harfbuzz/src/hb-open-type-private.hh

657 lines
19 KiB
C++
Raw Normal View History

2008-01-23 22:14:38 +01:00
/*
2010-04-20 21:51:53 +02:00
* Copyright (C) 2007,2008,2009,2010 Red Hat, Inc.
2008-01-23 22:14:38 +01:00
*
2010-04-22 06:11:43 +02:00
* This is part of HarfBuzz, a text shaping library.
2008-01-23 22:14:38 +01:00
*
* Permission is hereby granted, without written agreement and without
* license or royalty fees, to use, copy, modify, and distribute this
* software and its documentation for any purpose, provided that the
* above copyright notice and the following two paragraphs appear in
* all copies of this software.
*
* IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR
* DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
* ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN
* IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*
* THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
* BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
* FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
* ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO
* PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
*
* Red Hat Author(s): Behdad Esfahbod
*/
#ifndef HB_OPEN_TYPES_PRIVATE_HH
#define HB_OPEN_TYPES_PRIVATE_HH
#include "hb-private.h"
2009-08-04 06:58:28 +02:00
#include "hb-blob.h"
2008-01-23 23:01:55 +01:00
2010-04-22 05:12:54 +02:00
/* Table/script/language-system/feature/... not found */
#define NO_INDEX ((unsigned int) 0xFFFF)
/*
* Casts
*/
/* Cast to "const char *" and "char *" */
template <typename Type>
inline const char * CharP (const Type* X)
{ return reinterpret_cast<const char *>(X); }
template <typename Type>
inline char * CharP (Type* X)
{ return reinterpret_cast<char *>(X); }
2009-08-04 17:38:50 +02:00
/* Cast to struct T, reference to reference */
template<typename Type, typename TObject>
inline const Type& CastR(const TObject &X)
{ return reinterpret_cast<const Type&> (X); }
template<typename Type, typename TObject>
inline Type& CastR(TObject &X)
{ return reinterpret_cast<Type&> (X); }
/* Cast to struct T, pointer to pointer */
template<typename Type, typename TObject>
inline const Type* CastP(const TObject *X)
{ return reinterpret_cast<const Type*> (X); }
template<typename Type, typename TObject>
inline Type* CastP(TObject *X)
{ return reinterpret_cast<Type*> (X); }
/* StructAtOffset<T>(X,Ofs) returns the struct T& that is placed at memory
* location of X plus Ofs bytes. */
template<typename Type, typename TObject>
inline const Type& StructAtOffset(const TObject &X, unsigned int offset)
2010-04-23 00:33:12 +02:00
{ return * reinterpret_cast<const Type*> (CharP(&X) + offset); }
template<typename Type, typename TObject>
inline Type& StructAtOffset(TObject &X, unsigned int offset)
2010-04-23 00:33:12 +02:00
{ return * reinterpret_cast<Type*> (CharP(&X) + offset); }
2009-08-04 06:58:28 +02:00
/* StructAfter<T>(X) returns the struct T& that is placed after X.
2010-04-22 05:01:00 +02:00
* Works with X of variable size also. X must implement get_size() */
template<typename Type, typename TObject>
inline const Type& StructAfter(const TObject &X)
{ return StructAtOffset<Type>(X, X.get_size()); }
template<typename Type, typename TObject>
inline Type& StructAfter(TObject &X)
{ return StructAtOffset<Type>(X, X.get_size()); }
2008-01-23 08:01:37 +01:00
/*
2010-05-03 00:14:25 +02:00
* Null objects
2008-01-23 08:01:37 +01:00
*/
/* Global nul-content Null pool. Enlarge as necessary. */
static const void *_NullPool[32 / sizeof (void *)];
/* Generic template for nul-content sizeof-sized Null objects. */
template <typename Type>
static inline const Type& Null () {
ASSERT_STATIC (sizeof (Type) <= sizeof (_NullPool));
return *CastP<Type> (_NullPool);
}
/* Specializaiton for arbitrary-content arbitrary-sized Null objects. */
#define DEFINE_NULL_DATA(Type, size, data) \
static const char _Null##Type[size + 1] = data; /* +1 is for nul-termination in data */ \
template <> \
inline const Type& Null<Type> () { \
return *CastP<Type> (_Null##Type); \
} /* The following line really exists such that we end in a place needing semicolon */ \
ASSERT_STATIC (sizeof (Type) + 1 <= sizeof (_Null##Type))
/* Accessor macro. */
#define Null(Type) Null<Type>()
2008-01-23 08:01:37 +01:00
2009-08-05 01:31:02 +02:00
/*
* Sanitize
*/
#ifndef HB_DEBUG_SANITIZE
#define HB_DEBUG_SANITIZE HB_DEBUG+0
#endif
2010-04-29 07:40:26 +02:00
#define TRACE_SANITIZE() \
HB_STMT_START { \
if (HB_DEBUG_SANITIZE) \
_hb_trace ("SANITIZE", HB_FUNC, this, sanitize_depth, HB_DEBUG_SANITIZE); \
2010-04-29 07:40:26 +02:00
} HB_STMT_END
2009-08-05 04:35:36 +02:00
#define SANITIZE_ARG_DEF \
2010-04-29 07:40:26 +02:00
hb_sanitize_context_t *context, \
2010-04-29 19:56:44 +02:00
unsigned int sanitize_depth HB_UNUSED
#define SANITIZE_ARG \
2010-04-29 07:40:26 +02:00
context, \
(HB_DEBUG_SANITIZE ? sanitize_depth + 1 : 0)
2010-04-29 07:47:30 +02:00
struct hb_sanitize_context_t
2009-08-05 01:31:02 +02:00
{
const char *start, *end;
hb_bool_t writable;
unsigned int edit_count;
2009-08-05 01:31:02 +02:00
};
2010-05-04 04:47:22 +02:00
static inline void
2009-08-05 02:52:47 +02:00
_hb_sanitize_init (hb_sanitize_context_t *context,
hb_blob_t *blob)
2009-08-05 01:31:02 +02:00
{
context->start = hb_blob_lock (blob);
context->end = context->start + hb_blob_get_length (blob);
context->writable = hb_blob_is_writable (blob);
2009-08-05 01:31:02 +02:00
context->edit_count = 0;
2009-08-05 05:01:23 +02:00
if (HB_DEBUG_SANITIZE)
fprintf (stderr, "sanitize %p init [%p..%p] (%u bytes)\n",
blob, context->start, context->end, context->end - context->start);
2009-08-05 01:31:02 +02:00
}
2010-05-04 04:47:22 +02:00
static inline void
2010-04-29 19:56:44 +02:00
_hb_sanitize_fini (hb_sanitize_context_t *context HB_UNUSED,
hb_blob_t *blob)
2009-08-05 01:31:02 +02:00
{
if (HB_DEBUG_SANITIZE)
fprintf (stderr, "sanitize %p fini [%p..%p] %u edit requests\n",
blob, context->start, context->end, context->edit_count);
2009-08-05 05:01:23 +02:00
hb_blob_unlock (blob);
2009-08-05 01:31:02 +02:00
}
static inline bool
_hb_sanitize_check (SANITIZE_ARG_DEF,
const char *base,
unsigned int len)
{
2009-08-14 22:41:00 +02:00
bool ret = context->start <= base &&
base <= context->end &&
(unsigned int) (context->end - base) >= len;
if (HB_DEBUG_SANITIZE && (int) sanitize_depth < (int) HB_DEBUG_SANITIZE) \
2009-08-14 22:41:00 +02:00
fprintf (stderr, "SANITIZE(%p) %-*d-> check [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \
base,
sanitize_depth, sanitize_depth,
base, base+len, len,
context->start, context->end,
ret ? "pass" : "FAIL");
2009-08-14 22:41:00 +02:00
return ret;
}
static inline bool
_hb_sanitize_array (SANITIZE_ARG_DEF,
const char *base,
unsigned int record_size,
unsigned int len)
{
bool overflows = len >= ((unsigned int) -1) / record_size;
if (HB_DEBUG_SANITIZE && (int) sanitize_depth < (int) HB_DEBUG_SANITIZE)
fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n", \
base,
sanitize_depth, sanitize_depth,
base, base + (record_size * len), record_size, len, (unsigned long) record_size * len,
context->start, context->end,
!overflows ? "does not overflow" : "OVERFLOWS FAIL");
return likely (!overflows) && _hb_sanitize_check (SANITIZE_ARG, base, record_size * len);
}
static inline bool
_hb_sanitize_edit (SANITIZE_ARG_DEF,
2010-04-29 19:56:44 +02:00
const char *base HB_UNUSED,
unsigned int len HB_UNUSED)
2009-08-05 01:31:02 +02:00
{
2009-08-05 03:47:29 +02:00
context->edit_count++;
2009-08-05 05:01:23 +02:00
if (HB_DEBUG_SANITIZE && (int) sanitize_depth < (int) HB_DEBUG_SANITIZE)
fprintf (stderr, "SANITIZE(%p) %-*d-> edit(%u) [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \
base,
sanitize_depth, sanitize_depth,
context->edit_count,
base, base+len, len,
context->start, context->end,
context->writable ? "granted" : "REJECTED");
return context->writable;
2009-08-05 01:31:02 +02:00
}
#define SANITIZE(X) likely ((X).sanitize (SANITIZE_ARG))
2009-08-05 01:31:02 +02:00
#define SANITIZE_THIS(X) likely ((X).sanitize (SANITIZE_ARG, CharP(this)))
#define SANITIZE_BASE(X,B) likely ((X).sanitize (SANITIZE_ARG, B))
2009-08-05 01:31:02 +02:00
#define SANITIZE_SELF() SANITIZE_OBJ (*this)
#define SANITIZE_OBJ(X) SANITIZE_MEM(&(X), sizeof (X))
#define SANITIZE_MEM(B,L) likely (_hb_sanitize_check (SANITIZE_ARG, CharP(B), (L)))
2009-08-05 01:31:02 +02:00
#define SANITIZE_ARRAY(A,S,L) likely (_hb_sanitize_array (SANITIZE_ARG, CharP(A), S, L))
2009-08-05 01:31:02 +02:00
2009-08-05 02:52:47 +02:00
/* Template to sanitize an object. */
template <typename Type>
struct Sanitizer
{
static hb_blob_t *sanitize (hb_blob_t *blob) {
2010-04-29 07:47:30 +02:00
hb_sanitize_context_t context[1];
unsigned int sanitize_depth = 0;
2009-08-05 02:52:47 +02:00
bool sane;
2009-08-07 00:34:47 +02:00
/* TODO is_sane() stuff */
2009-08-05 02:52:47 +02:00
retry:
if (HB_DEBUG_SANITIZE)
fprintf (stderr, "Sanitizer %p start %s\n", blob, HB_FUNC);
2009-08-05 05:01:23 +02:00
2010-04-29 07:47:30 +02:00
_hb_sanitize_init (context, blob);
2009-08-05 02:52:47 +02:00
2010-04-29 08:28:54 +02:00
Type *t = CastP<Type> (const_cast<char *> (context->start));
2009-08-05 02:52:47 +02:00
2010-04-29 07:47:30 +02:00
sane = t->sanitize (SANITIZE_ARG);
2009-08-05 02:52:47 +02:00
if (sane) {
2010-04-29 07:47:30 +02:00
if (context->edit_count) {
if (HB_DEBUG_SANITIZE)
fprintf (stderr, "Sanitizer %p passed first round with %d edits; doing a second round %s\n",
blob, context->edit_count, HB_FUNC);
2009-08-20 00:16:50 +02:00
/* sanitize again to ensure no toe-stepping */
2010-04-29 07:47:30 +02:00
context->edit_count = 0;
sane = t->sanitize (SANITIZE_ARG);
if (context->edit_count) {
if (HB_DEBUG_SANITIZE)
fprintf (stderr, "Sanitizer %p requested %d edits in second round; FAILLING %s\n",
blob, context->edit_count, HB_FUNC);
2009-08-05 02:52:47 +02:00
sane = false;
}
}
2010-04-29 07:47:30 +02:00
_hb_sanitize_fini (context, blob);
2009-08-05 02:52:47 +02:00
} else {
2010-04-29 07:47:30 +02:00
unsigned int edit_count = context->edit_count;
_hb_sanitize_fini (context, blob);
2009-08-19 22:17:24 +02:00
if (edit_count && !hb_blob_is_writable (blob) && hb_blob_try_writable (blob)) {
/* ok, we made it writable by relocating. try again */
if (HB_DEBUG_SANITIZE)
fprintf (stderr, "Sanitizer %p retry %s\n", blob, HB_FUNC);
2009-08-05 02:52:47 +02:00
goto retry;
}
}
if (HB_DEBUG_SANITIZE)
fprintf (stderr, "Sanitizer %p %s %s\n", blob, sane ? "passed" : "FAILED", HB_FUNC);
2009-08-05 02:52:47 +02:00
if (sane)
return blob;
else {
hb_blob_destroy (blob);
return hb_blob_create_empty ();
}
}
};
2009-04-16 01:50:16 +02:00
2010-05-03 00:14:25 +02:00
2006-12-22 08:21:55 +01:00
/*
*
* The OpenType Font File: Data Types
2006-12-22 08:21:55 +01:00
*/
/* "The following data types are used in the OpenType font file.
* All OpenType fonts use Motorola-style byte ordering (Big Endian):" */
2009-05-17 06:54:25 +02:00
/*
* Int types
*/
2010-04-21 09:11:46 +02:00
template <typename Type, int Bytes> class BEInt;
2010-04-23 21:19:50 +02:00
/* LONGTERMTODO: On machines allowing unaligned access, we can make the
* following tighter by using byteswap instructions on ints directly. */
2010-04-21 09:11:46 +02:00
template <typename Type>
class BEInt<Type, 2>
{
public:
2010-04-22 04:49:56 +02:00
inline class BEInt<Type,2>& operator = (Type i) { hb_be_uint16_put (v,i); return *this; }
inline operator Type () const { return hb_be_uint16_get (v); }
inline bool operator == (const BEInt<Type, 2>& o) const { return hb_be_uint16_cmp (v, o.v); }
inline bool operator != (const BEInt<Type, 2>& o) const { return !(*this == o); }
2010-04-21 09:11:46 +02:00
private: uint8_t v[2];
};
template <typename Type>
class BEInt<Type, 4>
{
public:
2010-04-22 04:49:56 +02:00
inline class BEInt<Type,4>& operator = (Type i) { hb_be_uint32_put (v,i); return *this; }
inline operator Type () const { return hb_be_uint32_get (v); }
inline bool operator == (const BEInt<Type, 4>& o) const { return hb_be_uint32_cmp (v, o.v); }
inline bool operator != (const BEInt<Type, 4>& o) const { return !(*this == o); }
2010-04-21 09:11:46 +02:00
private: uint8_t v[4];
};
2010-04-22 05:11:45 +02:00
/* Integer types in big-endian order and no alignment requirement */
2010-04-21 09:11:46 +02:00
template <typename Type>
struct IntType
{
static inline unsigned int get_size () { return sizeof (Type); }
2010-04-22 04:49:56 +02:00
inline void set (Type i) { v = i; }
inline operator Type(void) const { return v; }
inline bool operator == (const IntType<Type> &o) const { return v == o.v; }
inline bool operator != (const IntType<Type> &o) const { return v != o.v; }
2010-04-21 09:11:46 +02:00
inline bool sanitize (SANITIZE_ARG_DEF) {
TRACE_SANITIZE ();
return SANITIZE_SELF ();
}
private: BEInt<Type, sizeof (Type)> v;
};
typedef IntType<uint16_t> USHORT; /* 16-bit unsigned integer. */
typedef IntType<int16_t> SHORT; /* 16-bit signed integer. */
typedef IntType<uint32_t> ULONG; /* 32-bit unsigned integer. */
typedef IntType<int32_t> LONG; /* 32-bit signed integer. */
ASSERT_SIZE (USHORT, 2);
ASSERT_SIZE (SHORT, 2);
ASSERT_SIZE (ULONG, 4);
ASSERT_SIZE (LONG, 4);
/* Array of four uint8s (length = 32 bits) used to identify a script, language
* system, feature, or baseline */
2009-05-25 08:41:49 +02:00
struct Tag : ULONG
2009-05-20 05:58:54 +02:00
{
2006-12-25 15:14:52 +01:00
/* What the char* converters return is NOT nul-terminated. Print using "%.4s" */
inline operator const char* (void) const { return CharP(this); }
2010-04-21 19:35:36 +02:00
inline operator char* (void) { return CharP(this); }
};
2008-01-23 06:20:48 +01:00
ASSERT_SIZE (Tag, 4);
DEFINE_NULL_DATA (Tag, 4, " ");
/* Glyph index number, same as uint16 (length = 16 bits) */
2009-05-25 08:27:29 +02:00
typedef USHORT GlyphID;
/* Offset to a table, same as uint16 (length = 16 bits), Null offset = 0x0000 */
2009-05-25 08:27:29 +02:00
typedef USHORT Offset;
/* LongOffset to a table, same as uint32 (length = 32 bits), Null offset = 0x00000000 */
typedef ULONG LongOffset;
/* CheckSum */
2009-05-20 05:58:54 +02:00
struct CheckSum : ULONG
{
static uint32_t CalcTableChecksum (ULONG *Table, uint32_t Length)
{
uint32_t Sum = 0L;
ULONG *EndPtr = Table+((Length+3) & ~3) / ULONG::get_size ();
while (Table < EndPtr)
Sum += *Table++;
return Sum;
}
};
ASSERT_SIZE (CheckSum, 4);
/*
* Version Numbers
*/
2009-05-24 07:03:24 +02:00
struct FixedVersion
2009-05-20 05:58:54 +02:00
{
2009-05-27 01:48:16 +02:00
inline operator uint32_t (void) const { return (major << 16) + minor; }
2009-05-24 18:30:40 +02:00
2009-08-04 08:09:34 +02:00
inline bool sanitize (SANITIZE_ARG_DEF) {
TRACE_SANITIZE ();
2009-08-04 08:09:34 +02:00
return SANITIZE_SELF ();
}
2009-05-25 08:27:29 +02:00
USHORT major;
2009-05-24 07:03:24 +02:00
USHORT minor;
};
2009-05-24 07:03:24 +02:00
ASSERT_SIZE (FixedVersion, 4);
2009-08-04 16:41:32 +02:00
2009-05-17 06:54:25 +02:00
/*
2009-08-04 16:41:32 +02:00
* Template subclasses of Offset and LongOffset that do the dereferencing.
2010-05-03 00:14:25 +02:00
* Use: (base+offset)
2009-05-17 06:54:25 +02:00
*/
2009-08-04 16:41:32 +02:00
template <typename OffsetType, typename Type>
struct GenericOffsetTo : OffsetType
{
2010-04-21 05:50:45 +02:00
inline const Type& operator () (const void *base) const
2009-08-04 16:41:32 +02:00
{
unsigned int offset = *this;
if (unlikely (!offset)) return Null(Type);
return StructAtOffset<Type> (*CharP(base), offset);
2009-08-04 16:41:32 +02:00
}
inline bool sanitize (SANITIZE_ARG_DEF, void *base) {
TRACE_SANITIZE ();
if (!SANITIZE_SELF ()) return false;
2009-08-04 16:41:32 +02:00
unsigned int offset = *this;
if (unlikely (!offset)) return true;
return SANITIZE (StructAtOffset<Type> (*CharP(base), offset)) || neuter (SANITIZE_ARG);
2009-08-04 16:41:32 +02:00
}
inline bool sanitize (SANITIZE_ARG_DEF, void *base, void *base2) {
TRACE_SANITIZE ();
if (!SANITIZE_SELF ()) return false;
2009-08-04 21:07:24 +02:00
unsigned int offset = *this;
if (unlikely (!offset)) return true;
return SANITIZE_BASE (StructAtOffset<Type> (*CharP(base), offset), base2) || neuter (SANITIZE_ARG);
2009-08-04 21:07:24 +02:00
}
inline bool sanitize (SANITIZE_ARG_DEF, void *base, unsigned int user_data) {
TRACE_SANITIZE ();
if (!SANITIZE_SELF ()) return false;
2009-08-04 19:30:49 +02:00
unsigned int offset = *this;
if (unlikely (!offset)) return true;
return SANITIZE_BASE (StructAtOffset<Type> (*CharP(base), offset), user_data) || neuter (SANITIZE_ARG);
}
private:
/* Set the offset to Null */
inline bool neuter (SANITIZE_ARG_DEF) {
if (_hb_sanitize_edit (SANITIZE_ARG, CharP(this), this->get_size ())) {
this->set (0); /* 0 is Null offset */
return true;
}
return false;
2009-08-04 19:30:49 +02:00
}
2009-08-04 16:41:32 +02:00
};
template <typename Base, typename OffsetType, typename Type>
inline const Type& operator + (const Base &base, GenericOffsetTo<OffsetType, Type> offset) { return offset (base); }
2009-05-17 06:54:25 +02:00
template <typename Type>
2009-08-04 16:41:32 +02:00
struct OffsetTo : GenericOffsetTo<Offset, Type> {};
template <typename Type>
struct LongOffsetTo : GenericOffsetTo<LongOffset, Type> {};
2009-08-04 16:41:32 +02:00
/*
* Array Types
*/
template <typename LenType, typename Type>
struct GenericArrayOf
2009-05-20 05:58:54 +02:00
{
const Type *array(void) const { return &StructAfter<Type> (len); }
Type *array(void) { return &StructAfter<Type> (len); }
const Type *sub_array (unsigned int start_offset, unsigned int *pcount /* IN/OUT */) const
2009-11-04 22:59:50 +01:00
{
unsigned int count = len;
if (unlikely (start_offset > count))
2009-11-04 22:59:50 +01:00
count = 0;
else
count -= start_offset;
count = MIN (count, *pcount);
*pcount = count;
return array() + start_offset;
2009-11-04 22:59:50 +01:00
}
2009-05-20 05:58:54 +02:00
inline const Type& operator [] (unsigned int i) const
{
if (unlikely (i >= len)) return Null(Type);
return array()[i];
2009-05-17 06:54:25 +02:00
}
2009-05-20 05:58:54 +02:00
inline unsigned int get_size () const
{ return len.get_size () + len * Type::get_size (); }
2009-05-18 08:03:58 +02:00
inline bool sanitize (SANITIZE_ARG_DEF) {
TRACE_SANITIZE ();
if (!likely (sanitize_shallow (SANITIZE_ARG))) return false;
2010-04-21 06:49:40 +02:00
/* Note: for structs that do not reference other structs,
* we do not need to call their sanitize() as we already did
* a bound check on the aggregate array size, hence the return.
*/
2009-08-15 00:32:56 +02:00
return true;
2010-04-21 06:49:40 +02:00
/* We do keep this code though to make sure the structs pointed
* to do have a simple sanitize(), ie. they do not reference
* other structs. */
2009-08-04 06:58:28 +02:00
unsigned int count = len;
for (unsigned int i = 0; i < count; i++)
if (!SANITIZE (array()[i]))
2009-08-04 06:58:28 +02:00
return false;
2009-08-05 03:42:23 +02:00
return true;
2009-08-04 06:58:28 +02:00
}
inline bool sanitize (SANITIZE_ARG_DEF, void *base) {
TRACE_SANITIZE ();
if (!likely (sanitize_shallow (SANITIZE_ARG))) return false;
2009-08-04 16:23:01 +02:00
unsigned int count = len;
for (unsigned int i = 0; i < count; i++)
if (!array()[i].sanitize (SANITIZE_ARG, base))
2009-08-04 16:23:01 +02:00
return false;
2009-08-05 03:42:23 +02:00
return true;
2009-08-04 16:23:01 +02:00
}
inline bool sanitize (SANITIZE_ARG_DEF, void *base, void *base2) {
TRACE_SANITIZE ();
if (!likely (sanitize_shallow (SANITIZE_ARG))) return false;
2009-08-04 21:07:24 +02:00
unsigned int count = len;
for (unsigned int i = 0; i < count; i++)
if (!array()[i].sanitize (SANITIZE_ARG, base, base2))
2009-08-04 21:07:24 +02:00
return false;
2009-08-05 03:42:23 +02:00
return true;
2009-08-04 21:07:24 +02:00
}
inline bool sanitize (SANITIZE_ARG_DEF, void *base, unsigned int user_data) {
TRACE_SANITIZE ();
if (!likely (sanitize_shallow (SANITIZE_ARG))) return false;
2009-08-04 19:30:49 +02:00
unsigned int count = len;
for (unsigned int i = 0; i < count; i++)
if (!array()[i].sanitize (SANITIZE_ARG, base, user_data))
2009-08-04 19:30:49 +02:00
return false;
2009-08-05 03:42:23 +02:00
return true;
2009-08-04 19:30:49 +02:00
}
2009-08-04 06:58:28 +02:00
2010-05-04 20:28:18 +02:00
private:
inline bool sanitize_shallow (SANITIZE_ARG_DEF) {
TRACE_SANITIZE ();
return SANITIZE_SELF() && SANITIZE_ARRAY (this, Type::get_size (), len);
}
public:
2009-08-04 16:41:32 +02:00
LenType len;
/*Type array[VAR];*/
2009-05-18 08:03:58 +02:00
};
2009-08-04 16:41:32 +02:00
/* An array with a USHORT number of elements. */
template <typename Type>
struct ArrayOf : GenericArrayOf<USHORT, Type> {};
/* An array with a ULONG number of elements. */
template <typename Type>
struct LongArrayOf : GenericArrayOf<ULONG, Type> {};
/* Array of Offset's */
template <typename Type>
struct OffsetArrayOf : ArrayOf<OffsetTo<Type> > {};
/* Array of LongOffset's */
template <typename Type>
struct LongOffsetArrayOf : ArrayOf<LongOffsetTo<Type> > {};
/* LongArray of LongOffset's */
template <typename Type>
struct LongOffsetLongArrayOf : LongArrayOf<LongOffsetTo<Type> > {};
2009-08-15 00:40:56 +02:00
/* Array of offsets relative to the beginning of the array itself. */
template <typename Type>
struct OffsetListOf : OffsetArrayOf<Type>
{
inline const Type& operator [] (unsigned int i) const
{
if (unlikely (i >= this->len)) return Null(Type);
return this+this->array()[i];
2009-08-15 00:40:56 +02:00
}
inline bool sanitize (SANITIZE_ARG_DEF) {
TRACE_SANITIZE ();
return OffsetArrayOf<Type>::sanitize (SANITIZE_ARG, CharP(this));
2009-08-15 00:40:56 +02:00
}
inline bool sanitize (SANITIZE_ARG_DEF, unsigned int user_data) {
TRACE_SANITIZE ();
return OffsetArrayOf<Type>::sanitize (SANITIZE_ARG, CharP(this), user_data);
2009-08-15 00:40:56 +02:00
}
};
2009-05-18 08:03:58 +02:00
/* An array with a USHORT number of elements,
* starting at second element. */
template <typename Type>
2009-05-20 05:58:54 +02:00
struct HeadlessArrayOf
{
const Type *array(void) const { return &StructAfter<Type> (len); }
Type *array(void) { return &StructAfter<Type> (len); }
2009-05-20 05:58:54 +02:00
inline const Type& operator [] (unsigned int i) const
{
if (unlikely (i >= len || !i)) return Null(Type);
return array()[i-1];
2009-05-18 08:03:58 +02:00
}
2009-05-20 05:58:54 +02:00
inline unsigned int get_size () const
{ return len.get_size () + (len ? len - 1 : 0) * Type::get_size (); }
2009-05-17 06:54:25 +02:00
2010-04-22 06:45:42 +02:00
inline bool sanitize_shallow (SANITIZE_ARG_DEF) {
TRACE_SANITIZE ();
return SANITIZE_SELF() && SANITIZE_ARRAY (this, Type::get_size (), len);
}
inline bool sanitize (SANITIZE_ARG_DEF) {
TRACE_SANITIZE ();
if (!likely (sanitize_shallow (SANITIZE_ARG))) return false;
2010-04-21 06:49:40 +02:00
/* Note: for structs that do not reference other structs,
* we do not need to call their sanitize() as we already did
* a bound check on the aggregate array size, hence the return.
*/
2009-08-15 00:32:56 +02:00
return true;
2010-04-21 06:49:40 +02:00
/* We do keep this code though to make sure the structs pointed
* to do have a simple sanitize(), ie. they do not reference
* other structs. */
2009-08-04 19:57:41 +02:00
unsigned int count = len ? len - 1 : 0;
Type *a = array();
2009-08-04 06:58:28 +02:00
for (unsigned int i = 0; i < count; i++)
if (!SANITIZE (a[i]))
2009-08-04 06:58:28 +02:00
return false;
2009-08-05 03:42:23 +02:00
return true;
2009-08-04 06:58:28 +02:00
}
2009-05-17 06:54:25 +02:00
USHORT len;
/*Type array[VAR];*/
2009-05-17 06:54:25 +02:00
};
2009-11-05 00:12:09 +01:00
#endif /* HB_OPEN_TYPE_PRIVATE_HH */