2 * Copyright (C) 2007,2008,2009,2010 Red Hat, Inc.
4 * This is part of HarfBuzz, a text shaping library.
6 * Permission is hereby granted, without written agreement and without
7 * license or royalty fees, to use, copy, modify, and distribute this
8 * software and its documentation for any purpose, provided that the
9 * above copyright notice and the following two paragraphs appear in
10 * all copies of this software.
12 * IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR
13 * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
14 * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN
15 * IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
18 * THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
19 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
20 * FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
21 * ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO
22 * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
24 * Red Hat Author(s): Behdad Esfahbod
27 #ifndef HB_OPEN_TYPES_PRIVATE_HH
28 #define HB_OPEN_TYPES_PRIVATE_HH
30 #include "hb-private.h"
40 /* Cast to struct T, reference to reference */
41 template<typename Type, typename TObject>
42 inline const Type& CastR(const TObject &X)
43 { return reinterpret_cast<const Type&> (X); }
44 template<typename Type, typename TObject>
45 inline Type& CastR(TObject &X)
46 { return reinterpret_cast<Type&> (X); }
48 /* Cast to struct T, pointer to pointer */
49 template<typename Type, typename TObject>
50 inline const Type* CastP(const TObject *X)
51 { return reinterpret_cast<const Type*> (X); }
52 template<typename Type, typename TObject>
53 inline Type* CastP(TObject *X)
54 { return reinterpret_cast<Type*> (X); }
56 /* StructAtOffset<T>(P,Ofs) returns the struct T& that is placed at memory
57 * location pointed to by P plus Ofs bytes. */
58 template<typename Type>
59 inline const Type& StructAtOffset(const void *P, unsigned int offset)
60 { return * reinterpret_cast<const Type*> ((const char *) P + offset); }
61 template<typename Type>
62 inline Type& StructAtOffset(void *P, unsigned int offset)
63 { return * reinterpret_cast<Type*> ((char *) P + offset); }
65 /* StructAfter<T>(X) returns the struct T& that is placed after X.
66 * Works with X of variable size also. X must implement get_size() */
67 template<typename Type, typename TObject>
68 inline const Type& StructAfter(const TObject &X)
69 { return StructAtOffset<Type>(&X, X.get_size()); }
70 template<typename Type, typename TObject>
71 inline Type& StructAfter(TObject &X)
72 { return StructAtOffset<Type>(&X, X.get_size()); }
80 #define _DEFINE_SIZE_ASSERTION(_assertion) \
81 inline void _size_assertion (void) const \
82 { ASSERT_STATIC (_assertion); }
85 #define DEFINE_SIZE_STATIC(size) \
86 _DEFINE_SIZE_ASSERTION (sizeof (*this) == (size)); \
87 static const unsigned int static_size = (size); \
88 static const unsigned int min_size = (size)
90 /* Size signifying variable-sized array */
93 #define DEFINE_SIZE_UNION(size, _member) \
94 _DEFINE_SIZE_ASSERTION (this->u._member.static_size == (size)); \
95 static const unsigned int min_size = (size)
97 #define DEFINE_SIZE_MIN(size) \
98 _DEFINE_SIZE_ASSERTION (sizeof (*this) >= (size)); \
99 static const unsigned int min_size = (size)
101 #define DEFINE_SIZE_ARRAY(size, array) \
102 _DEFINE_SIZE_ASSERTION (sizeof (*this) == (size) + array[0].static_size); \
103 static const unsigned int min_size = (size)
105 #define DEFINE_SIZE_ARRAY2(size, array1, array2) \
106 _DEFINE_SIZE_ASSERTION (sizeof (*this) == (size) + this->array1[0].static_size + this->array2[0].static_size); \
107 static const unsigned int min_size = (size)
115 /* Global nul-content Null pool. Enlarge as necessary. */
116 static const void *_NullPool[32 / sizeof (void *)];
118 /* Generic nul-content Null objects. */
119 template <typename Type>
120 static inline const Type& Null () {
121 ASSERT_STATIC (Type::min_size <= sizeof (_NullPool));
122 return *CastP<Type> (_NullPool);
125 /* Specializaiton for arbitrary-content arbitrary-sized Null objects. */
126 #define DEFINE_NULL_DATA(Type, data) \
127 static const char _Null##Type[Type::min_size + 1] = data; /* +1 is for nul-termination in data */ \
129 inline const Type& Null<Type> () { \
130 return *CastP<Type> (_Null##Type); \
131 } /* The following line really exists such that we end in a place needing semicolon */ \
132 ASSERT_STATIC (Type::min_size + 1 <= sizeof (_Null##Type))
134 /* Accessor macro. */
135 #define Null(Type) Null<Type>()
143 template <int max_depth>
145 explicit hb_trace_t (unsigned int *pdepth, const char *what, const char *function, const void *obj) : pdepth(pdepth) {
146 if (*pdepth < max_depth)
147 fprintf (stderr, "%s(%p) %-*d-> %s\n", what, obj, *pdepth, *pdepth, function);
148 if (max_depth) ++*pdepth;
150 ~hb_trace_t (void) { if (max_depth) --*pdepth; }
153 unsigned int *pdepth;
155 template <> /* Optimize when tracing is disabled */
156 struct hb_trace_t<0> {
157 explicit hb_trace_t (unsigned int *pdepth, const char *what, const char *function, const void *obj) {}
166 #ifndef HB_DEBUG_SANITIZE
167 #define HB_DEBUG_SANITIZE HB_DEBUG+0
171 #define TRACE_SANITIZE() \
172 hb_trace_t<HB_DEBUG_SANITIZE> trace (&context->debug_depth, "SANITIZE", HB_FUNC, this); \
175 struct hb_sanitize_context_t
177 inline void init (hb_blob_t *blob)
179 this->blob = hb_blob_reference (blob);
180 this->start = hb_blob_lock (blob);
181 this->end = this->start + hb_blob_get_length (blob);
182 this->writable = hb_blob_is_writable (blob);
183 this->edit_count = 0;
184 this->debug_depth = 0;
186 if (HB_DEBUG_SANITIZE)
187 fprintf (stderr, "sanitize %p init [%p..%p] (%u bytes)\n",
188 this->blob, this->start, this->end, this->end - this->start);
191 inline void finish (void)
193 if (HB_DEBUG_SANITIZE)
194 fprintf (stderr, "sanitize %p fini [%p..%p] %u edit requests\n",
195 this->blob, this->start, this->end, this->edit_count);
197 hb_blob_unlock (this->blob);
198 hb_blob_destroy (this->blob);
200 this->start = this->end = NULL;
203 inline bool check_range (const void *base, unsigned int len) const
205 const char *p = (const char *) base;
206 bool ret = this->start <= p &&
208 (unsigned int) (this->end - p) >= len;
210 if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE) \
211 fprintf (stderr, "SANITIZE(%p) %-*d-> range [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \
213 this->debug_depth, this->debug_depth,
215 this->start, this->end,
216 ret ? "pass" : "FAIL");
221 inline bool check_array (const void *base, unsigned int record_size, unsigned int len) const
223 const char *p = (const char *) base;
224 bool overflows = len >= ((unsigned int) -1) / record_size;
226 if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE)
227 fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n", \
229 this->debug_depth, this->debug_depth,
230 p, p + (record_size * len), record_size, len, (unsigned long) record_size * len,
231 this->start, this->end,
232 !overflows ? "does not overflow" : "OVERFLOWS FAIL");
234 return likely (!overflows && this->check_range (base, record_size * len));
237 template <typename Type>
238 inline bool check_struct (const Type *obj) const
240 return likely (this->check_range (obj, obj->min_size));
243 inline bool can_edit (const void *base HB_UNUSED, unsigned int len HB_UNUSED)
245 const char *p = (const char *) base;
248 if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE)
249 fprintf (stderr, "SANITIZE(%p) %-*d-> edit(%u) [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \
251 this->debug_depth, this->debug_depth,
254 this->start, this->end,
255 this->writable ? "granted" : "REJECTED");
257 return this->writable;
260 unsigned int debug_depth;
261 const char *start, *end;
263 unsigned int edit_count;
269 /* Template to sanitize an object. */
270 template <typename Type>
273 static hb_blob_t *sanitize (hb_blob_t *blob) {
274 hb_sanitize_context_t context[1] = {{0}};
277 /* TODO is_sane() stuff */
280 if (HB_DEBUG_SANITIZE)
281 fprintf (stderr, "Sanitizer %p start %s\n", blob, HB_FUNC);
283 context->init (blob);
285 if (unlikely (!context->start)) {
290 Type *t = CastP<Type> (const_cast<char *> (context->start));
292 sane = t->sanitize (context);
294 if (context->edit_count) {
295 if (HB_DEBUG_SANITIZE)
296 fprintf (stderr, "Sanitizer %p passed first round with %d edits; doing a second round %s\n",
297 blob, context->edit_count, HB_FUNC);
299 /* sanitize again to ensure no toe-stepping */
300 context->edit_count = 0;
301 sane = t->sanitize (context);
302 if (context->edit_count) {
303 if (HB_DEBUG_SANITIZE)
304 fprintf (stderr, "Sanitizer %p requested %d edits in second round; FAILLING %s\n",
305 blob, context->edit_count, HB_FUNC);
311 unsigned int edit_count = context->edit_count;
313 if (edit_count && !hb_blob_is_writable (blob) && hb_blob_try_writable (blob)) {
314 /* ok, we made it writable by relocating. try again */
315 if (HB_DEBUG_SANITIZE)
316 fprintf (stderr, "Sanitizer %p retry %s\n", blob, HB_FUNC);
321 if (HB_DEBUG_SANITIZE)
322 fprintf (stderr, "Sanitizer %p %s %s\n", blob, sane ? "passed" : "FAILED", HB_FUNC);
326 hb_blob_destroy (blob);
327 return hb_blob_create_empty ();
331 static const Type* lock_instance (hb_blob_t *blob) {
332 const char *base = hb_blob_lock (blob);
333 return unlikely (!base) ? &Null(Type) : CastP<Type> (base);
342 * The OpenType Font File: Data Types
346 /* "The following data types are used in the OpenType font file.
347 * All OpenType fonts use Motorola-style byte ordering (Big Endian):" */
354 template <typename Type, int Bytes> class BEInt;
356 /* LONGTERMTODO: On machines allowing unaligned access, we can make the
357 * following tighter by using byteswap instructions on ints directly. */
358 template <typename Type>
362 inline class BEInt<Type,2>& operator = (Type i) { hb_be_uint16_put (v,i); return *this; }
363 inline operator Type () const { return hb_be_uint16_get (v); }
364 inline bool operator == (const BEInt<Type, 2>& o) const { return hb_be_uint16_cmp (v, o.v); }
365 inline bool operator != (const BEInt<Type, 2>& o) const { return !(*this == o); }
366 private: uint8_t v[2];
368 template <typename Type>
372 inline class BEInt<Type,4>& operator = (Type i) { hb_be_uint32_put (v,i); return *this; }
373 inline operator Type () const { return hb_be_uint32_get (v); }
374 inline bool operator == (const BEInt<Type, 4>& o) const { return hb_be_uint32_cmp (v, o.v); }
375 inline bool operator != (const BEInt<Type, 4>& o) const { return !(*this == o); }
376 private: uint8_t v[4];
379 /* Integer types in big-endian order and no alignment requirement */
380 template <typename Type>
383 inline void set (Type i) { v = i; }
384 inline operator Type(void) const { return v; }
385 inline bool operator == (const IntType<Type> &o) const { return v == o.v; }
386 inline bool operator != (const IntType<Type> &o) const { return v != o.v; }
387 inline bool sanitize (hb_sanitize_context_t *context) {
389 return context->check_struct (this);
392 BEInt<Type, sizeof (Type)> v;
394 DEFINE_SIZE_STATIC (sizeof (Type));
397 typedef IntType<uint16_t> USHORT; /* 16-bit unsigned integer. */
398 typedef IntType<int16_t> SHORT; /* 16-bit signed integer. */
399 typedef IntType<uint32_t> ULONG; /* 32-bit unsigned integer. */
400 typedef IntType<int32_t> LONG; /* 32-bit signed integer. */
402 /* Array of four uint8s (length = 32 bits) used to identify a script, language
403 * system, feature, or baseline */
406 /* What the char* converters return is NOT nul-terminated. Print using "%.4s" */
407 inline operator const char* (void) const { return reinterpret_cast<const char *> (&this->v); }
408 inline operator char* (void) { return reinterpret_cast<char *> (&this->v); }
410 DEFINE_SIZE_STATIC (4);
412 DEFINE_NULL_DATA (Tag, " ");
414 /* Glyph index number, same as uint16 (length = 16 bits) */
415 typedef USHORT GlyphID;
417 /* Script/language-system/feature index */
418 struct Index : USHORT {
419 static const unsigned int NOT_FOUND_INDEX = 0xFFFF;
421 DEFINE_NULL_DATA (Index, "\xff\xff");
423 /* Offset to a table, same as uint16 (length = 16 bits), Null offset = 0x0000 */
424 typedef USHORT Offset;
426 /* LongOffset to a table, same as uint32 (length = 32 bits), Null offset = 0x00000000 */
427 typedef ULONG LongOffset;
431 struct CheckSum : ULONG
433 static uint32_t CalcTableChecksum (ULONG *Table, uint32_t Length)
436 ULONG *EndPtr = Table+((Length+3) & ~3) / ULONG::static_size;
438 while (Table < EndPtr)
443 DEFINE_SIZE_STATIC (4);
453 inline operator uint32_t (void) const { return (major << 16) + minor; }
455 inline bool sanitize (hb_sanitize_context_t *context) {
457 return context->check_struct (this);
463 DEFINE_SIZE_STATIC (4);
469 * Template subclasses of Offset and LongOffset that do the dereferencing.
473 template <typename OffsetType, typename Type>
474 struct GenericOffsetTo : OffsetType
476 inline const Type& operator () (const void *base) const
478 unsigned int offset = *this;
479 if (unlikely (!offset)) return Null(Type);
480 return StructAtOffset<Type> (base, offset);
483 inline bool sanitize (hb_sanitize_context_t *context, void *base) {
485 if (!context->check_struct (this)) return false;
486 unsigned int offset = *this;
487 if (unlikely (!offset)) return true;
488 Type &obj = StructAtOffset<Type> (base, offset);
489 return likely (obj.sanitize (context)) || neuter (context);
491 template <typename T>
492 inline bool sanitize (hb_sanitize_context_t *context, void *base, T user_data) {
494 if (!context->check_struct (this)) return false;
495 unsigned int offset = *this;
496 if (unlikely (!offset)) return true;
497 Type &obj = StructAtOffset<Type> (base, offset);
498 return likely (obj.sanitize (context, user_data)) || neuter (context);
502 /* Set the offset to Null */
503 inline bool neuter (hb_sanitize_context_t *context) {
504 if (context->can_edit (this, this->static_size)) {
505 this->set (0); /* 0 is Null offset */
511 template <typename Base, typename OffsetType, typename Type>
512 inline const Type& operator + (const Base &base, GenericOffsetTo<OffsetType, Type> offset) { return offset (base); }
514 template <typename Type>
515 struct OffsetTo : GenericOffsetTo<Offset, Type> {};
517 template <typename Type>
518 struct LongOffsetTo : GenericOffsetTo<LongOffset, Type> {};
525 template <typename LenType, typename Type>
526 struct GenericArrayOf
528 const Type *sub_array (unsigned int start_offset, unsigned int *pcount /* IN/OUT */) const
530 unsigned int count = len;
531 if (unlikely (start_offset > count))
534 count -= start_offset;
535 count = MIN (count, *pcount);
537 return array + start_offset;
540 inline const Type& operator [] (unsigned int i) const
542 if (unlikely (i >= len)) return Null(Type);
545 inline unsigned int get_size () const
546 { return len.static_size + len * Type::static_size; }
548 inline bool sanitize (hb_sanitize_context_t *context) {
550 if (!likely (sanitize_shallow (context))) return false;
551 /* Note: for structs that do not reference other structs,
552 * we do not need to call their sanitize() as we already did
553 * a bound check on the aggregate array size, hence the return.
556 /* We do keep this code though to make sure the structs pointed
557 * to do have a simple sanitize(), ie. they do not reference
559 unsigned int count = len;
560 for (unsigned int i = 0; i < count; i++)
561 if (array[i].sanitize (context))
565 inline bool sanitize (hb_sanitize_context_t *context, void *base) {
567 if (!likely (sanitize_shallow (context))) return false;
568 unsigned int count = len;
569 for (unsigned int i = 0; i < count; i++)
570 if (!array[i].sanitize (context, base))
574 template <typename T>
575 inline bool sanitize (hb_sanitize_context_t *context, void *base, T user_data) {
577 if (!likely (sanitize_shallow (context))) return false;
578 unsigned int count = len;
579 for (unsigned int i = 0; i < count; i++)
580 if (!array[i].sanitize (context, base, user_data))
586 inline bool sanitize_shallow (hb_sanitize_context_t *context) {
588 return context->check_struct (this)
589 && context->check_array (this, Type::static_size, len);
596 DEFINE_SIZE_ARRAY (sizeof (LenType), array);
599 /* An array with a USHORT number of elements. */
600 template <typename Type>
601 struct ArrayOf : GenericArrayOf<USHORT, Type> {};
603 /* An array with a ULONG number of elements. */
604 template <typename Type>
605 struct LongArrayOf : GenericArrayOf<ULONG, Type> {};
607 /* Array of Offset's */
608 template <typename Type>
609 struct OffsetArrayOf : ArrayOf<OffsetTo<Type> > {};
611 /* Array of LongOffset's */
612 template <typename Type>
613 struct LongOffsetArrayOf : ArrayOf<LongOffsetTo<Type> > {};
615 /* LongArray of LongOffset's */
616 template <typename Type>
617 struct LongOffsetLongArrayOf : LongArrayOf<LongOffsetTo<Type> > {};
619 /* Array of offsets relative to the beginning of the array itself. */
620 template <typename Type>
621 struct OffsetListOf : OffsetArrayOf<Type>
623 inline const Type& operator [] (unsigned int i) const
625 if (unlikely (i >= this->len)) return Null(Type);
626 return this+this->array[i];
629 inline bool sanitize (hb_sanitize_context_t *context) {
631 return OffsetArrayOf<Type>::sanitize (context, this);
633 template <typename T>
634 inline bool sanitize (hb_sanitize_context_t *context, T user_data) {
636 return OffsetArrayOf<Type>::sanitize (context, this, user_data);
641 /* An array with a USHORT number of elements,
642 * starting at second element. */
643 template <typename Type>
644 struct HeadlessArrayOf
646 inline const Type& operator [] (unsigned int i) const
648 if (unlikely (i >= len || !i)) return Null(Type);
651 inline unsigned int get_size () const
652 { return len.static_size + (len ? len - 1 : 0) * Type::static_size; }
654 inline bool sanitize_shallow (hb_sanitize_context_t *context) {
655 return context->check_struct (this)
656 && context->check_array (this, Type::static_size, len);
659 inline bool sanitize (hb_sanitize_context_t *context) {
661 if (!likely (sanitize_shallow (context))) return false;
662 /* Note: for structs that do not reference other structs,
663 * we do not need to call their sanitize() as we already did
664 * a bound check on the aggregate array size, hence the return.
667 /* We do keep this code though to make sure the structs pointed
668 * to do have a simple sanitize(), ie. they do not reference
670 unsigned int count = len ? len - 1 : 0;
672 for (unsigned int i = 0; i < count; i++)
673 if (!a[i].sanitize (context))
681 DEFINE_SIZE_ARRAY (sizeof (USHORT), array);
685 #endif /* HB_OPEN_TYPE_PRIVATE_HH */