[HB] open-file sanitize()

This commit is contained in:
Behdad Esfahbod 2009-08-04 15:07:24 -04:00
parent 738c54d9ca
commit b508e5ccd5
2 changed files with 55 additions and 4 deletions

View File

@ -47,6 +47,11 @@ struct TTCHeader;
typedef struct TableDirectory typedef struct TableDirectory
{ {
inline bool sanitize (SANITIZE_ARG_DEF, const void *base) {
return SANITIZE_SELF () && SANITIZE (tag) &&
SANITIZE_MEM (CONST_CHARP(base) + (unsigned long) offset, length);
}
Tag tag; /* 4-byte identifier. */ Tag tag; /* 4-byte identifier. */
CheckSum checkSum; /* CheckSum for this table. */ CheckSum checkSum; /* CheckSum for this table. */
ULONG offset; /* Offset from beginning of TrueType font ULONG offset; /* Offset from beginning of TrueType font
@ -60,13 +65,25 @@ typedef struct OffsetTable
friend struct OpenTypeFontFile; friend struct OpenTypeFontFile;
friend struct TTCHeader; friend struct TTCHeader;
STATIC_DEFINE_GET_FOR_DATA (OffsetTable);
DEFINE_TAG_ARRAY_INTERFACE (OpenTypeTable, table); /* get_table_count(), get_table(i), get_table_tag(i) */ DEFINE_TAG_ARRAY_INTERFACE (OpenTypeTable, table); /* get_table_count(), get_table(i), get_table_tag(i) */
DEFINE_TAG_FIND_INTERFACE (OpenTypeTable, table); /* find_table_index(tag), get_table_by_tag(tag) */ DEFINE_TAG_FIND_INTERFACE (OpenTypeTable, table); /* find_table_index(tag), get_table_by_tag(tag) */
unsigned int get_face_count (void) const { return 1; }
private: private:
/* OpenTypeTables, in no particular order */ /* OpenTypeTables, in no particular order */
DEFINE_ARRAY_TYPE (TableDirectory, tableDir, numTables); DEFINE_ARRAY_TYPE (TableDirectory, tableDir, numTables);
public:
inline bool sanitize (SANITIZE_ARG_DEF, const void *base) {
if (!(SANITIZE_SELF () && SANITIZE_MEM (tableDir, sizeof (tableDir[0]) * numTables))) return false;
unsigned int count = numTables;
for (unsigned int i = 0; i < count; i++)
if (!SANITIZE_BASE (tableDir[i], base))
return false;
}
private: private:
Tag sfnt_version; /* '\0\001\0\00' if TrueType / 'OTTO' if CFF */ Tag sfnt_version; /* '\0\001\0\00' if TrueType / 'OTTO' if CFF */
USHORT numTables; /* Number of tables. */ USHORT numTables; /* Number of tables. */
@ -87,6 +104,19 @@ struct TTCHeader
STATIC_DEFINE_GET_FOR_DATA_CHECK_MAJOR_VERSION (TTCHeader, 1, 2); STATIC_DEFINE_GET_FOR_DATA_CHECK_MAJOR_VERSION (TTCHeader, 1, 2);
unsigned int get_face_count (void) const { return table.len; }
const OpenTypeFontFace& get_face (unsigned int i) const
{
return this+table[i];
}
bool sanitize (SANITIZE_ARG_DEF) {
if (!SANITIZE (version)) return false;
if (version.major < 1 || version.major > 2) return true;
return table.sanitize (SANITIZE_ARG, CONST_CHARP(this), CONST_CHARP(this));
}
private: private:
Tag ttcTag; /* TrueType Collection ID string: 'ttcf' */ Tag ttcTag; /* TrueType Collection ID string: 'ttcf' */
FixedVersion version; /* Version of the TTC Header (1.0 or 2.0), FixedVersion version; /* Version of the TTC Header (1.0 or 2.0),
@ -114,8 +144,8 @@ struct OpenTypeFontFile
{ {
switch (tag) { switch (tag) {
default: return 0; default: return 0;
case TrueTypeTag: case CFFTag: return 1; case TrueTypeTag: case CFFTag: return OffsetTable::get_for_data (CONST_CHARP(this)).get_face_count ();
case TTCTag: return TTCHeader::get_for_data (CONST_CHARP(this)).table.len; case TTCTag: return TTCHeader::get_for_data (CONST_CHARP(this)).get_face_count ();
} }
} }
const OpenTypeFontFace& get_face (unsigned int i) const const OpenTypeFontFace& get_face (unsigned int i) const
@ -125,8 +155,8 @@ struct OpenTypeFontFile
/* Note: for non-collection SFNT data we ignore index. This is because /* Note: for non-collection SFNT data we ignore index. This is because
* Apple dfont container is a container of SFNT's. So each SFNT is a * Apple dfont container is a container of SFNT's. So each SFNT is a
* non-TTC, but the index is more than zero. */ * non-TTC, but the index is more than zero. */
case TrueTypeTag: case CFFTag: return *(const OffsetTable*)this; case TrueTypeTag: case CFFTag: return OffsetTable::get_for_data (CONST_CHARP(this));
case TTCTag: return this+TTCHeader::get_for_data (CONST_CHARP(this)).table[i]; case TTCTag: return TTCHeader::get_for_data (CONST_CHARP(this)).get_face (i);
} }
} }
@ -137,6 +167,14 @@ struct OpenTypeFontFile
return ((const char*) this) + table.offset; return ((const char*) this) + table.offset;
} }
bool sanitize (SANITIZE_ARG_DEF) {
switch (tag) {
default: return true;
case TrueTypeTag: case CFFTag: return SANITIZE_THIS (CAST (OffsetTable, *this, 0));
case TTCTag: return SANITIZE (CAST (TTCHeader, *this, 0));
}
}
Tag tag; /* 4-byte identifier. */ Tag tag; /* 4-byte identifier. */
}; };
ASSERT_SIZE (OpenTypeFontFile, 4); ASSERT_SIZE (OpenTypeFontFile, 4);

View File

@ -362,6 +362,12 @@ struct GenericOffsetTo : OffsetType
if (HB_UNLIKELY (!offset)) return true; if (HB_UNLIKELY (!offset)) return true;
return SANITIZE (CAST(Type, *DECONST_CHARP(base), offset)) || NEUTER (DECONST_CAST(OffsetType,*this,0), 0); return SANITIZE (CAST(Type, *DECONST_CHARP(base), offset)) || NEUTER (DECONST_CAST(OffsetType,*this,0), 0);
} }
inline bool sanitize (SANITIZE_ARG_DEF, const void *base, const void *base2) {
if (!SANITIZE_OBJ (*this)) return false;
unsigned int offset = *this;
if (HB_UNLIKELY (!offset)) return true;
return SANITIZE_BASE (CAST(Type, *DECONST_CHARP(base), offset), base2) || NEUTER (DECONST_CAST(OffsetType,*this,0), 0);
}
inline bool sanitize (SANITIZE_ARG_DEF, const void *base, unsigned int user_data) { inline bool sanitize (SANITIZE_ARG_DEF, const void *base, unsigned int user_data) {
if (!SANITIZE_OBJ (*this)) return false; if (!SANITIZE_OBJ (*this)) return false;
unsigned int offset = *this; unsigned int offset = *this;
@ -408,6 +414,13 @@ struct GenericArrayOf
if (!array[i].sanitize (SANITIZE_ARG, base)) if (!array[i].sanitize (SANITIZE_ARG, base))
return false; return false;
} }
inline bool sanitize (SANITIZE_ARG_DEF, const void *base, const void *base2) {
if (!SANITIZE_GET_SIZE()) return false;
unsigned int count = len;
for (unsigned int i = 0; i < count; i++)
if (!array[i].sanitize (SANITIZE_ARG, base, base2))
return false;
}
inline bool sanitize (SANITIZE_ARG_DEF, const void *base, unsigned int user_data) { inline bool sanitize (SANITIZE_ARG_DEF, const void *base, unsigned int user_data) {
if (!SANITIZE_GET_SIZE()) return false; if (!SANITIZE_GET_SIZE()) return false;
unsigned int count = len; unsigned int count = len;