hb-open-type-private.hh revision f5fab0c71837371cce32dc3e9edca1ccb8d44e29
1/* 2 * Copyright (C) 2007,2008,2009,2010 Red Hat, Inc. 3 * 4 * This is part of HarfBuzz, a text shaping library. 5 * 6 * Permission is hereby granted, without written agreement and without 7 * license or royalty fees, to use, copy, modify, and distribute this 8 * software and its documentation for any purpose, provided that the 9 * above copyright notice and the following two paragraphs appear in 10 * all copies of this software. 11 * 12 * IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR 13 * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES 14 * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN 15 * IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH 16 * DAMAGE. 17 * 18 * THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, 19 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND 20 * FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS 21 * ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO 22 * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. 23 * 24 * Red Hat Author(s): Behdad Esfahbod 25 */ 26 27#ifndef HB_OPEN_TYPES_PRIVATE_HH 28#define HB_OPEN_TYPES_PRIVATE_HH 29 30#include "hb-private.h" 31 32#include "hb-blob.h" 33 34 35/* Table/script/language-system/feature/... not found */ 36#define NO_INDEX ((unsigned int) 0xFFFF) 37 38 39 40/* 41 * Casts 42 */ 43 44/* Cast to "const char *" and "char *" */ 45template <typename Type> 46inline const char * CharP (const Type* X) 47{ return reinterpret_cast<const char *>(X); } 48template <typename Type> 49inline char * CharP (Type* X) 50{ return reinterpret_cast<char *>(X); } 51 52/* Cast to struct T, reference to reference */ 53template<typename Type, typename TObject> 54inline const Type& CastR(const TObject &X) 55{ return reinterpret_cast<const Type&> (X); } 56template<typename Type, typename TObject> 57inline Type& CastR(TObject &X) 58{ return reinterpret_cast<Type&> (X); } 59 60/* Cast to struct T, pointer to pointer */ 61template<typename Type, typename TObject> 62inline const Type* CastP(const TObject *X) 63{ return reinterpret_cast<const Type*> (X); } 64template<typename Type, typename TObject> 65inline Type* CastP(TObject *X) 66{ return reinterpret_cast<Type*> (X); } 67 68/* StructAtOffset<T>(X,Ofs) returns the struct T& that is placed at memory 69 * location of X plus Ofs bytes. */ 70template<typename Type, typename TObject> 71inline const Type& StructAtOffset(const TObject &X, unsigned int offset) 72{ return * reinterpret_cast<const Type*> (CharP(&X) + offset); } 73template<typename Type, typename TObject> 74inline Type& StructAtOffset(TObject &X, unsigned int offset) 75{ return * reinterpret_cast<Type*> (CharP(&X) + offset); } 76 77/* StructAfter<T>(X) returns the struct T& that is placed after X. 78 * Works with X of variable size also. X must implement get_size() */ 79template<typename Type, typename TObject> 80inline const Type& StructAfter(const TObject &X) 81{ return StructAtOffset<Type>(X, X.get_size()); } 82template<typename Type, typename TObject> 83inline Type& StructAfter(TObject &X) 84{ return StructAtOffset<Type>(X, X.get_size()); } 85 86 87 88/* 89 * Null objects 90 */ 91 92/* Global nul-content Null pool. Enlarge as necessary. */ 93static const void *_NullPool[32 / sizeof (void *)]; 94 95/* Generic template for nul-content sizeof-sized Null objects. */ 96template <typename Type> 97static inline const Type& Null () { 98 ASSERT_STATIC (sizeof (Type) <= sizeof (_NullPool)); 99 return *CastP<Type> (_NullPool); 100} 101 102/* Specializaiton for arbitrary-content arbitrary-sized Null objects. */ 103#define DEFINE_NULL_DATA(Type, size, data) \ 104static const char _Null##Type[size + 1] = data; /* +1 is for nul-termination in data */ \ 105template <> \ 106inline const Type& Null<Type> () { \ 107 return *CastP<Type> (_Null##Type); \ 108} /* The following line really exists such that we end in a place needing semicolon */ \ 109ASSERT_STATIC (sizeof (Type) + 1 <= sizeof (_Null##Type)) 110 111/* Accessor macro. */ 112#define Null(Type) Null<Type>() 113 114 115/* 116 * Trace 117 */ 118 119 120template <int max_depth> 121struct hb_trace_t { 122 explicit hb_trace_t (unsigned int *pdepth) : pdepth(pdepth) { if (max_depth) ++*pdepth; } 123 ~hb_trace_t (void) { if (max_depth) --*pdepth; } 124 125 inline void log (const char *what, const char *function, const void *obj) 126 { 127 if (*pdepth < max_depth) 128 fprintf (stderr, "%s(%p) %-*d-> %s\n", what, obj, *pdepth, *pdepth, function); 129 } 130 131 private: 132 unsigned int *pdepth; 133}; 134template <> /* Optimize when tracing is disabled */ 135struct hb_trace_t<0> { 136 explicit hb_trace_t (unsigned int *p) {} 137 inline void log (const char *what, const char *function, const void *obj) {}; 138}; 139 140 141 142/* 143 * Sanitize 144 */ 145 146#ifndef HB_DEBUG_SANITIZE 147#define HB_DEBUG_SANITIZE HB_DEBUG+0 148#endif 149 150 151#define TRACE_SANITIZE() \ 152 hb_trace_t<HB_DEBUG_SANITIZE> trace (&context->debug_depth); \ 153 trace.log ("SANITIZE", HB_FUNC, this); 154 155 156struct hb_sanitize_context_t 157{ 158 inline void init (hb_blob_t *blob) 159 { 160 this->blob = hb_blob_reference (blob); 161 this->start = hb_blob_lock (blob); 162 this->end = this->start + hb_blob_get_length (blob); 163 this->writable = hb_blob_is_writable (blob); 164 this->edit_count = 0; 165 this->debug_depth = 0; 166 167 if (HB_DEBUG_SANITIZE) 168 fprintf (stderr, "sanitize %p init [%p..%p] (%u bytes)\n", 169 this->blob, this->start, this->end, this->end - this->start); 170 } 171 172 inline void finish (void) 173 { 174 if (HB_DEBUG_SANITIZE) 175 fprintf (stderr, "sanitize %p fini [%p..%p] %u edit requests\n", 176 this->blob, this->start, this->end, this->edit_count); 177 178 hb_blob_unlock (this->blob); 179 hb_blob_destroy (this->blob); 180 this->blob = NULL; 181 this->start = this->end = NULL; 182 } 183 184 inline bool check_range (const void *base, unsigned int len) const 185 { 186 bool ret = this->start <= base && 187 base <= this->end && 188 (unsigned int) (this->end - CharP(base)) >= len; 189 190 if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE) \ 191 fprintf (stderr, "SANITIZE(%p) %-*d-> range [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \ 192 base, 193 this->debug_depth, this->debug_depth, 194 base, CharP(base)+len, len, 195 this->start, this->end, 196 ret ? "pass" : "FAIL"); 197 198 return likely (ret); 199 } 200 201 inline bool check_array (const void *base, unsigned int record_size, unsigned int len) const 202 { 203 bool overflows = len >= ((unsigned int) -1) / record_size; 204 205 206 if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE) 207 fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n", \ 208 base, 209 this->debug_depth, this->debug_depth, 210 base, CharP(base) + (record_size * len), record_size, len, (unsigned long) record_size * len, 211 this->start, this->end, 212 !overflows ? "does not overflow" : "OVERFLOWS FAIL"); 213 214 return likely (!overflows && this->check_range (base, record_size * len)); 215 } 216 217 inline bool can_edit (const char *base HB_UNUSED, unsigned int len HB_UNUSED) 218 { 219 this->edit_count++; 220 221 if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE) 222 fprintf (stderr, "SANITIZE(%p) %-*d-> edit(%u) [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \ 223 base, 224 this->debug_depth, this->debug_depth, 225 this->edit_count, 226 base, base+len, len, 227 this->start, this->end, 228 this->writable ? "granted" : "REJECTED"); 229 230 return this->writable; 231 } 232 233 unsigned int debug_depth; 234 const char *start, *end; 235 bool writable; 236 unsigned int edit_count; 237 hb_blob_t *blob; 238}; 239 240 241#define SANITIZE(X) likely ((X).sanitize (context)) 242 243#define SANITIZE_WITH_BASE(B,X) likely ((X).sanitize (context, CharP(B))) 244 245#define SANITIZE_SELF() likely(context->check_range (this, sizeof (*this))) 246 247 248/* Template to sanitize an object. */ 249template <typename Type> 250struct Sanitizer 251{ 252 static hb_blob_t *sanitize (hb_blob_t *blob) { 253 hb_sanitize_context_t context[1] = {{0}}; 254 bool sane; 255 256 /* TODO is_sane() stuff */ 257 258 retry: 259 if (HB_DEBUG_SANITIZE) 260 fprintf (stderr, "Sanitizer %p start %s\n", blob, HB_FUNC); 261 262 context->init (blob); 263 264 Type *t = CastP<Type> (const_cast<char *> (context->start)); 265 266 sane = t->sanitize (context); 267 if (sane) { 268 if (context->edit_count) { 269 if (HB_DEBUG_SANITIZE) 270 fprintf (stderr, "Sanitizer %p passed first round with %d edits; doing a second round %s\n", 271 blob, context->edit_count, HB_FUNC); 272 273 /* sanitize again to ensure no toe-stepping */ 274 context->edit_count = 0; 275 sane = t->sanitize (context); 276 if (context->edit_count) { 277 if (HB_DEBUG_SANITIZE) 278 fprintf (stderr, "Sanitizer %p requested %d edits in second round; FAILLING %s\n", 279 blob, context->edit_count, HB_FUNC); 280 sane = false; 281 } 282 } 283 context->finish (); 284 } else { 285 unsigned int edit_count = context->edit_count; 286 context->finish (); 287 if (edit_count && !hb_blob_is_writable (blob) && hb_blob_try_writable (blob)) { 288 /* ok, we made it writable by relocating. try again */ 289 if (HB_DEBUG_SANITIZE) 290 fprintf (stderr, "Sanitizer %p retry %s\n", blob, HB_FUNC); 291 goto retry; 292 } 293 } 294 295 if (HB_DEBUG_SANITIZE) 296 fprintf (stderr, "Sanitizer %p %s %s\n", blob, sane ? "passed" : "FAILED", HB_FUNC); 297 if (sane) 298 return blob; 299 else { 300 hb_blob_destroy (blob); 301 return hb_blob_create_empty (); 302 } 303 } 304}; 305 306 307 308 309/* 310 * 311 * The OpenType Font File: Data Types 312 */ 313 314 315/* "The following data types are used in the OpenType font file. 316 * All OpenType fonts use Motorola-style byte ordering (Big Endian):" */ 317 318/* 319 * Int types 320 */ 321 322 323template <typename Type, int Bytes> class BEInt; 324 325/* LONGTERMTODO: On machines allowing unaligned access, we can make the 326 * following tighter by using byteswap instructions on ints directly. */ 327template <typename Type> 328class BEInt<Type, 2> 329{ 330 public: 331 inline class BEInt<Type,2>& operator = (Type i) { hb_be_uint16_put (v,i); return *this; } 332 inline operator Type () const { return hb_be_uint16_get (v); } 333 inline bool operator == (const BEInt<Type, 2>& o) const { return hb_be_uint16_cmp (v, o.v); } 334 inline bool operator != (const BEInt<Type, 2>& o) const { return !(*this == o); } 335 private: uint8_t v[2]; 336}; 337template <typename Type> 338class BEInt<Type, 4> 339{ 340 public: 341 inline class BEInt<Type,4>& operator = (Type i) { hb_be_uint32_put (v,i); return *this; } 342 inline operator Type () const { return hb_be_uint32_get (v); } 343 inline bool operator == (const BEInt<Type, 4>& o) const { return hb_be_uint32_cmp (v, o.v); } 344 inline bool operator != (const BEInt<Type, 4>& o) const { return !(*this == o); } 345 private: uint8_t v[4]; 346}; 347 348/* Integer types in big-endian order and no alignment requirement */ 349template <typename Type> 350struct IntType 351{ 352 static inline unsigned int get_size () { return sizeof (Type); } 353 inline void set (Type i) { v = i; } 354 inline operator Type(void) const { return v; } 355 inline bool operator == (const IntType<Type> &o) const { return v == o.v; } 356 inline bool operator != (const IntType<Type> &o) const { return v != o.v; } 357 inline bool sanitize (hb_sanitize_context_t *context) { 358 TRACE_SANITIZE (); 359 return SANITIZE_SELF (); 360 } 361 private: BEInt<Type, sizeof (Type)> v; 362}; 363 364typedef IntType<uint16_t> USHORT; /* 16-bit unsigned integer. */ 365typedef IntType<int16_t> SHORT; /* 16-bit signed integer. */ 366typedef IntType<uint32_t> ULONG; /* 32-bit unsigned integer. */ 367typedef IntType<int32_t> LONG; /* 32-bit signed integer. */ 368 369ASSERT_SIZE (USHORT, 2); 370ASSERT_SIZE (SHORT, 2); 371ASSERT_SIZE (ULONG, 4); 372ASSERT_SIZE (LONG, 4); 373 374/* Array of four uint8s (length = 32 bits) used to identify a script, language 375 * system, feature, or baseline */ 376struct Tag : ULONG 377{ 378 /* What the char* converters return is NOT nul-terminated. Print using "%.4s" */ 379 inline operator const char* (void) const { return CharP(this); } 380 inline operator char* (void) { return CharP(this); } 381}; 382ASSERT_SIZE (Tag, 4); 383DEFINE_NULL_DATA (Tag, 4, " "); 384 385/* Glyph index number, same as uint16 (length = 16 bits) */ 386typedef USHORT GlyphID; 387 388/* Offset to a table, same as uint16 (length = 16 bits), Null offset = 0x0000 */ 389typedef USHORT Offset; 390 391/* LongOffset to a table, same as uint32 (length = 32 bits), Null offset = 0x00000000 */ 392typedef ULONG LongOffset; 393 394 395/* CheckSum */ 396struct CheckSum : ULONG 397{ 398 static uint32_t CalcTableChecksum (ULONG *Table, uint32_t Length) 399 { 400 uint32_t Sum = 0L; 401 ULONG *EndPtr = Table+((Length+3) & ~3) / ULONG::get_size (); 402 403 while (Table < EndPtr) 404 Sum += *Table++; 405 return Sum; 406 } 407}; 408ASSERT_SIZE (CheckSum, 4); 409 410 411/* 412 * Version Numbers 413 */ 414 415struct FixedVersion 416{ 417 inline operator uint32_t (void) const { return (major << 16) + minor; } 418 419 inline bool sanitize (hb_sanitize_context_t *context) { 420 TRACE_SANITIZE (); 421 return SANITIZE_SELF (); 422 } 423 424 USHORT major; 425 USHORT minor; 426}; 427ASSERT_SIZE (FixedVersion, 4); 428 429 430 431/* 432 * Template subclasses of Offset and LongOffset that do the dereferencing. 433 * Use: (base+offset) 434 */ 435 436template <typename OffsetType, typename Type> 437struct GenericOffsetTo : OffsetType 438{ 439 inline const Type& operator () (const void *base) const 440 { 441 unsigned int offset = *this; 442 if (unlikely (!offset)) return Null(Type); 443 return StructAtOffset<Type> (*CharP(base), offset); 444 } 445 446 inline bool sanitize (hb_sanitize_context_t *context, void *base) { 447 TRACE_SANITIZE (); 448 if (!SANITIZE_SELF ()) return false; 449 unsigned int offset = *this; 450 if (unlikely (!offset)) return true; 451 Type &obj = StructAtOffset<Type> (*CharP(base), offset); 452 return likely (obj.sanitize (context)) || neuter (context); 453 } 454 template <typename T> 455 inline bool sanitize (hb_sanitize_context_t *context, void *base, T user_data) { 456 TRACE_SANITIZE (); 457 if (!SANITIZE_SELF ()) return false; 458 unsigned int offset = *this; 459 if (unlikely (!offset)) return true; 460 Type &obj = StructAtOffset<Type> (*CharP(base), offset); 461 return likely (obj.sanitize (context, user_data)) || neuter (context); 462 } 463 464 private: 465 /* Set the offset to Null */ 466 inline bool neuter (hb_sanitize_context_t *context) { 467 if (context->can_edit (CharP(this), this->get_size ())) { 468 this->set (0); /* 0 is Null offset */ 469 return true; 470 } 471 return false; 472 } 473}; 474template <typename Base, typename OffsetType, typename Type> 475inline const Type& operator + (const Base &base, GenericOffsetTo<OffsetType, Type> offset) { return offset (base); } 476 477template <typename Type> 478struct OffsetTo : GenericOffsetTo<Offset, Type> {}; 479 480template <typename Type> 481struct LongOffsetTo : GenericOffsetTo<LongOffset, Type> {}; 482 483 484/* 485 * Array Types 486 */ 487 488template <typename LenType, typename Type> 489struct GenericArrayOf 490{ 491 const Type *array(void) const { return &StructAfter<Type> (len); } 492 Type *array(void) { return &StructAfter<Type> (len); } 493 494 const Type *sub_array (unsigned int start_offset, unsigned int *pcount /* IN/OUT */) const 495 { 496 unsigned int count = len; 497 if (unlikely (start_offset > count)) 498 count = 0; 499 else 500 count -= start_offset; 501 count = MIN (count, *pcount); 502 *pcount = count; 503 return array() + start_offset; 504 } 505 506 inline const Type& operator [] (unsigned int i) const 507 { 508 if (unlikely (i >= len)) return Null(Type); 509 return array()[i]; 510 } 511 inline unsigned int get_size () const 512 { return len.get_size () + len * Type::get_size (); } 513 514 inline bool sanitize (hb_sanitize_context_t *context) { 515 TRACE_SANITIZE (); 516 if (!likely (sanitize_shallow (context))) return false; 517 /* Note: for structs that do not reference other structs, 518 * we do not need to call their sanitize() as we already did 519 * a bound check on the aggregate array size, hence the return. 520 */ 521 return true; 522 /* We do keep this code though to make sure the structs pointed 523 * to do have a simple sanitize(), ie. they do not reference 524 * other structs. */ 525 unsigned int count = len; 526 for (unsigned int i = 0; i < count; i++) 527 if (!SANITIZE (array()[i])) 528 return false; 529 return true; 530 } 531 inline bool sanitize (hb_sanitize_context_t *context, void *base) { 532 TRACE_SANITIZE (); 533 if (!likely (sanitize_shallow (context))) return false; 534 unsigned int count = len; 535 for (unsigned int i = 0; i < count; i++) 536 if (!array()[i].sanitize (context, base)) 537 return false; 538 return true; 539 } 540 template <typename T> 541 inline bool sanitize (hb_sanitize_context_t *context, void *base, T user_data) { 542 TRACE_SANITIZE (); 543 if (!likely (sanitize_shallow (context))) return false; 544 unsigned int count = len; 545 for (unsigned int i = 0; i < count; i++) 546 if (!array()[i].sanitize (context, base, user_data)) 547 return false; 548 return true; 549 } 550 551 private: 552 inline bool sanitize_shallow (hb_sanitize_context_t *context) { 553 TRACE_SANITIZE (); 554 return SANITIZE_SELF() 555 && context->check_array (this, Type::get_size (), len); 556 } 557 558 public: 559 LenType len; 560/*Type array[VAR];*/ 561}; 562 563/* An array with a USHORT number of elements. */ 564template <typename Type> 565struct ArrayOf : GenericArrayOf<USHORT, Type> {}; 566 567/* An array with a ULONG number of elements. */ 568template <typename Type> 569struct LongArrayOf : GenericArrayOf<ULONG, Type> {}; 570 571/* Array of Offset's */ 572template <typename Type> 573struct OffsetArrayOf : ArrayOf<OffsetTo<Type> > {}; 574 575/* Array of LongOffset's */ 576template <typename Type> 577struct LongOffsetArrayOf : ArrayOf<LongOffsetTo<Type> > {}; 578 579/* LongArray of LongOffset's */ 580template <typename Type> 581struct LongOffsetLongArrayOf : LongArrayOf<LongOffsetTo<Type> > {}; 582 583/* Array of offsets relative to the beginning of the array itself. */ 584template <typename Type> 585struct OffsetListOf : OffsetArrayOf<Type> 586{ 587 inline const Type& operator [] (unsigned int i) const 588 { 589 if (unlikely (i >= this->len)) return Null(Type); 590 return this+this->array()[i]; 591 } 592 593 inline bool sanitize (hb_sanitize_context_t *context) { 594 TRACE_SANITIZE (); 595 return OffsetArrayOf<Type>::sanitize (context, CharP(this)); 596 } 597 template <typename T> 598 inline bool sanitize (hb_sanitize_context_t *context, T user_data) { 599 TRACE_SANITIZE (); 600 return OffsetArrayOf<Type>::sanitize (context, CharP(this), user_data); 601 } 602}; 603 604 605/* An array with a USHORT number of elements, 606 * starting at second element. */ 607template <typename Type> 608struct HeadlessArrayOf 609{ 610 const Type *array(void) const { return &StructAfter<Type> (len); } 611 Type *array(void) { return &StructAfter<Type> (len); } 612 613 inline const Type& operator [] (unsigned int i) const 614 { 615 if (unlikely (i >= len || !i)) return Null(Type); 616 return array()[i-1]; 617 } 618 inline unsigned int get_size () const 619 { return len.get_size () + (len ? len - 1 : 0) * Type::get_size (); } 620 621 inline bool sanitize_shallow (hb_sanitize_context_t *context) { 622 return SANITIZE_SELF() 623 && context->check_array (this, Type::get_size (), len); 624 } 625 626 inline bool sanitize (hb_sanitize_context_t *context) { 627 TRACE_SANITIZE (); 628 if (!likely (sanitize_shallow (context))) return false; 629 /* Note: for structs that do not reference other structs, 630 * we do not need to call their sanitize() as we already did 631 * a bound check on the aggregate array size, hence the return. 632 */ 633 return true; 634 /* We do keep this code though to make sure the structs pointed 635 * to do have a simple sanitize(), ie. they do not reference 636 * other structs. */ 637 unsigned int count = len ? len - 1 : 0; 638 Type *a = array(); 639 for (unsigned int i = 0; i < count; i++) 640 if (!SANITIZE (a[i])) 641 return false; 642 return true; 643 } 644 645 USHORT len; 646/*Type array[VAR];*/ 647}; 648 649 650#endif /* HB_OPEN_TYPE_PRIVATE_HH */ 651