1 /**************************************************************************** 2 * 3 * gxvfeat.c 4 * 5 * TrueTypeGX/AAT feat table validation (body). 6 * 7 * Copyright 2004-2018 by 8 * suzuki toshiya, Masatake YAMATO, Red Hat K.K., 9 * David Turner, Robert Wilhelm, and Werner Lemberg. 10 * 11 * This file is part of the FreeType project, and may only be used, 12 * modified, and distributed under the terms of the FreeType project 13 * license, LICENSE.TXT. By continuing to use, modify, or distribute 14 * this file you indicate that you have read the license and 15 * understand and accept it fully. 16 * 17 */ 18 19 /**************************************************************************** 20 * 21 * gxvalid is derived from both gxlayout module and otvalid module. 22 * Development of gxlayout is supported by the Information-technology 23 * Promotion Agency(IPA), Japan. 24 * 25 */ 26 27 28 #include "gxvalid.h" 29 #include "gxvcommn.h" 30 #include "gxvfeat.h" 31 32 33 /************************************************************************** 34 * 35 * The macro FT_COMPONENT is used in trace mode. It is an implicit 36 * parameter of the FT_TRACE() and FT_ERROR() macros, used to print/log 37 * messages during execution. 38 */ 39 #undef FT_COMPONENT 40 #define FT_COMPONENT trace_gxvfeat 41 42 43 /*************************************************************************/ 44 /*************************************************************************/ 45 /***** *****/ 46 /***** Data and Types *****/ 47 /***** *****/ 48 /*************************************************************************/ 49 /*************************************************************************/ 50 51 typedef struct GXV_feat_DataRec_ 52 { 53 FT_UInt reserved_size; 54 FT_UShort feature; 55 FT_UShort setting; 56 57 } GXV_feat_DataRec, *GXV_feat_Data; 58 59 60 #define GXV_FEAT_DATA( field ) GXV_TABLE_DATA( feat, field ) 61 62 63 typedef enum GXV_FeatureFlagsMask_ 64 { 65 GXV_FEAT_MASK_EXCLUSIVE_SETTINGS = 0x8000U, 66 GXV_FEAT_MASK_DYNAMIC_DEFAULT = 0x4000, 67 GXV_FEAT_MASK_UNUSED = 0x3F00, 68 GXV_FEAT_MASK_DEFAULT_SETTING = 0x00FF 69 70 } GXV_FeatureFlagsMask; 71 72 73 /*************************************************************************/ 74 /*************************************************************************/ 75 /***** *****/ 76 /***** UTILITY FUNCTIONS *****/ 77 /***** *****/ 78 /*************************************************************************/ 79 /*************************************************************************/ 80 81 static void gxv_feat_registry_validate(FT_UShort feature,FT_UShort nSettings,FT_Bool exclusive,GXV_Validator gxvalid)82 gxv_feat_registry_validate( FT_UShort feature, 83 FT_UShort nSettings, 84 FT_Bool exclusive, 85 GXV_Validator gxvalid ) 86 { 87 GXV_NAME_ENTER( "feature in registry" ); 88 89 GXV_TRACE(( " (feature = %u)\n", feature )); 90 91 if ( feature >= gxv_feat_registry_length ) 92 { 93 GXV_TRACE(( "feature number %d is out of range %d\n", 94 feature, gxv_feat_registry_length )); 95 GXV_SET_ERR_IF_PARANOID( FT_INVALID_DATA ); 96 goto Exit; 97 } 98 99 if ( gxv_feat_registry[feature].existence == 0 ) 100 { 101 GXV_TRACE(( "feature number %d is in defined range but doesn't exist\n", 102 feature )); 103 GXV_SET_ERR_IF_PARANOID( FT_INVALID_DATA ); 104 goto Exit; 105 } 106 107 if ( gxv_feat_registry[feature].apple_reserved ) 108 { 109 /* Don't use here. Apple is reserved. */ 110 GXV_TRACE(( "feature number %d is reserved by Apple\n", feature )); 111 if ( gxvalid->root->level >= FT_VALIDATE_TIGHT ) 112 FT_INVALID_DATA; 113 } 114 115 if ( nSettings != gxv_feat_registry[feature].nSettings ) 116 { 117 GXV_TRACE(( "feature %d: nSettings %d != defined nSettings %d\n", 118 feature, nSettings, 119 gxv_feat_registry[feature].nSettings )); 120 if ( gxvalid->root->level >= FT_VALIDATE_TIGHT ) 121 FT_INVALID_DATA; 122 } 123 124 if ( exclusive != gxv_feat_registry[feature].exclusive ) 125 { 126 GXV_TRACE(( "exclusive flag %d differs from predefined value\n", 127 exclusive )); 128 if ( gxvalid->root->level >= FT_VALIDATE_TIGHT ) 129 FT_INVALID_DATA; 130 } 131 132 Exit: 133 GXV_EXIT; 134 } 135 136 137 static void gxv_feat_name_index_validate(FT_Bytes table,FT_Bytes limit,GXV_Validator gxvalid)138 gxv_feat_name_index_validate( FT_Bytes table, 139 FT_Bytes limit, 140 GXV_Validator gxvalid ) 141 { 142 FT_Bytes p = table; 143 144 FT_Short nameIndex; 145 146 147 GXV_NAME_ENTER( "nameIndex" ); 148 149 GXV_LIMIT_CHECK( 2 ); 150 nameIndex = FT_NEXT_SHORT ( p ); 151 GXV_TRACE(( " (nameIndex = %d)\n", nameIndex )); 152 153 gxv_sfntName_validate( (FT_UShort)nameIndex, 154 255, 155 32768U, 156 gxvalid ); 157 158 GXV_EXIT; 159 } 160 161 162 static void gxv_feat_setting_validate(FT_Bytes table,FT_Bytes limit,FT_Bool exclusive,GXV_Validator gxvalid)163 gxv_feat_setting_validate( FT_Bytes table, 164 FT_Bytes limit, 165 FT_Bool exclusive, 166 GXV_Validator gxvalid ) 167 { 168 FT_Bytes p = table; 169 FT_UShort setting; 170 171 172 GXV_NAME_ENTER( "setting" ); 173 174 GXV_LIMIT_CHECK( 2 ); 175 176 setting = FT_NEXT_USHORT( p ); 177 178 /* If we have exclusive setting, the setting should be odd. */ 179 if ( exclusive && ( setting & 1 ) == 0 ) 180 FT_INVALID_DATA; 181 182 gxv_feat_name_index_validate( p, limit, gxvalid ); 183 184 GXV_FEAT_DATA( setting ) = setting; 185 186 GXV_EXIT; 187 } 188 189 190 static void gxv_feat_name_validate(FT_Bytes table,FT_Bytes limit,GXV_Validator gxvalid)191 gxv_feat_name_validate( FT_Bytes table, 192 FT_Bytes limit, 193 GXV_Validator gxvalid ) 194 { 195 FT_Bytes p = table; 196 FT_UInt reserved_size = GXV_FEAT_DATA( reserved_size ); 197 198 FT_UShort feature; 199 FT_UShort nSettings; 200 FT_ULong settingTable; 201 FT_UShort featureFlags; 202 203 FT_Bool exclusive; 204 FT_Int last_setting; 205 FT_UInt i; 206 207 208 GXV_NAME_ENTER( "name" ); 209 210 /* feature + nSettings + settingTable + featureFlags */ 211 GXV_LIMIT_CHECK( 2 + 2 + 4 + 2 ); 212 213 feature = FT_NEXT_USHORT( p ); 214 GXV_FEAT_DATA( feature ) = feature; 215 216 nSettings = FT_NEXT_USHORT( p ); 217 settingTable = FT_NEXT_ULONG ( p ); 218 featureFlags = FT_NEXT_USHORT( p ); 219 220 if ( settingTable < reserved_size ) 221 FT_INVALID_OFFSET; 222 223 if ( ( featureFlags & GXV_FEAT_MASK_UNUSED ) == 0 ) 224 GXV_SET_ERR_IF_PARANOID( FT_INVALID_DATA ); 225 226 exclusive = FT_BOOL( featureFlags & GXV_FEAT_MASK_EXCLUSIVE_SETTINGS ); 227 if ( exclusive ) 228 { 229 FT_Byte dynamic_default; 230 231 232 if ( featureFlags & GXV_FEAT_MASK_DYNAMIC_DEFAULT ) 233 dynamic_default = (FT_Byte)( featureFlags & 234 GXV_FEAT_MASK_DEFAULT_SETTING ); 235 else 236 dynamic_default = 0; 237 238 /* If exclusive, check whether default setting is in the range. */ 239 if ( !( dynamic_default < nSettings ) ) 240 FT_INVALID_FORMAT; 241 } 242 243 gxv_feat_registry_validate( feature, nSettings, exclusive, gxvalid ); 244 245 gxv_feat_name_index_validate( p, limit, gxvalid ); 246 247 p = gxvalid->root->base + settingTable; 248 for ( last_setting = -1, i = 0; i < nSettings; i++ ) 249 { 250 gxv_feat_setting_validate( p, limit, exclusive, gxvalid ); 251 252 if ( (FT_Int)GXV_FEAT_DATA( setting ) <= last_setting ) 253 GXV_SET_ERR_IF_PARANOID( FT_INVALID_FORMAT ); 254 255 last_setting = (FT_Int)GXV_FEAT_DATA( setting ); 256 /* setting + nameIndex */ 257 p += ( 2 + 2 ); 258 } 259 260 GXV_EXIT; 261 } 262 263 264 /*************************************************************************/ 265 /*************************************************************************/ 266 /***** *****/ 267 /***** feat TABLE *****/ 268 /***** *****/ 269 /*************************************************************************/ 270 /*************************************************************************/ 271 272 FT_LOCAL_DEF( void ) gxv_feat_validate(FT_Bytes table,FT_Face face,FT_Validator ftvalid)273 gxv_feat_validate( FT_Bytes table, 274 FT_Face face, 275 FT_Validator ftvalid ) 276 { 277 GXV_ValidatorRec gxvalidrec; 278 GXV_Validator gxvalid = &gxvalidrec; 279 280 GXV_feat_DataRec featrec; 281 GXV_feat_Data feat = &featrec; 282 283 FT_Bytes p = table; 284 FT_Bytes limit = 0; 285 286 FT_UInt featureNameCount; 287 288 FT_UInt i; 289 FT_Int last_feature; 290 291 292 gxvalid->root = ftvalid; 293 gxvalid->table_data = feat; 294 gxvalid->face = face; 295 296 FT_TRACE3(( "validating `feat' table\n" )); 297 GXV_INIT; 298 299 feat->reserved_size = 0; 300 301 /* version + featureNameCount + none_0 + none_1 */ 302 GXV_LIMIT_CHECK( 4 + 2 + 2 + 4 ); 303 feat->reserved_size += 4 + 2 + 2 + 4; 304 305 if ( FT_NEXT_ULONG( p ) != 0x00010000UL ) /* Version */ 306 FT_INVALID_FORMAT; 307 308 featureNameCount = FT_NEXT_USHORT( p ); 309 GXV_TRACE(( " (featureNameCount = %d)\n", featureNameCount )); 310 311 if ( !( IS_PARANOID_VALIDATION ) ) 312 p += 6; /* skip (none) and (none) */ 313 else 314 { 315 if ( FT_NEXT_USHORT( p ) != 0 ) 316 FT_INVALID_DATA; 317 318 if ( FT_NEXT_ULONG( p ) != 0 ) 319 FT_INVALID_DATA; 320 } 321 322 feat->reserved_size += featureNameCount * ( 2 + 2 + 4 + 2 + 2 ); 323 324 for ( last_feature = -1, i = 0; i < featureNameCount; i++ ) 325 { 326 gxv_feat_name_validate( p, limit, gxvalid ); 327 328 if ( (FT_Int)GXV_FEAT_DATA( feature ) <= last_feature ) 329 GXV_SET_ERR_IF_PARANOID( FT_INVALID_FORMAT ); 330 331 last_feature = GXV_FEAT_DATA( feature ); 332 p += 2 + 2 + 4 + 2 + 2; 333 } 334 335 FT_TRACE4(( "\n" )); 336 } 337 338 339 /* END */ 340