return v == o.v; } 375 inline bool operator != (const IntType<Type> &o) const { return v != o.v; } 376 inline bool sanitize (SANITIZE_ARG_DEF) { 377 TRACE_SANITIZE (); 378 return SANITIZE_SELF (); 379 } 380 private: BEInt<Type, sizeof (Type)> v; 381}; 382 383typedef IntType<uint16_t> USHORT; /* 16-bit unsigned integer. */ 384typedef IntType<int16_t> SHORT; /* 16-bit signed integer. */ 385typedef IntType<uint32_t> ULONG; /* 32-bit unsigned integer. */ 386typedef IntType<int32_t> LONG; /* 32-bit signed integer. */ 387 388ASSERT_SIZE (USHORT, 2); 389ASSERT_SIZE (SHORT, 2); 390ASSERT_SIZE (ULONG, 4); 391ASSERT_SIZE (LONG, 4); 392 393/* Array of four uint8s (length = 32 bits) used to identify a script, language 394 * system, feature, or baseline */ 395struct Tag : ULONG 396{ 397 /* What the char* converters return is NOT nul-terminated. Print using "%.4s" */ 398 inline operator const char* (void) const { return CharP(this); } 399 inline operator char* (void) { return CharP(this); } 400}; 401ASSERT_SIZE (Tag, 4); 402DEFINE_NULL_DATA (Tag, 4, " "); 403 404/* Glyph index number, same as uint16 (length = 16 bits) */ 405typedef USHORT GlyphID; 406 407/* Offset to a table, same as uint16 (length = 16 bits), Null offset = 0x0000 */ 408typedef USHORT Offset; 409 410/* LongOffset to a table, same as uint32 (length = 32 bits), Null offset = 0x00000000 */ 411typedef ULONG LongOffset; 412 413 414/* CheckSum */ 415struct CheckSum : ULONG 416{ 417 static uint32_t CalcTableChecksum (ULONG *Table, uint32_t Length) 418 { 419 uint32_t Sum = 0L; 420 ULONG *EndPtr = Table+((Length+3) & ~3) / ULONG::get_size (); 421 422 while (Table < EndPtr) 423 Sum += *Table++; 424 return Sum; 425 } 426}; 427ASSERT_SIZE (CheckSum, 4); 428 429 430/* 431 * Version Numbers 432 */ 433 434struct FixedVersion 435{ 436 inline operator uint32_t (void) const { return (major << 16) + minor; } 437 438 inline bool sanitize (SANITIZE_ARG_DEF) { 439 TRACE_SANITIZE (); 440 return SANITIZE_SELF (); 441 } 442 443 USHORT major; 444 USHORT minor; 445}; 446ASSERT_SIZE (FixedVersion, 4); 447 448 449 450/* 451 * Template subclasses of Offset and LongOffset that do the dereferencing. 452 * Use: (this+memberName) 453 */ 454 455template <typename OffsetType, typename Type> 456struct GenericOffsetTo : OffsetType 457{ 458 inline const Type& operator () (const void *base) const 459 { 460 unsigned int offset = *this; 461 if (HB_UNLIKELY (!offset)) return Null(Type); 462 return StructAtOffset<Type> (*CharP(base), offset); 463 } 464 465 inline bool sanitize (SANITIZE_ARG_DEF, void *base) { 466 TRACE_SANITIZE (); 467 if (!SANITIZE_SELF ()) return false; 468 unsigned int offset = *this; 469 if (HB_UNLIKELY (!offset)) return true; 470 return SANITIZE (StructAtOffset<Type> (*CharP(base), offset)) || NEUTER (*this, 0); 471 } 472 inline bool sanitize (SANITIZE_ARG_DEF, void *base, void *base2) { 473 TRACE_SANITIZE (); 474 if (!SANITIZE_SELF ()) return false; 475 unsigned int offset = *this; 476 if (HB_UNLIKELY (!offset)) return true; 477 return SANITIZE_BASE (StructAtOffset<Type> (*CharP(base), offset), base2) || NEUTER (*this, 0); 478 } 479 inline bool sanitize (SANITIZE_ARG_DEF, void *base, unsigned int user_data) { 480 TRACE_SANITIZE (); 481 if (!SANITIZE_SELF ()) return false; 482 unsigned int offset = *this; 483 if (HB_UNLIKELY (!offset)) return true; 484 return SANITIZE_BASE (StructAtOffset<Type> (*CharP(base), offset), user_data) || NEUTER (*this, 0); 485 } 486}; 487template <typename Base, typename OffsetType, typename Type> 488inline const Type& operator + (const Base &base, GenericOffsetTo<OffsetType, Type> offset) { return offset (base); } 489 490template <typename Type> 491struct OffsetTo : GenericOffsetTo<Offset, Type> {}; 492 493template <typename Type> 494struct LongOffsetTo : GenericOffsetTo<LongOffset, Type> {}; 495 496 497/* 498 * Array Types 499 */ 500 501template <typename LenType, typename Type> 502struct GenericArrayOf 503{ 504 const Type *array(void) const { return &StructAfter<Type> (len); } 505 Type *array(void) { return &StructAfter<Type> (len); } 506 507 const Type *sub_array (unsigned int start_offset, unsigned int *pcount /* IN/OUT */) const 508 { 509 unsigned int count = len; 510 if (HB_UNLIKELY (start_offset > count)) 511 count = 0; 512 else 513 count -= start_offset; 514 count = MIN (count, *pcount); 515 *pcount = count; 516 return array() + start_offset; 517 } 518 519 inline const Type& operator [] (unsigned int i) const 520 { 521 if (HB_UNLIKELY (i >= len)) return Null(Type); 522 return array()[i]; 523 } 524 inline unsigned int get_size () const 525 { return len.get_size () + len * Type::get_size (); } 526 527 inline bool sanitize_shallow (SANITIZE_ARG_DEF) { 528 TRACE_SANITIZE (); 529 return SANITIZE_SELF() && SANITIZE_ARRAY (this, Type::get_size (), len); 530 } 531 532 inline bool sanitize (SANITIZE_ARG_DEF) { 533 TRACE_SANITIZE (); 534 if (!HB_LIKELY (sanitize_shallow (SANITIZE_ARG))) return false; 535 /* Note: for structs that do not reference other structs, 536 * we do not need to call their sanitize() as we already did 537 * a bound check on the aggregate array size, hence the return. 538 */ 539 return true; 540 /* We do keep this code though to make sure the structs pointed 541 * to do have a simple sanitize(), ie. they do not reference 542 * other structs. */ 543 unsigned int count = len; 544 for (unsigned int i = 0; i < count; i++) 545 if (!SANITIZE (array()[i])) 546 return false; 547 return true; 548 } 549 inline bool sanitize (SANITIZE_ARG_DEF, void *base) { 550 TRACE_SANITIZE (); 551 if (!HB_LIKELY (sanitize_shallow (SANITIZE_ARG))) return false; 552 unsigned int count = len; 553 for (unsigned int i = 0; i < count; i++) 554 if (!array()[i].sanitize (SANITIZE_ARG, base)) 555 return false; 556 return true; 557 } 558 inline bool sanitize (SANITIZE_ARG_DEF, void *base, void *base2) { 559 TRACE_SANITIZE (); 560 if (!HB_LIKELY (sanitize_shallow (SANITIZE_ARG))) return false; 561 unsigned int count = len; 562 for (unsigned int i = 0; i < count; i++) 563 if (!array()[i].sanitize (SANITIZE_ARG, base, base2)) 564 return false; 565 return true; 566 } 567 inline bool sanitize (SANITIZE_ARG_DEF, void *base, unsigned int user_data) { 568 TRACE_SANITIZE (); 569 if (!HB_LIKELY (sanitize_shallow (SANITIZE_ARG))) return false; 570 unsigned int count = len; 571 for (unsigned int i = 0; i < count; i++) 572 if (!array()[i].sanitize (SANITIZE_ARG, base, user_data)) 573 return false; 574 return true; 575 } 576 577 LenType len; 578/*Type array[VAR];*/ 579}; 580 581/* An array with a USHORT number of elements. */ 582template <typename Type> 583struct ArrayOf : GenericArrayOf<USHORT, Type> {}; 584 585/* An array with a ULONG number of elements. */ 586template <typename Type> 587struct LongArrayOf : GenericArrayOf<ULONG, Type> {}; 588 589/* Array of Offset's */ 590template <typename Type> 591struct OffsetArrayOf : ArrayOf<OffsetTo<Type> > {}; 592 593/* Array of LongOffset's */ 594template <typename Type> 595struct LongOffsetArrayOf : ArrayOf<LongOffsetTo<Type> > {}; 596 597/* LongArray of LongOffset's */ 598template <typename Type> 599struct LongOffsetLongArrayOf : LongArrayOf<LongOffsetTo<Type> > {}; 600 601/* Array of offsets relative to the beginning of the array itself. */ 602template <typename Type> 603struct OffsetListOf : OffsetArrayOf<Type> 604{ 605 inline const Type& operator [] (unsigned int i) const 606 { 607 if (HB_UNLIKELY (i >= this->len)) return Null(Type); 608 return this+this->array()[i]; 609 } 610 611 inline bool sanitize (SANITIZE_ARG_DEF) { 612 TRACE_SANITIZE (); 613 return OffsetArrayOf<Type>::sanitize (SANITIZE_ARG, CharP(this)); 614 } 615 inline bool sanitize (SANITIZE_ARG_DEF, unsigned int user_data) { 616 TRACE_SANITIZE (); 617 return OffsetArrayOf<Type>::sanitize (SANITIZE_ARG, CharP(this), user_data); 618 } 619}; 620 621 622/* An array with a USHORT number of elements, 623 * starting at second element. */ 624template <typename Type> 625struct HeadlessArrayOf 626{ 627 const Type *array(void) const { return &StructAfter<Type> (len); } 628 Type *array(void) { return &StructAfter<Type> (len); } 629 630 inline const Type& operator [] (unsigned int i) const 631 { 632 if (HB_UNLIKELY (i >= len || !i)) return Null(Type); 633 return array()[i-1]; 634 } 635 inline unsigned int get_size () const 636 { return len.get_size () + (len ? len - 1 : 0) * Type::get_size (); } 637 638 inline bool sanitize_shallow (SANITIZE_ARG_DEF) { 639 TRACE_SANITIZE (); 640 return SANITIZE_SELF() && SANITIZE_ARRAY (this, Type::get_size (), len); 641 } 642 643 inline bool sanitize (SANITIZE_ARG_DEF) { 644 TRACE_SANITIZE (); 645 if (!HB_LIKELY (sanitize_shallow (SANITIZE_ARG))) return false; 646 /* Note: for structs that do not reference other structs, 647 * we do not need to call their sanitize() as we already did 648 * a bound check on the aggregate array size, hence the return. 649 */ 650 return true; 651 /* We do keep this code though to make sure the structs pointed 652 * to do have a simple sanitize(), ie. they do not reference 653 * other structs. */ 654 unsigned int count = len ? len - 1 : 0; 655 Type *a = array(); 656 for (unsigned int i = 0; i < count; i++) 657 if (!SANITIZE (a[i])) 658 return false; 659 return true; 660 } 661 662 USHORT len; 663/*Type array[VAR];*/ 664}; 665 666 667#endif /* HB_OPEN_TYPE_PRIVATE_HH */ 668