1 /**************************************************************************** 2 * 3 * cffparse.c 4 * 5 * CFF token stream parser (body) 6 * 7 * Copyright (C) 1996-2023 by 8 * David Turner, Robert Wilhelm, and Werner Lemberg. 9 * 10 * This file is part of the FreeType project, and may only be used, 11 * modified, and distributed under the terms of the FreeType project 12 * license, LICENSE.TXT. By continuing to use, modify, or distribute 13 * this file you indicate that you have read the license and 14 * understand and accept it fully. 15 * 16 */ 17 18 19 #include "cffparse.h" 20 #include <freetype/internal/ftstream.h> 21 #include <freetype/internal/ftdebug.h> 22 #include <freetype/internal/ftcalc.h> 23 #include <freetype/internal/psaux.h> 24 #include <freetype/ftlist.h> 25 26 #include "cfferrs.h" 27 #include "cffload.h" 28 29 30 /************************************************************************** 31 * 32 * The macro FT_COMPONENT is used in trace mode. It is an implicit 33 * parameter of the FT_TRACE() and FT_ERROR() macros, used to print/log 34 * messages during execution. 35 */ 36 #undef FT_COMPONENT 37 #define FT_COMPONENT cffparse 38 39 40 FT_LOCAL_DEF( FT_Error ) cff_parser_init(CFF_Parser parser,FT_UInt code,void * object,FT_Library library,FT_UInt stackSize,FT_UShort num_designs,FT_UShort num_axes)41 cff_parser_init( CFF_Parser parser, 42 FT_UInt code, 43 void* object, 44 FT_Library library, 45 FT_UInt stackSize, 46 FT_UShort num_designs, 47 FT_UShort num_axes ) 48 { 49 FT_Memory memory = library->memory; /* for FT_NEW_ARRAY */ 50 FT_Error error; /* for FT_NEW_ARRAY */ 51 52 53 FT_ZERO( parser ); 54 55 #if 0 56 parser->top = parser->stack; 57 #endif 58 parser->object_code = code; 59 parser->object = object; 60 parser->library = library; 61 parser->num_designs = num_designs; 62 parser->num_axes = num_axes; 63 64 /* allocate the stack buffer */ 65 if ( FT_QNEW_ARRAY( parser->stack, stackSize ) ) 66 goto Exit; 67 68 parser->stackSize = stackSize; 69 parser->top = parser->stack; /* empty stack */ 70 71 Exit: 72 return error; 73 } 74 75 76 FT_LOCAL_DEF( void ) cff_parser_done(CFF_Parser parser)77 cff_parser_done( CFF_Parser parser ) 78 { 79 FT_Memory memory = parser->library->memory; /* for FT_FREE */ 80 81 82 FT_FREE( parser->stack ); 83 84 #ifdef CFF_CONFIG_OPTION_OLD_ENGINE 85 FT_List_Finalize( &parser->t2_strings, NULL, memory, NULL ); 86 #endif 87 } 88 89 90 /* The parser limit checks in the next two functions are supposed */ 91 /* to detect the immediate crossing of the stream boundary. They */ 92 /* shall not be triggered from the distant t2_strings buffers. */ 93 94 /* read an integer */ 95 static FT_Long cff_parse_integer(FT_Byte * start,FT_Byte * limit)96 cff_parse_integer( FT_Byte* start, 97 FT_Byte* limit ) 98 { 99 FT_Byte* p = start; 100 FT_Int v = *p++; 101 FT_Long val = 0; 102 103 104 if ( v == 28 ) 105 { 106 if ( p + 2 > limit && limit >= p ) 107 goto Bad; 108 109 val = (FT_Short)( ( (FT_UShort)p[0] << 8 ) | p[1] ); 110 } 111 else if ( v == 29 ) 112 { 113 if ( p + 4 > limit && limit >= p ) 114 goto Bad; 115 116 val = (FT_Long)( ( (FT_ULong)p[0] << 24 ) | 117 ( (FT_ULong)p[1] << 16 ) | 118 ( (FT_ULong)p[2] << 8 ) | 119 (FT_ULong)p[3] ); 120 } 121 else if ( v < 247 ) 122 { 123 val = v - 139; 124 } 125 else if ( v < 251 ) 126 { 127 if ( p + 1 > limit && limit >= p ) 128 goto Bad; 129 130 val = ( v - 247 ) * 256 + p[0] + 108; 131 } 132 else 133 { 134 if ( p + 1 > limit && limit >= p ) 135 goto Bad; 136 137 val = -( v - 251 ) * 256 - p[0] - 108; 138 } 139 140 Exit: 141 return val; 142 143 Bad: 144 val = 0; 145 FT_TRACE4(( "!!!END OF DATA:!!!" )); 146 goto Exit; 147 } 148 149 150 static const FT_Long power_tens[] = 151 { 152 1L, 153 10L, 154 100L, 155 1000L, 156 10000L, 157 100000L, 158 1000000L, 159 10000000L, 160 100000000L, 161 1000000000L 162 }; 163 164 /* maximum values allowed for multiplying */ 165 /* with the corresponding `power_tens' element */ 166 static const FT_Long power_ten_limits[] = 167 { 168 FT_LONG_MAX / 1L, 169 FT_LONG_MAX / 10L, 170 FT_LONG_MAX / 100L, 171 FT_LONG_MAX / 1000L, 172 FT_LONG_MAX / 10000L, 173 FT_LONG_MAX / 100000L, 174 FT_LONG_MAX / 1000000L, 175 FT_LONG_MAX / 10000000L, 176 FT_LONG_MAX / 100000000L, 177 FT_LONG_MAX / 1000000000L, 178 }; 179 180 181 /* read a real */ 182 static FT_Fixed cff_parse_real(FT_Byte * start,FT_Byte * limit,FT_Long power_ten,FT_Long * scaling)183 cff_parse_real( FT_Byte* start, 184 FT_Byte* limit, 185 FT_Long power_ten, 186 FT_Long* scaling ) 187 { 188 FT_Byte* p = start; 189 FT_Int nib; 190 FT_UInt phase; 191 192 FT_Long result, number, exponent; 193 FT_Int sign = 0, exponent_sign = 0, have_overflow = 0; 194 FT_Long exponent_add, integer_length, fraction_length; 195 196 197 if ( scaling ) 198 *scaling = 0; 199 200 result = 0; 201 202 number = 0; 203 exponent = 0; 204 205 exponent_add = 0; 206 integer_length = 0; 207 fraction_length = 0; 208 209 /* First of all, read the integer part. */ 210 phase = 4; 211 212 for (;;) 213 { 214 /* If we entered this iteration with phase == 4, we need to */ 215 /* read a new byte. This also skips past the initial 0x1E. */ 216 if ( phase ) 217 { 218 p++; 219 220 /* Make sure we don't read past the end. */ 221 if ( p + 1 > limit && limit >= p ) 222 goto Bad; 223 } 224 225 /* Get the nibble. */ 226 nib = (FT_Int)( p[0] >> phase ) & 0xF; 227 phase = 4 - phase; 228 229 if ( nib == 0xE ) 230 sign = 1; 231 else if ( nib > 9 ) 232 break; 233 else 234 { 235 /* Increase exponent if we can't add the digit. */ 236 if ( number >= 0xCCCCCCCL ) 237 exponent_add++; 238 /* Skip leading zeros. */ 239 else if ( nib || number ) 240 { 241 integer_length++; 242 number = number * 10 + nib; 243 } 244 } 245 } 246 247 /* Read fraction part, if any. */ 248 if ( nib == 0xA ) 249 for (;;) 250 { 251 /* If we entered this iteration with phase == 4, we need */ 252 /* to read a new byte. */ 253 if ( phase ) 254 { 255 p++; 256 257 /* Make sure we don't read past the end. */ 258 if ( p + 1 > limit && limit >= p ) 259 goto Bad; 260 } 261 262 /* Get the nibble. */ 263 nib = ( p[0] >> phase ) & 0xF; 264 phase = 4 - phase; 265 if ( nib >= 10 ) 266 break; 267 268 /* Skip leading zeros if possible. */ 269 if ( !nib && !number ) 270 exponent_add--; 271 /* Only add digit if we don't overflow. */ 272 else if ( number < 0xCCCCCCCL && fraction_length < 9 ) 273 { 274 fraction_length++; 275 number = number * 10 + nib; 276 } 277 } 278 279 /* Read exponent, if any. */ 280 if ( nib == 12 ) 281 { 282 exponent_sign = 1; 283 nib = 11; 284 } 285 286 if ( nib == 11 ) 287 { 288 for (;;) 289 { 290 /* If we entered this iteration with phase == 4, */ 291 /* we need to read a new byte. */ 292 if ( phase ) 293 { 294 p++; 295 296 /* Make sure we don't read past the end. */ 297 if ( p + 1 > limit && limit >= p ) 298 goto Bad; 299 } 300 301 /* Get the nibble. */ 302 nib = ( p[0] >> phase ) & 0xF; 303 phase = 4 - phase; 304 if ( nib >= 10 ) 305 break; 306 307 /* Arbitrarily limit exponent. */ 308 if ( exponent > 1000 ) 309 have_overflow = 1; 310 else 311 exponent = exponent * 10 + nib; 312 } 313 314 if ( exponent_sign ) 315 exponent = -exponent; 316 } 317 318 if ( !number ) 319 goto Exit; 320 321 if ( have_overflow ) 322 { 323 if ( exponent_sign ) 324 goto Underflow; 325 else 326 goto Overflow; 327 } 328 329 /* We don't check `power_ten' and `exponent_add'. */ 330 exponent += power_ten + exponent_add; 331 332 if ( scaling ) 333 { 334 /* Only use `fraction_length'. */ 335 fraction_length += integer_length; 336 exponent += integer_length; 337 338 if ( fraction_length <= 5 ) 339 { 340 if ( number > 0x7FFFL ) 341 { 342 result = FT_DivFix( number, 10 ); 343 *scaling = exponent - fraction_length + 1; 344 } 345 else 346 { 347 if ( exponent > 0 ) 348 { 349 FT_Long new_fraction_length, shift; 350 351 352 /* Make `scaling' as small as possible. */ 353 new_fraction_length = FT_MIN( exponent, 5 ); 354 shift = new_fraction_length - fraction_length; 355 356 if ( shift > 0 ) 357 { 358 exponent -= new_fraction_length; 359 number *= power_tens[shift]; 360 if ( number > 0x7FFFL ) 361 { 362 number /= 10; 363 exponent += 1; 364 } 365 } 366 else 367 exponent -= fraction_length; 368 } 369 else 370 exponent -= fraction_length; 371 372 result = (FT_Long)( (FT_ULong)number << 16 ); 373 *scaling = exponent; 374 } 375 } 376 else 377 { 378 if ( ( number / power_tens[fraction_length - 5] ) > 0x7FFFL ) 379 { 380 result = FT_DivFix( number, power_tens[fraction_length - 4] ); 381 *scaling = exponent - 4; 382 } 383 else 384 { 385 result = FT_DivFix( number, power_tens[fraction_length - 5] ); 386 *scaling = exponent - 5; 387 } 388 } 389 } 390 else 391 { 392 integer_length += exponent; 393 fraction_length -= exponent; 394 395 if ( integer_length > 5 ) 396 goto Overflow; 397 if ( integer_length < -5 ) 398 goto Underflow; 399 400 /* Remove non-significant digits. */ 401 if ( integer_length < 0 ) 402 { 403 number /= power_tens[-integer_length]; 404 fraction_length += integer_length; 405 } 406 407 /* this can only happen if exponent was non-zero */ 408 if ( fraction_length == 10 ) 409 { 410 number /= 10; 411 fraction_length -= 1; 412 } 413 414 /* Convert into 16.16 format. */ 415 if ( fraction_length > 0 ) 416 { 417 if ( ( number / power_tens[fraction_length] ) > 0x7FFFL ) 418 goto Exit; 419 420 result = FT_DivFix( number, power_tens[fraction_length] ); 421 } 422 else 423 { 424 number *= power_tens[-fraction_length]; 425 426 if ( number > 0x7FFFL ) 427 goto Overflow; 428 429 result = (FT_Long)( (FT_ULong)number << 16 ); 430 } 431 } 432 433 Exit: 434 if ( sign ) 435 result = -result; 436 437 return result; 438 439 Overflow: 440 result = 0x7FFFFFFFL; 441 FT_TRACE4(( "!!!OVERFLOW:!!!" )); 442 goto Exit; 443 444 Underflow: 445 result = 0; 446 FT_TRACE4(( "!!!UNDERFLOW:!!!" )); 447 goto Exit; 448 449 Bad: 450 result = 0; 451 FT_TRACE4(( "!!!END OF DATA:!!!" )); 452 goto Exit; 453 } 454 455 456 /* read a number, either integer or real */ 457 FT_LOCAL_DEF( FT_Long ) cff_parse_num(CFF_Parser parser,FT_Byte ** d)458 cff_parse_num( CFF_Parser parser, 459 FT_Byte** d ) 460 { 461 if ( **d == 30 ) 462 { 463 /* binary-coded decimal is truncated to integer */ 464 return cff_parse_real( *d, parser->limit, 0, NULL ) >> 16; 465 } 466 467 else if ( **d == 255 ) 468 { 469 /* 16.16 fixed-point is used internally for CFF2 blend results. */ 470 /* Since these are trusted values, a limit check is not needed. */ 471 472 /* After the 255, 4 bytes give the number. */ 473 /* The blend value is converted to integer, with rounding; */ 474 /* due to the right-shift we don't need the lowest byte. */ 475 #if 0 476 return (FT_Short)( 477 ( ( ( (FT_UInt32)*( d[0] + 1 ) << 24 ) | 478 ( (FT_UInt32)*( d[0] + 2 ) << 16 ) | 479 ( (FT_UInt32)*( d[0] + 3 ) << 8 ) | 480 (FT_UInt32)*( d[0] + 4 ) ) + 0x8000U ) >> 16 ); 481 #else 482 return (FT_Short)( 483 ( ( ( (FT_UInt32)*( d[0] + 1 ) << 16 ) | 484 ( (FT_UInt32)*( d[0] + 2 ) << 8 ) | 485 (FT_UInt32)*( d[0] + 3 ) ) + 0x80U ) >> 8 ); 486 #endif 487 } 488 489 else 490 return cff_parse_integer( *d, parser->limit ); 491 } 492 493 494 /* read a floating point number, either integer or real */ 495 static FT_Fixed do_fixed(CFF_Parser parser,FT_Byte ** d,FT_Long scaling)496 do_fixed( CFF_Parser parser, 497 FT_Byte** d, 498 FT_Long scaling ) 499 { 500 if ( **d == 30 ) 501 return cff_parse_real( *d, parser->limit, scaling, NULL ); 502 else if ( **d == 255 ) 503 { 504 FT_Fixed val = ( ( ( (FT_UInt32)*( d[0] + 1 ) << 24 ) | 505 ( (FT_UInt32)*( d[0] + 2 ) << 16 ) | 506 ( (FT_UInt32)*( d[0] + 3 ) << 8 ) | 507 (FT_UInt32)*( d[0] + 4 ) ) ); 508 509 if ( scaling ) 510 { 511 if ( FT_ABS( val ) > power_ten_limits[scaling] ) 512 { 513 FT_TRACE4(( "!!!OVERFLOW:!!!" )); 514 return val > 0 ? 0x7FFFFFFFL : -0x7FFFFFFFL; 515 } 516 val *= power_tens[scaling]; 517 } 518 return val; 519 } 520 else 521 { 522 FT_Long val = cff_parse_integer( *d, parser->limit ); 523 524 525 if ( scaling ) 526 { 527 if ( ( FT_ABS( val ) << 16 ) > power_ten_limits[scaling] ) 528 { 529 val = val > 0 ? 0x7FFFFFFFL : -0x7FFFFFFFL; 530 goto Overflow; 531 } 532 533 val *= power_tens[scaling]; 534 } 535 536 if ( val > 0x7FFF ) 537 { 538 val = 0x7FFFFFFFL; 539 goto Overflow; 540 } 541 else if ( val < -0x7FFF ) 542 { 543 val = -0x7FFFFFFFL; 544 goto Overflow; 545 } 546 547 return (FT_Long)( (FT_ULong)val << 16 ); 548 549 Overflow: 550 FT_TRACE4(( "!!!OVERFLOW:!!!" )); 551 return val; 552 } 553 } 554 555 556 /* read a floating point number, either integer or real */ 557 FT_LOCAL_DEF( FT_Fixed ) cff_parse_fixed(CFF_Parser parser,FT_Byte ** d)558 cff_parse_fixed( CFF_Parser parser, 559 FT_Byte** d ) 560 { 561 return do_fixed( parser, d, 0 ); 562 } 563 564 565 /* read a floating point number, either integer or real, */ 566 /* but return `10^scaling' times the number read in */ 567 static FT_Fixed cff_parse_fixed_scaled(CFF_Parser parser,FT_Byte ** d,FT_Long scaling)568 cff_parse_fixed_scaled( CFF_Parser parser, 569 FT_Byte** d, 570 FT_Long scaling ) 571 { 572 return do_fixed( parser, d, scaling ); 573 } 574 575 576 /* read a floating point number, either integer or real, */ 577 /* and return it as precise as possible -- `scaling' returns */ 578 /* the scaling factor (as a power of 10) */ 579 static FT_Fixed cff_parse_fixed_dynamic(CFF_Parser parser,FT_Byte ** d,FT_Long * scaling)580 cff_parse_fixed_dynamic( CFF_Parser parser, 581 FT_Byte** d, 582 FT_Long* scaling ) 583 { 584 FT_ASSERT( scaling ); 585 586 if ( **d == 30 ) 587 return cff_parse_real( *d, parser->limit, 0, scaling ); 588 else 589 { 590 FT_Long number; 591 FT_Int integer_length; 592 593 594 number = cff_parse_integer( *d, parser->limit ); 595 596 if ( number > 0x7FFFL ) 597 { 598 for ( integer_length = 5; integer_length < 10; integer_length++ ) 599 if ( number < power_tens[integer_length] ) 600 break; 601 602 if ( ( number / power_tens[integer_length - 5] ) > 0x7FFFL ) 603 { 604 *scaling = integer_length - 4; 605 return FT_DivFix( number, power_tens[integer_length - 4] ); 606 } 607 else 608 { 609 *scaling = integer_length - 5; 610 return FT_DivFix( number, power_tens[integer_length - 5] ); 611 } 612 } 613 else 614 { 615 *scaling = 0; 616 return (FT_Long)( (FT_ULong)number << 16 ); 617 } 618 } 619 } 620 621 622 static FT_Error cff_parse_font_matrix(CFF_Parser parser)623 cff_parse_font_matrix( CFF_Parser parser ) 624 { 625 CFF_FontRecDict dict = (CFF_FontRecDict)parser->object; 626 FT_Matrix* matrix = &dict->font_matrix; 627 FT_Vector* offset = &dict->font_offset; 628 FT_ULong* upm = &dict->units_per_em; 629 FT_Byte** data = parser->stack; 630 631 632 if ( parser->top >= parser->stack + 6 ) 633 { 634 FT_Fixed values[6]; 635 FT_Long scalings[6]; 636 637 FT_Long min_scaling, max_scaling; 638 int i; 639 640 641 dict->has_font_matrix = TRUE; 642 643 /* We expect a well-formed font matrix, that is, the matrix elements */ 644 /* `xx' and `yy' are of approximately the same magnitude. To avoid */ 645 /* loss of precision, we use the magnitude of the largest matrix */ 646 /* element to scale all other elements. The scaling factor is then */ 647 /* contained in the `units_per_em' value. */ 648 649 max_scaling = FT_LONG_MIN; 650 min_scaling = FT_LONG_MAX; 651 652 for ( i = 0; i < 6; i++ ) 653 { 654 values[i] = cff_parse_fixed_dynamic( parser, data++, &scalings[i] ); 655 if ( values[i] ) 656 { 657 if ( scalings[i] > max_scaling ) 658 max_scaling = scalings[i]; 659 if ( scalings[i] < min_scaling ) 660 min_scaling = scalings[i]; 661 } 662 } 663 664 if ( max_scaling < -9 || 665 max_scaling > 0 || 666 ( max_scaling - min_scaling ) < 0 || 667 ( max_scaling - min_scaling ) > 9 ) 668 { 669 FT_TRACE1(( "cff_parse_font_matrix:" 670 " strange scaling values (minimum %ld, maximum %ld),\n", 671 min_scaling, max_scaling )); 672 FT_TRACE1(( " " 673 " using default matrix\n" )); 674 goto Unlikely; 675 } 676 677 for ( i = 0; i < 6; i++ ) 678 { 679 FT_Fixed value = values[i]; 680 FT_Long divisor, half_divisor; 681 682 683 if ( !value ) 684 continue; 685 686 divisor = power_tens[max_scaling - scalings[i]]; 687 half_divisor = divisor >> 1; 688 689 if ( value < 0 ) 690 { 691 if ( FT_LONG_MIN + half_divisor < value ) 692 values[i] = ( value - half_divisor ) / divisor; 693 else 694 values[i] = FT_LONG_MIN / divisor; 695 } 696 else 697 { 698 if ( FT_LONG_MAX - half_divisor > value ) 699 values[i] = ( value + half_divisor ) / divisor; 700 else 701 values[i] = FT_LONG_MAX / divisor; 702 } 703 } 704 705 matrix->xx = values[0]; 706 matrix->yx = values[1]; 707 matrix->xy = values[2]; 708 matrix->yy = values[3]; 709 offset->x = values[4]; 710 offset->y = values[5]; 711 712 *upm = (FT_ULong)power_tens[-max_scaling]; 713 714 FT_TRACE4(( " [%f %f %f %f %f %f]\n", 715 (double)matrix->xx / (double)*upm / 65536, 716 (double)matrix->xy / (double)*upm / 65536, 717 (double)matrix->yx / (double)*upm / 65536, 718 (double)matrix->yy / (double)*upm / 65536, 719 (double)offset->x / (double)*upm / 65536, 720 (double)offset->y / (double)*upm / 65536 )); 721 722 if ( !FT_Matrix_Check( matrix ) ) 723 { 724 FT_TRACE1(( "cff_parse_font_matrix:" 725 " degenerate values, using default matrix\n" )); 726 goto Unlikely; 727 } 728 729 return FT_Err_Ok; 730 } 731 else 732 return FT_THROW( Stack_Underflow ); 733 734 Unlikely: 735 /* Return default matrix in case of unlikely values. */ 736 737 matrix->xx = 0x10000L; 738 matrix->yx = 0; 739 matrix->xy = 0; 740 matrix->yy = 0x10000L; 741 offset->x = 0; 742 offset->y = 0; 743 *upm = 1; 744 745 return FT_Err_Ok; 746 } 747 748 749 static FT_Error cff_parse_font_bbox(CFF_Parser parser)750 cff_parse_font_bbox( CFF_Parser parser ) 751 { 752 CFF_FontRecDict dict = (CFF_FontRecDict)parser->object; 753 FT_BBox* bbox = &dict->font_bbox; 754 FT_Byte** data = parser->stack; 755 FT_Error error; 756 757 758 error = FT_ERR( Stack_Underflow ); 759 760 if ( parser->top >= parser->stack + 4 ) 761 { 762 bbox->xMin = FT_RoundFix( cff_parse_fixed( parser, data++ ) ); 763 bbox->yMin = FT_RoundFix( cff_parse_fixed( parser, data++ ) ); 764 bbox->xMax = FT_RoundFix( cff_parse_fixed( parser, data++ ) ); 765 bbox->yMax = FT_RoundFix( cff_parse_fixed( parser, data ) ); 766 error = FT_Err_Ok; 767 768 FT_TRACE4(( " [%ld %ld %ld %ld]\n", 769 bbox->xMin / 65536, 770 bbox->yMin / 65536, 771 bbox->xMax / 65536, 772 bbox->yMax / 65536 )); 773 } 774 775 return error; 776 } 777 778 779 static FT_Error cff_parse_private_dict(CFF_Parser parser)780 cff_parse_private_dict( CFF_Parser parser ) 781 { 782 CFF_FontRecDict dict = (CFF_FontRecDict)parser->object; 783 FT_Byte** data = parser->stack; 784 FT_Error error; 785 786 787 error = FT_ERR( Stack_Underflow ); 788 789 if ( parser->top >= parser->stack + 2 ) 790 { 791 FT_Long tmp; 792 793 794 tmp = cff_parse_num( parser, data++ ); 795 if ( tmp < 0 ) 796 { 797 FT_ERROR(( "cff_parse_private_dict: Invalid dictionary size\n" )); 798 error = FT_THROW( Invalid_File_Format ); 799 goto Fail; 800 } 801 dict->private_size = (FT_ULong)tmp; 802 803 tmp = cff_parse_num( parser, data ); 804 if ( tmp < 0 ) 805 { 806 FT_ERROR(( "cff_parse_private_dict: Invalid dictionary offset\n" )); 807 error = FT_THROW( Invalid_File_Format ); 808 goto Fail; 809 } 810 dict->private_offset = (FT_ULong)tmp; 811 812 FT_TRACE4(( " %lu %lu\n", 813 dict->private_size, dict->private_offset )); 814 815 error = FT_Err_Ok; 816 } 817 818 Fail: 819 return error; 820 } 821 822 823 /* The `MultipleMaster' operator comes before any */ 824 /* top DICT operators that contain T2 charstrings. */ 825 826 static FT_Error cff_parse_multiple_master(CFF_Parser parser)827 cff_parse_multiple_master( CFF_Parser parser ) 828 { 829 CFF_FontRecDict dict = (CFF_FontRecDict)parser->object; 830 FT_Error error; 831 832 833 #ifdef FT_DEBUG_LEVEL_TRACE 834 /* beautify tracing message */ 835 if ( ft_trace_levels[FT_TRACE_COMP( FT_COMPONENT )] < 4 ) 836 FT_TRACE1(( "Multiple Master CFFs not supported yet," 837 " handling first master design only\n" )); 838 else 839 FT_TRACE1(( " (not supported yet," 840 " handling first master design only)\n" )); 841 #endif 842 843 error = FT_ERR( Stack_Underflow ); 844 845 /* currently, we handle only the first argument */ 846 if ( parser->top >= parser->stack + 5 ) 847 { 848 FT_Long num_designs = cff_parse_num( parser, parser->stack ); 849 850 851 if ( num_designs > 16 || num_designs < 2 ) 852 { 853 FT_ERROR(( "cff_parse_multiple_master:" 854 " Invalid number of designs\n" )); 855 error = FT_THROW( Invalid_File_Format ); 856 } 857 else 858 { 859 dict->num_designs = (FT_UShort)num_designs; 860 dict->num_axes = (FT_UShort)( parser->top - parser->stack - 4 ); 861 862 parser->num_designs = dict->num_designs; 863 parser->num_axes = dict->num_axes; 864 865 error = FT_Err_Ok; 866 } 867 } 868 869 return error; 870 } 871 872 873 static FT_Error cff_parse_cid_ros(CFF_Parser parser)874 cff_parse_cid_ros( CFF_Parser parser ) 875 { 876 CFF_FontRecDict dict = (CFF_FontRecDict)parser->object; 877 FT_Byte** data = parser->stack; 878 FT_Error error; 879 880 881 error = FT_ERR( Stack_Underflow ); 882 883 if ( parser->top >= parser->stack + 3 ) 884 { 885 dict->cid_registry = (FT_UInt)cff_parse_num( parser, data++ ); 886 dict->cid_ordering = (FT_UInt)cff_parse_num( parser, data++ ); 887 if ( **data == 30 ) 888 FT_TRACE1(( "cff_parse_cid_ros: real supplement is rounded\n" )); 889 dict->cid_supplement = cff_parse_num( parser, data ); 890 if ( dict->cid_supplement < 0 ) 891 FT_TRACE1(( "cff_parse_cid_ros: negative supplement %ld is found\n", 892 dict->cid_supplement )); 893 error = FT_Err_Ok; 894 895 FT_TRACE4(( " %d %d %ld\n", 896 dict->cid_registry, 897 dict->cid_ordering, 898 dict->cid_supplement )); 899 } 900 901 return error; 902 } 903 904 905 static FT_Error cff_parse_vsindex(CFF_Parser parser)906 cff_parse_vsindex( CFF_Parser parser ) 907 { 908 /* vsindex operator can only be used in a Private DICT */ 909 CFF_Private priv = (CFF_Private)parser->object; 910 FT_Byte** data = parser->stack; 911 CFF_Blend blend; 912 FT_Error error; 913 914 915 if ( !priv || !priv->subfont ) 916 { 917 error = FT_THROW( Invalid_File_Format ); 918 goto Exit; 919 } 920 921 blend = &priv->subfont->blend; 922 923 if ( blend->usedBV ) 924 { 925 FT_ERROR(( " cff_parse_vsindex: vsindex not allowed after blend\n" )); 926 error = FT_THROW( Syntax_Error ); 927 goto Exit; 928 } 929 930 priv->vsindex = (FT_UInt)cff_parse_num( parser, data++ ); 931 932 FT_TRACE4(( " %d\n", priv->vsindex )); 933 934 error = FT_Err_Ok; 935 936 Exit: 937 return error; 938 } 939 940 941 static FT_Error cff_parse_blend(CFF_Parser parser)942 cff_parse_blend( CFF_Parser parser ) 943 { 944 /* blend operator can only be used in a Private DICT */ 945 CFF_Private priv = (CFF_Private)parser->object; 946 CFF_SubFont subFont; 947 CFF_Blend blend; 948 FT_UInt numBlends; 949 FT_Error error; 950 951 952 if ( !priv || !priv->subfont ) 953 { 954 error = FT_THROW( Invalid_File_Format ); 955 goto Exit; 956 } 957 958 subFont = priv->subfont; 959 blend = &subFont->blend; 960 961 if ( cff_blend_check_vector( blend, 962 priv->vsindex, 963 subFont->lenNDV, 964 subFont->NDV ) ) 965 { 966 error = cff_blend_build_vector( blend, 967 priv->vsindex, 968 subFont->lenNDV, 969 subFont->NDV ); 970 if ( error ) 971 goto Exit; 972 } 973 974 numBlends = (FT_UInt)cff_parse_num( parser, parser->top - 1 ); 975 if ( numBlends > parser->stackSize ) 976 { 977 FT_ERROR(( "cff_parse_blend: Invalid number of blends\n" )); 978 error = FT_THROW( Invalid_File_Format ); 979 goto Exit; 980 } 981 982 FT_TRACE4(( " %d value%s blended\n", 983 numBlends, 984 numBlends == 1 ? "" : "s" )); 985 986 error = cff_blend_doBlend( subFont, parser, numBlends ); 987 988 blend->usedBV = TRUE; 989 990 Exit: 991 return error; 992 } 993 994 995 /* maxstack operator increases parser and operand stacks for CFF2 */ 996 static FT_Error cff_parse_maxstack(CFF_Parser parser)997 cff_parse_maxstack( CFF_Parser parser ) 998 { 999 /* maxstack operator can only be used in a Top DICT */ 1000 CFF_FontRecDict dict = (CFF_FontRecDict)parser->object; 1001 FT_Byte** data = parser->stack; 1002 FT_Error error = FT_Err_Ok; 1003 1004 1005 if ( !dict ) 1006 { 1007 error = FT_THROW( Invalid_File_Format ); 1008 goto Exit; 1009 } 1010 1011 dict->maxstack = (FT_UInt)cff_parse_num( parser, data++ ); 1012 if ( dict->maxstack > CFF2_MAX_STACK ) 1013 dict->maxstack = CFF2_MAX_STACK; 1014 if ( dict->maxstack < CFF2_DEFAULT_STACK ) 1015 dict->maxstack = CFF2_DEFAULT_STACK; 1016 1017 FT_TRACE4(( " %d\n", dict->maxstack )); 1018 1019 Exit: 1020 return error; 1021 } 1022 1023 1024 #define CFF_FIELD_NUM( code, name, id ) \ 1025 CFF_FIELD( code, name, id, cff_kind_num ) 1026 #define CFF_FIELD_FIXED( code, name, id ) \ 1027 CFF_FIELD( code, name, id, cff_kind_fixed ) 1028 #define CFF_FIELD_FIXED_1000( code, name, id ) \ 1029 CFF_FIELD( code, name, id, cff_kind_fixed_thousand ) 1030 #define CFF_FIELD_STRING( code, name, id ) \ 1031 CFF_FIELD( code, name, id, cff_kind_string ) 1032 #define CFF_FIELD_BOOL( code, name, id ) \ 1033 CFF_FIELD( code, name, id, cff_kind_bool ) 1034 1035 1036 #undef CFF_FIELD 1037 #undef CFF_FIELD_DELTA 1038 1039 1040 #ifndef FT_DEBUG_LEVEL_TRACE 1041 1042 1043 #define CFF_FIELD_CALLBACK( code, name, id ) \ 1044 { \ 1045 cff_kind_callback, \ 1046 code | CFFCODE, \ 1047 0, 0, \ 1048 cff_parse_ ## name, \ 1049 0, 0 \ 1050 }, 1051 1052 #define CFF_FIELD_BLEND( code, id ) \ 1053 { \ 1054 cff_kind_blend, \ 1055 code | CFFCODE, \ 1056 0, 0, \ 1057 cff_parse_blend, \ 1058 0, 0 \ 1059 }, 1060 1061 #define CFF_FIELD( code, name, id, kind ) \ 1062 { \ 1063 kind, \ 1064 code | CFFCODE, \ 1065 FT_FIELD_OFFSET( name ), \ 1066 FT_FIELD_SIZE( name ), \ 1067 0, 0, 0 \ 1068 }, 1069 1070 #define CFF_FIELD_DELTA( code, name, max, id ) \ 1071 { \ 1072 cff_kind_delta, \ 1073 code | CFFCODE, \ 1074 FT_FIELD_OFFSET( name ), \ 1075 FT_FIELD_SIZE_DELTA( name ), \ 1076 0, \ 1077 max, \ 1078 FT_FIELD_OFFSET( num_ ## name ) \ 1079 }, 1080 1081 static const CFF_Field_Handler cff_field_handlers[] = 1082 { 1083 1084 #include "cfftoken.h" 1085 1086 { 0, 0, 0, 0, 0, 0, 0 } 1087 }; 1088 1089 1090 #else /* FT_DEBUG_LEVEL_TRACE */ 1091 1092 1093 1094 #define CFF_FIELD_CALLBACK( code, name, id ) \ 1095 { \ 1096 cff_kind_callback, \ 1097 code | CFFCODE, \ 1098 0, 0, \ 1099 cff_parse_ ## name, \ 1100 0, 0, \ 1101 id \ 1102 }, 1103 1104 #define CFF_FIELD_BLEND( code, id ) \ 1105 { \ 1106 cff_kind_blend, \ 1107 code | CFFCODE, \ 1108 0, 0, \ 1109 cff_parse_blend, \ 1110 0, 0, \ 1111 id \ 1112 }, 1113 1114 #define CFF_FIELD( code, name, id, kind ) \ 1115 { \ 1116 kind, \ 1117 code | CFFCODE, \ 1118 FT_FIELD_OFFSET( name ), \ 1119 FT_FIELD_SIZE( name ), \ 1120 0, 0, 0, \ 1121 id \ 1122 }, 1123 1124 #define CFF_FIELD_DELTA( code, name, max, id ) \ 1125 { \ 1126 cff_kind_delta, \ 1127 code | CFFCODE, \ 1128 FT_FIELD_OFFSET( name ), \ 1129 FT_FIELD_SIZE_DELTA( name ), \ 1130 0, \ 1131 max, \ 1132 FT_FIELD_OFFSET( num_ ## name ), \ 1133 id \ 1134 }, 1135 1136 static const CFF_Field_Handler cff_field_handlers[] = 1137 { 1138 1139 #include "cfftoken.h" 1140 1141 { 0, 0, 0, 0, 0, 0, 0, 0 } 1142 }; 1143 1144 1145 #endif /* FT_DEBUG_LEVEL_TRACE */ 1146 1147 1148 FT_LOCAL_DEF( FT_Error ) cff_parser_run(CFF_Parser parser,FT_Byte * start,FT_Byte * limit)1149 cff_parser_run( CFF_Parser parser, 1150 FT_Byte* start, 1151 FT_Byte* limit ) 1152 { 1153 FT_Byte* p = start; 1154 FT_Error error = FT_Err_Ok; 1155 1156 #ifdef CFF_CONFIG_OPTION_OLD_ENGINE 1157 PSAux_Service psaux; 1158 1159 FT_Library library = parser->library; 1160 FT_Memory memory = library->memory; 1161 #endif 1162 1163 parser->top = parser->stack; 1164 parser->start = start; 1165 parser->limit = limit; 1166 parser->cursor = start; 1167 1168 while ( p < limit ) 1169 { 1170 FT_UInt v = *p; 1171 1172 1173 /* Opcode 31 is legacy MM T2 operator, not a number. */ 1174 /* Opcode 255 is reserved and should not appear in fonts; */ 1175 /* it is used internally for CFF2 blends. */ 1176 if ( v >= 27 && v != 31 && v != 255 ) 1177 { 1178 /* it's a number; we will push its position on the stack */ 1179 if ( (FT_UInt)( parser->top - parser->stack ) >= parser->stackSize ) 1180 goto Stack_Overflow; 1181 1182 *parser->top++ = p; 1183 1184 /* now, skip it */ 1185 if ( v == 30 ) 1186 { 1187 /* skip real number */ 1188 p++; 1189 for (;;) 1190 { 1191 /* An unterminated floating point number at the */ 1192 /* end of a dictionary is invalid but harmless. */ 1193 if ( p >= limit ) 1194 goto Exit; 1195 v = p[0] >> 4; 1196 if ( v == 15 ) 1197 break; 1198 v = p[0] & 0xF; 1199 if ( v == 15 ) 1200 break; 1201 p++; 1202 } 1203 } 1204 else if ( v == 28 ) 1205 p += 2; 1206 else if ( v == 29 ) 1207 p += 4; 1208 else if ( v > 246 ) 1209 p += 1; 1210 } 1211 #ifdef CFF_CONFIG_OPTION_OLD_ENGINE 1212 else if ( v == 31 ) 1213 { 1214 /* a Type 2 charstring */ 1215 1216 CFF_Decoder decoder; 1217 CFF_FontRec cff_rec; 1218 FT_Byte* charstring_base; 1219 FT_ULong charstring_len; 1220 1221 FT_Fixed* stack; 1222 FT_Byte* q = NULL; 1223 1224 1225 charstring_base = ++p; 1226 1227 /* search `endchar' operator */ 1228 for (;;) 1229 { 1230 if ( p >= limit ) 1231 goto Exit; 1232 if ( *p == 14 ) 1233 break; 1234 p++; 1235 } 1236 1237 charstring_len = (FT_ULong)( p - charstring_base ) + 1; 1238 1239 /* construct CFF_Decoder object */ 1240 FT_ZERO( &decoder ); 1241 FT_ZERO( &cff_rec ); 1242 1243 cff_rec.top_font.font_dict.num_designs = parser->num_designs; 1244 cff_rec.top_font.font_dict.num_axes = parser->num_axes; 1245 decoder.cff = &cff_rec; 1246 1247 psaux = (PSAux_Service)FT_Get_Module_Interface( library, "psaux" ); 1248 if ( !psaux ) 1249 { 1250 FT_ERROR(( "cff_parser_run: cannot access `psaux' module\n" )); 1251 error = FT_THROW( Missing_Module ); 1252 goto Exit; 1253 } 1254 1255 error = psaux->cff_decoder_funcs->parse_charstrings_old( 1256 &decoder, charstring_base, charstring_len, 1 ); 1257 if ( error ) 1258 goto Exit; 1259 1260 /* Now copy the stack data in the temporary decoder object, */ 1261 /* converting it back to charstring number representations */ 1262 /* (this is ugly, I know). */ 1263 /* The maximum required size is 5 bytes per stack element. */ 1264 if ( FT_QALLOC( q, (FT_Long)( 2 * sizeof ( FT_ListNode ) ) + 1265 5 * ( decoder.top - decoder.stack ) ) ) 1266 goto Exit; 1267 1268 FT_List_Add( &parser->t2_strings, (FT_ListNode)q ); 1269 1270 q += 2 * sizeof ( FT_ListNode ); 1271 1272 for ( stack = decoder.stack; stack < decoder.top; stack++ ) 1273 { 1274 FT_Long num = *stack; 1275 1276 1277 if ( (FT_UInt)( parser->top - parser->stack ) >= parser->stackSize ) 1278 goto Stack_Overflow; 1279 1280 *parser->top++ = q; 1281 1282 if ( num & 0xFFFFU ) 1283 { 1284 *q++ = 255; 1285 *q++ = (FT_Byte)( ( num >> 24 ) & 0xFF ); 1286 *q++ = (FT_Byte)( ( num >> 16 ) & 0xFF ); 1287 *q++ = (FT_Byte)( ( num >> 8 ) & 0xFF ); 1288 *q++ = (FT_Byte)( ( num ) & 0xFF ); 1289 } 1290 else 1291 { 1292 num >>= 16; 1293 1294 if ( -107 <= num && num <= 107 ) 1295 *q++ = (FT_Byte)( num + 139 ); 1296 else if ( 108 <= num && num <= 1131 ) 1297 { 1298 *q++ = (FT_Byte)( ( ( num - 108 ) >> 8 ) + 247 ); 1299 *q++ = (FT_Byte)( ( num - 108 ) & 0xFF ); 1300 } 1301 else if ( -1131 <= num && num <= -108 ) 1302 { 1303 *q++ = (FT_Byte)( ( ( -num - 108 ) >> 8 ) + 251 ); 1304 *q++ = (FT_Byte)( ( -num - 108) & 0xFF ); 1305 } 1306 else 1307 { 1308 *q++ = 28; 1309 *q++ = (FT_Byte)( num >> 8 ); 1310 *q++ = (FT_Byte)( num & 0xFF ); 1311 } 1312 } 1313 } 1314 } 1315 #endif /* CFF_CONFIG_OPTION_OLD_ENGINE */ 1316 else 1317 { 1318 /* This is not a number, hence it's an operator. Compute its code */ 1319 /* and look for it in our current list. */ 1320 1321 FT_UInt code; 1322 FT_UInt num_args; 1323 const CFF_Field_Handler* field; 1324 1325 1326 if ( (FT_UInt)( parser->top - parser->stack ) >= parser->stackSize ) 1327 goto Stack_Overflow; 1328 1329 num_args = (FT_UInt)( parser->top - parser->stack ); 1330 *parser->top = p; 1331 code = v; 1332 1333 if ( v == 12 ) 1334 { 1335 /* two byte operator */ 1336 p++; 1337 if ( p >= limit ) 1338 goto Syntax_Error; 1339 1340 code = 0x100 | p[0]; 1341 } 1342 code = code | parser->object_code; 1343 1344 for ( field = cff_field_handlers; field->kind; field++ ) 1345 { 1346 if ( field->code == (FT_Int)code ) 1347 { 1348 /* we found our field's handler; read it */ 1349 FT_Long val; 1350 FT_Byte* q = (FT_Byte*)parser->object + field->offset; 1351 1352 1353 #ifdef FT_DEBUG_LEVEL_TRACE 1354 FT_TRACE4(( " %s", field->id )); 1355 #endif 1356 1357 /* check that we have enough arguments -- except for */ 1358 /* delta encoded arrays, which can be empty */ 1359 if ( field->kind != cff_kind_delta && num_args < 1 ) 1360 goto Stack_Underflow; 1361 1362 switch ( field->kind ) 1363 { 1364 case cff_kind_bool: 1365 case cff_kind_string: 1366 case cff_kind_num: 1367 val = cff_parse_num( parser, parser->stack ); 1368 goto Store_Number; 1369 1370 case cff_kind_fixed: 1371 val = cff_parse_fixed( parser, parser->stack ); 1372 goto Store_Number; 1373 1374 case cff_kind_fixed_thousand: 1375 val = cff_parse_fixed_scaled( parser, parser->stack, 3 ); 1376 1377 Store_Number: 1378 switch ( field->size ) 1379 { 1380 case (8 / FT_CHAR_BIT): 1381 *(FT_Byte*)q = (FT_Byte)val; 1382 break; 1383 1384 case (16 / FT_CHAR_BIT): 1385 *(FT_Short*)q = (FT_Short)val; 1386 break; 1387 1388 case (32 / FT_CHAR_BIT): 1389 *(FT_Int32*)q = (FT_Int)val; 1390 break; 1391 1392 default: /* for 64-bit systems */ 1393 *(FT_Long*)q = val; 1394 } 1395 1396 #ifdef FT_DEBUG_LEVEL_TRACE 1397 switch ( field->kind ) 1398 { 1399 case cff_kind_bool: 1400 FT_TRACE4(( " %s\n", val ? "true" : "false" )); 1401 break; 1402 1403 case cff_kind_string: 1404 FT_TRACE4(( " %ld (SID)\n", val )); 1405 break; 1406 1407 case cff_kind_num: 1408 FT_TRACE4(( " %ld\n", val )); 1409 break; 1410 1411 case cff_kind_fixed: 1412 FT_TRACE4(( " %f\n", (double)val / 65536 )); 1413 break; 1414 1415 case cff_kind_fixed_thousand: 1416 FT_TRACE4(( " %f\n", (double)val / 65536 / 1000 )); 1417 break; 1418 1419 default: 1420 ; /* never reached */ 1421 } 1422 #endif 1423 1424 break; 1425 1426 case cff_kind_delta: 1427 { 1428 FT_Byte* qcount = (FT_Byte*)parser->object + 1429 field->count_offset; 1430 1431 FT_Byte** data = parser->stack; 1432 1433 1434 if ( num_args > field->array_max ) 1435 num_args = field->array_max; 1436 1437 FT_TRACE4(( " [" )); 1438 1439 /* store count */ 1440 *qcount = (FT_Byte)num_args; 1441 1442 val = 0; 1443 while ( num_args > 0 ) 1444 { 1445 val = ADD_LONG( val, cff_parse_num( parser, data++ ) ); 1446 switch ( field->size ) 1447 { 1448 case (8 / FT_CHAR_BIT): 1449 *(FT_Byte*)q = (FT_Byte)val; 1450 break; 1451 1452 case (16 / FT_CHAR_BIT): 1453 *(FT_Short*)q = (FT_Short)val; 1454 break; 1455 1456 case (32 / FT_CHAR_BIT): 1457 *(FT_Int32*)q = (FT_Int)val; 1458 break; 1459 1460 default: /* for 64-bit systems */ 1461 *(FT_Long*)q = val; 1462 } 1463 1464 FT_TRACE4(( " %ld", val )); 1465 1466 q += field->size; 1467 num_args--; 1468 } 1469 1470 FT_TRACE4(( "]\n" )); 1471 } 1472 break; 1473 1474 default: /* callback or blend */ 1475 error = field->reader( parser ); 1476 if ( error ) 1477 goto Exit; 1478 } 1479 goto Found; 1480 } 1481 } 1482 1483 /* this is an unknown operator, or it is unsupported; */ 1484 /* we will ignore it for now. */ 1485 1486 Found: 1487 /* clear stack */ 1488 /* TODO: could clear blend stack here, */ 1489 /* but we don't have access to subFont */ 1490 if ( field->kind != cff_kind_blend ) 1491 parser->top = parser->stack; 1492 } 1493 p++; 1494 } /* while ( p < limit ) */ 1495 1496 Exit: 1497 return error; 1498 1499 Stack_Overflow: 1500 error = FT_THROW( Invalid_Argument ); 1501 goto Exit; 1502 1503 Stack_Underflow: 1504 error = FT_THROW( Invalid_Argument ); 1505 goto Exit; 1506 1507 Syntax_Error: 1508 error = FT_THROW( Invalid_Argument ); 1509 goto Exit; 1510 } 1511 1512 1513 /* END */ 1514