summaryrefslogtreecommitdiffstats
path: root/src/3rdparty/freetype/src/sfnt/sfwoff2.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/3rdparty/freetype/src/sfnt/sfwoff2.c')
-rw-r--r--src/3rdparty/freetype/src/sfnt/sfwoff2.c225
1 files changed, 140 insertions, 85 deletions
diff --git a/src/3rdparty/freetype/src/sfnt/sfwoff2.c b/src/3rdparty/freetype/src/sfnt/sfwoff2.c
index 5c8202f823..2be44a347a 100644
--- a/src/3rdparty/freetype/src/sfnt/sfwoff2.c
+++ b/src/3rdparty/freetype/src/sfnt/sfwoff2.c
@@ -4,7 +4,7 @@
*
* WOFF2 format management (base).
*
- * Copyright (C) 2019-2020 by
+ * Copyright (C) 2019-2023 by
* Nikhil Ramakrishnan, David Turner, Robert Wilhelm, and Werner Lemberg.
*
* This file is part of the FreeType project, and may only be used,
@@ -26,8 +26,6 @@
#include <brotli/decode.h>
-#endif
-
/**************************************************************************
*
@@ -38,6 +36,8 @@
#undef FT_COMPONENT
#define FT_COMPONENT sfwoff2
+ /* An arbitrary, heuristic size limit (67MByte) for expanded WOFF2 data. */
+#define MAX_SFNT_SIZE ( 1 << 26 )
#define READ_255USHORT( var ) FT_SET_ERROR( Read255UShort( stream, &var ) )
@@ -86,6 +86,8 @@
#define BBOX_STREAM 5
#define INSTRUCTION_STREAM 6
+#define HAVE_OVERLAP_SIMPLE_BITMAP 0x1
+
static void
stream_close( FT_Stream stream )
@@ -96,20 +98,19 @@
FT_FREE( stream->base );
stream->size = 0;
- stream->base = NULL;
stream->close = NULL;
}
- FT_CALLBACK_DEF( int )
+ FT_COMPARE_DEF( int )
compare_tags( const void* a,
const void* b )
{
WOFF2_Table table1 = *(WOFF2_Table*)a;
WOFF2_Table table2 = *(WOFF2_Table*)b;
- FT_ULong tag1 = table1->Tag;
- FT_ULong tag2 = table2->Tag;
+ FT_Tag tag1 = table1->Tag;
+ FT_Tag tag2 = table2->Tag;
if ( tag1 > tag2 )
@@ -230,9 +231,9 @@
{
FT_TRACE6(( "Reallocating %lu to %lu.\n",
*dst_size, (*offset + size) ));
- if ( FT_REALLOC( dst,
- (FT_ULong)( *dst_size ),
- (FT_ULong)( *offset + size ) ) )
+ if ( FT_QREALLOC( dst,
+ (FT_ULong)( *dst_size ),
+ (FT_ULong)( *offset + size ) ) )
goto Exit;
*dst_size = *offset + size;
@@ -316,8 +317,6 @@
const FT_Byte* src,
FT_ULong src_size )
{
-#ifdef FT_CONFIG_OPTION_USE_BROTLI
-
/* this cast is only of importance on 32bit systems; */
/* we don't validate it */
FT_Offset uncompressed_size = (FT_Offset)dst_size;
@@ -338,20 +337,13 @@
FT_TRACE2(( "woff2_decompress: Brotli stream decompressed.\n" ));
return FT_Err_Ok;
-
-#else /* !FT_CONFIG_OPTION_USE_BROTLI */
-
- FT_ERROR(( "woff2_decompress: Brotli support not available.\n" ));
- return FT_THROW( Unimplemented_Feature );
-
-#endif /* !FT_CONFIG_OPTION_USE_BROTLI */
}
static WOFF2_Table
find_table( WOFF2_Table* tables,
FT_UShort num_tables,
- FT_ULong tag )
+ FT_Tag tag )
{
FT_Int i;
@@ -534,6 +526,7 @@
const WOFF2_Point points,
FT_UShort n_contours,
FT_UShort instruction_len,
+ FT_Bool have_overlap,
FT_Byte* dst,
FT_ULong dst_size,
FT_ULong* glyph_size )
@@ -561,6 +554,9 @@
FT_Int dy = point.y - last_y;
+ if ( i == 0 && have_overlap )
+ flag |= GLYF_OVERLAP_SIMPLE;
+
if ( dx == 0 )
flag |= GLYF_THIS_X_IS_SAME;
else if ( dx > -256 && dx < 256 )
@@ -790,7 +786,7 @@
goto Fail;
loca_buf_size = loca_values_size * offset_size;
- if ( FT_NEW_ARRAY( loca_buf, loca_buf_size ) )
+ if ( FT_QALLOC( loca_buf, loca_buf_size ) )
goto Fail;
dst = loca_buf;
@@ -845,15 +841,18 @@
FT_UInt num_substreams = 7;
+ FT_UShort option_flags;
FT_UShort num_glyphs;
FT_UShort index_format;
FT_ULong expected_loca_length;
FT_UInt offset;
FT_UInt i;
FT_ULong points_size;
- FT_ULong bitmap_length;
FT_ULong glyph_buf_size;
FT_ULong bbox_bitmap_offset;
+ FT_ULong bbox_bitmap_length;
+ FT_ULong overlap_bitmap_offset = 0;
+ FT_ULong overlap_bitmap_length = 0;
const FT_ULong glyf_start = *out_offset;
FT_ULong dest_offset = *out_offset;
@@ -866,18 +865,20 @@
WOFF2_Point points = NULL;
- if ( FT_NEW_ARRAY( substreams, num_substreams ) )
+ if ( FT_QNEW_ARRAY( substreams, num_substreams ) )
goto Fail;
- if ( FT_STREAM_SKIP( 4 ) )
+ if ( FT_STREAM_SKIP( 2 ) )
+ goto Fail;
+ if ( FT_READ_USHORT( option_flags ) )
goto Fail;
if ( FT_READ_USHORT( num_glyphs ) )
goto Fail;
if ( FT_READ_USHORT( index_format ) )
goto Fail;
- FT_TRACE4(( "num_glyphs = %u; index_format = %u\n",
- num_glyphs, index_format ));
+ FT_TRACE4(( "option_flags = %u; num_glyphs = %u; index_format = %u\n",
+ option_flags, num_glyphs, index_format ));
info->num_glyphs = num_glyphs;
@@ -890,7 +891,7 @@
if ( info->loca_table->dst_length != expected_loca_length )
goto Fail;
- offset = ( 2 + num_substreams ) * 4;
+ offset = 2 + 2 + 2 + 2 + ( num_substreams * 4 );
if ( offset > info->glyf_table->TransformLength )
goto Fail;
@@ -913,21 +914,36 @@
offset += substream_size;
}
- if ( FT_NEW_ARRAY( loca_values, num_glyphs + 1 ) )
+ if ( option_flags & HAVE_OVERLAP_SIMPLE_BITMAP )
+ {
+ /* Size of overlapBitmap = floor((numGlyphs + 7) / 8) */
+ overlap_bitmap_length = ( num_glyphs + 7U ) >> 3;
+ if ( overlap_bitmap_length > info->glyf_table->TransformLength - offset )
+ goto Fail;
+
+ overlap_bitmap_offset = pos + offset;
+
+ FT_TRACE5(( " Overlap bitmap: offset = %lu; size = %lu;\n",
+ overlap_bitmap_offset, overlap_bitmap_length ));
+ offset += overlap_bitmap_length;
+ }
+
+ if ( FT_QNEW_ARRAY( loca_values, num_glyphs + 1 ) )
goto Fail;
points_size = 0;
bbox_bitmap_offset = substreams[BBOX_STREAM].offset;
/* Size of bboxBitmap = 4 * floor((numGlyphs + 31) / 32) */
- bitmap_length = ( ( num_glyphs + 31U ) >> 5 ) << 2;
- substreams[BBOX_STREAM].offset += bitmap_length;
+ bbox_bitmap_length = ( ( num_glyphs + 31U ) >> 5 ) << 2;
+ /* bboxStreamSize is the combined size of bboxBitmap and bboxStream. */
+ substreams[BBOX_STREAM].offset += bbox_bitmap_length;
glyph_buf_size = WOFF2_DEFAULT_GLYPH_BUF;
- if ( FT_NEW_ARRAY( glyph_buf, glyph_buf_size ) )
+ if ( FT_QALLOC( glyph_buf, glyph_buf_size ) )
goto Fail;
- if ( FT_NEW_ARRAY( info->x_mins, num_glyphs ) )
+ if ( FT_QNEW_ARRAY( info->x_mins, num_glyphs ) )
goto Fail;
for ( i = 0; i < num_glyphs; ++i )
@@ -959,7 +975,7 @@
/* composite glyph */
FT_Bool have_instructions = FALSE;
FT_UShort instruction_size = 0;
- FT_ULong composite_size;
+ FT_ULong composite_size = 0;
FT_ULong size_needed;
FT_Byte* pointer = NULL;
@@ -985,7 +1001,7 @@
size_needed = 12 + composite_size + instruction_size;
if ( glyph_buf_size < size_needed )
{
- if ( FT_RENEW_ARRAY( glyph_buf, glyph_buf_size, size_needed ) )
+ if ( FT_QREALLOC( glyph_buf, glyph_buf_size, size_needed ) )
goto Fail;
glyph_buf_size = size_needed;
}
@@ -1037,8 +1053,11 @@
FT_ULong flag_size;
FT_ULong triplet_size;
FT_ULong triplet_bytes_used;
- FT_Byte* flags_buf = NULL;
- FT_Byte* triplet_buf = NULL;
+ FT_Bool have_overlap = FALSE;
+ FT_Byte overlap_bitmap;
+ FT_ULong overlap_offset;
+ FT_Byte* flags_buf = NULL;
+ FT_Byte* triplet_buf = NULL;
FT_UShort instruction_size;
FT_ULong size_needed;
FT_Int end_point;
@@ -1047,7 +1066,18 @@
FT_Byte* pointer = NULL;
- if ( FT_NEW_ARRAY( n_points_arr, n_contours ) )
+ /* Set `have_overlap`. */
+ if ( overlap_bitmap_offset )
+ {
+ overlap_offset = overlap_bitmap_offset + ( i >> 3 );
+ if ( FT_STREAM_SEEK( overlap_offset ) ||
+ FT_READ_BYTE( overlap_bitmap ) )
+ goto Fail;
+ if ( overlap_bitmap & ( 0x80 >> ( i & 7 ) ) )
+ have_overlap = TRUE;
+ }
+
+ if ( FT_QNEW_ARRAY( n_points_arr, n_contours ) )
goto Fail;
if ( FT_STREAM_SEEK( substreams[N_POINTS_STREAM].offset ) )
@@ -1084,7 +1114,7 @@
/* Create array to store point information. */
points_size = total_n_points;
- if ( FT_NEW_ARRAY( points, points_size ) )
+ if ( FT_QNEW_ARRAY( points, points_size ) )
goto Fail;
if ( triplet_decode( flags_buf,
@@ -1113,7 +1143,7 @@
instruction_size;
if ( glyph_buf_size < size_needed )
{
- if ( FT_RENEW_ARRAY( glyph_buf, glyph_buf_size, size_needed ) )
+ if ( FT_QREALLOC( glyph_buf, glyph_buf_size, size_needed ) )
goto Fail;
glyph_buf_size = size_needed;
}
@@ -1167,6 +1197,7 @@
points,
n_contours,
instruction_size,
+ have_overlap,
glyph_buf,
glyph_buf_size,
&glyph_size ) )
@@ -1197,8 +1228,7 @@
*glyf_checksum += compute_ULong_sum( glyph_buf, glyph_size );
/* Store x_mins, may be required to reconstruct `hmtx'. */
- if ( n_contours > 0 )
- info->x_mins[i] = (FT_Short)x_min;
+ info->x_mins[i] = (FT_Short)x_min;
}
info->glyf_table->dst_length = dest_offset - info->glyf_table->dst_offset;
@@ -1315,7 +1345,7 @@
offset_size = index_format ? 4 : 2;
/* Create `x_mins' array. */
- if ( FT_NEW_ARRAY( info->x_mins, num_glyphs ) )
+ if ( FT_QNEW_ARRAY( info->x_mins, num_glyphs ) )
return error;
loca_offset = info->loca_table->src_offset;
@@ -1403,8 +1433,8 @@
if ( num_hmetrics < 1 )
goto Fail;
- if ( FT_NEW_ARRAY( advance_widths, num_hmetrics ) ||
- FT_NEW_ARRAY( lsbs, num_glyphs ) )
+ if ( FT_QNEW_ARRAY( advance_widths, num_hmetrics ) ||
+ FT_QNEW_ARRAY( lsbs, num_glyphs ) )
goto Fail;
/* Read `advanceWidth' stream. Always present. */
@@ -1455,7 +1485,7 @@
/* Build the hmtx table. */
hmtx_table_size = 2 * num_hmetrics + 2 * num_glyphs;
- if ( FT_NEW_ARRAY( hmtx_table, hmtx_table_size ) )
+ if ( FT_QALLOC( hmtx_table, hmtx_table_size ) )
goto Fail;
dst = hmtx_table;
@@ -1512,10 +1542,10 @@
{
/* Memory management of `transformed_buf' is handled by the caller. */
- FT_Error error = FT_Err_Ok;
- FT_Stream stream = NULL;
- FT_Byte* buf_cursor = NULL;
- FT_Byte* table_entry = NULL;
+ FT_Error error = FT_Err_Ok;
+ FT_Stream stream = NULL;
+ FT_Byte* buf_cursor = NULL;
+ FT_Byte table_entry[16];
/* We are reallocating memory for `sfnt', so its pointer may change. */
FT_Byte* sfnt = *sfnt_bytes;
@@ -1556,10 +1586,6 @@
}
}
- /* Create buffer for table entries. */
- if ( FT_NEW_ARRAY( table_entry, 16 ) )
- goto Fail;
-
/* Create a stream for the uncompressed buffer. */
if ( FT_NEW( stream ) )
goto Fail;
@@ -1722,7 +1748,6 @@
/* Set pointer of sfnt stream to its correct value. */
*sfnt_bytes = sfnt;
- FT_FREE( table_entry );
FT_Stream_Close( stream );
FT_FREE( stream );
@@ -1735,7 +1760,6 @@
/* Set pointer of sfnt stream to its correct value. */
*sfnt_bytes = sfnt;
- FT_FREE( table_entry );
FT_Stream_Close( stream );
FT_FREE( stream );
@@ -1848,15 +1872,14 @@
woff2.ttc_fonts = NULL;
/* Read table directory. */
- if ( FT_NEW_ARRAY( tables, woff2.num_tables ) ||
- FT_NEW_ARRAY( indices, woff2.num_tables ) )
+ if ( FT_QNEW_ARRAY( tables, woff2.num_tables ) ||
+ FT_QNEW_ARRAY( indices, woff2.num_tables ) )
goto Exit;
- FT_TRACE2((
- "\n"
- " tag flags transform origLen transformLen offset\n"
- " -----------------------------------------------------------\n" ));
- /* " XXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX" */
+ FT_TRACE2(( "\n" ));
+ FT_TRACE2(( " tag flags transform origLen transformLen offset\n" ));
+ FT_TRACE2(( " -----------------------------------------------------------\n" ));
+ /* " XXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX" */
for ( nn = 0; nn < woff2.num_tables; nn++ )
{
@@ -1921,10 +1944,11 @@
goto Exit;
}
+ table->flags = flags;
table->src_offset = src_offset;
table->src_length = table->TransformLength;
src_offset += table->TransformLength;
- table->flags = flags;
+ table->dst_offset = 0;
FT_TRACE2(( " %c%c%c%c %08d %08d %08ld %08ld %08ld\n",
(FT_Char)( table->Tag >> 24 ),
@@ -1982,6 +2006,7 @@
FT_TRACE4(( "Number of fonts in TTC: %d\n", woff2.num_fonts ));
+ /* pre-zero pointers within in case of failure */
if ( FT_NEW_ARRAY( woff2.ttc_fonts, woff2.num_fonts ) )
goto Exit;
@@ -1995,7 +2020,7 @@
if ( FT_READ_ULONG( ttc_font->flavor ) )
goto Exit;
- if ( FT_NEW_ARRAY( ttc_font->table_indices, ttc_font->num_tables ) )
+ if ( FT_QNEW_ARRAY( ttc_font->table_indices, ttc_font->num_tables ) )
goto Exit;
FT_TRACE5(( "Number of tables in font %d: %d\n",
@@ -2076,7 +2101,7 @@
error = FT_THROW( Invalid_Table );
goto Exit;
}
- file_offset = ROUND4(woff2.metaOffset + woff2.metaLength);
+ file_offset = ROUND4( woff2.metaOffset + woff2.metaLength );
}
if ( woff2.privOffset )
@@ -2086,7 +2111,7 @@
error = FT_THROW( Invalid_Table );
goto Exit;
}
- file_offset = ROUND4(woff2.privOffset + woff2.privLength);
+ file_offset = ROUND4( woff2.privOffset + woff2.privLength );
}
if ( file_offset != ( ROUND4( woff2.length ) ) )
@@ -2098,7 +2123,7 @@
/* Validate requested face index. */
*num_faces = woff2.num_fonts;
/* value -(N+1) requests information on index N */
- if ( *face_instance_index < 0 )
+ if ( *face_instance_index < 0 && face_index > 0 )
face_index--;
if ( face_index >= woff2.num_fonts )
@@ -2119,8 +2144,8 @@
/* Create a temporary array. */
- if ( FT_NEW_ARRAY( temp_indices,
- ttc_font->num_tables ) )
+ if ( FT_QNEW_ARRAY( temp_indices,
+ ttc_font->num_tables ) )
goto Exit;
FT_TRACE4(( "Storing tables for TTC face index %d.\n", face_index ));
@@ -2128,9 +2153,9 @@
temp_indices[nn] = indices[ttc_font->table_indices[nn]];
/* Resize array to required size. */
- if ( FT_RENEW_ARRAY( indices,
- woff2.num_tables,
- ttc_font->num_tables ) )
+ if ( FT_QRENEW_ARRAY( indices,
+ woff2.num_tables,
+ ttc_font->num_tables ) )
goto Exit;
for ( nn = 0; nn < ttc_font->num_tables; nn++ )
@@ -2157,9 +2182,8 @@
else
sfnt_size = woff2.totalSfntSize;
- /* Value 1<<26 = 67108864 is heuristic. */
- if (sfnt_size >= (1 << 26))
- sfnt_size = 1 << 26;
+ if ( sfnt_size >= MAX_SFNT_SIZE )
+ sfnt_size = MAX_SFNT_SIZE;
#ifdef FT_DEBUG_LEVEL_TRACE
if ( sfnt_size != woff2.totalSfntSize )
@@ -2170,8 +2194,8 @@
}
/* Write sfnt header. */
- if ( FT_ALLOC( sfnt, sfnt_size ) ||
- FT_NEW( sfnt_stream ) )
+ if ( FT_QALLOC( sfnt, sfnt_size ) ||
+ FT_NEW( sfnt_stream ) )
goto Exit;
sfnt_header = sfnt;
@@ -2209,22 +2233,46 @@
sizeof ( WOFF2_Table ),
compare_tags );
+ /* reject fonts that have multiple tables with the same tag */
+ for ( nn = 1; nn < woff2.num_tables; nn++ )
+ {
+ FT_Tag tag = indices[nn]->Tag;
+
+
+ if ( tag == indices[nn - 1]->Tag )
+ {
+ FT_ERROR(( "woff2_open_font:"
+ " multiple tables with tag `%c%c%c%c'.\n",
+ (FT_Char)( tag >> 24 ),
+ (FT_Char)( tag >> 16 ),
+ (FT_Char)( tag >> 8 ),
+ (FT_Char)( tag ) ));
+ error = FT_THROW( Invalid_Table );
+ goto Exit;
+ }
+ }
+
if ( woff2.uncompressed_size < 1 )
{
error = FT_THROW( Invalid_Table );
goto Exit;
}
- if ( woff2.uncompressed_size > sfnt_size )
+ /* We must not blindly trust `uncompressed_size` since its */
+ /* value might be corrupted. If it is too large, reject the */
+ /* font. In other words, we don't accept a WOFF2 font that */
+ /* expands to something larger than MAX_SFNT_SIZE. If ever */
+ /* necessary, this limit can be easily adjusted. */
+ if ( woff2.uncompressed_size > MAX_SFNT_SIZE )
{
- FT_ERROR(( "woff2_open_font: SFNT table lengths are too large.\n" ));
- error = FT_THROW( Invalid_Table );
+ FT_ERROR(( "Uncompressed font too large.\n" ));
+ error = FT_THROW( Array_Too_Large );
goto Exit;
}
/* Allocate memory for uncompressed table data. */
- if ( FT_ALLOC( uncompressed_buf, woff2.uncompressed_size ) ||
- FT_FRAME_ENTER( woff2.totalCompressedSize ) )
+ if ( FT_QALLOC( uncompressed_buf, woff2.uncompressed_size ) ||
+ FT_FRAME_ENTER( woff2.totalCompressedSize ) )
goto Exit;
/* Uncompress the stream. */
@@ -2255,9 +2303,9 @@
{
FT_TRACE5(( "Trimming sfnt stream from %lu to %lu.\n",
sfnt_size, woff2.actual_sfnt_size ));
- if ( FT_REALLOC( sfnt,
- (FT_ULong)( sfnt_size ),
- (FT_ULong)( woff2.actual_sfnt_size ) ) )
+ if ( FT_QREALLOC( sfnt,
+ (FT_ULong)( sfnt_size ),
+ (FT_ULong)( woff2.actual_sfnt_size ) ) )
goto Exit;
}
@@ -2333,5 +2381,12 @@
#undef BBOX_STREAM
#undef INSTRUCTION_STREAM
+#else /* !FT_CONFIG_OPTION_USE_BROTLI */
+
+ /* ANSI C doesn't like empty source files */
+ typedef int sfwoff2_dummy_;
+
+#endif /* !FT_CONFIG_OPTION_USE_BROTLI */
+
/* END */