2 * Copyright (C) 2007,2008,2009,2010 Red Hat, Inc.
4 * This is part of HarfBuzz, a text shaping library.
6 * Permission is hereby granted, without written agreement and without
7 * license or royalty fees, to use, copy, modify, and distribute this
8 * software and its documentation for any purpose, provided that the
9 * above copyright notice and the following two paragraphs appear in
10 * all copies of this software.
12 * IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR
13 * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
14 * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN
15 * IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
18 * THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
19 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
20 * FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
21 * ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO
22 * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
24 * Red Hat Author(s): Behdad Esfahbod
27 #ifndef HB_OPEN_TYPES_PRIVATE_HH
28 #define HB_OPEN_TYPES_PRIVATE_HH
30 #include "hb-private.h"
35 /* Table/script/language-system/feature/... not found */
36 #define NO_INDEX ((unsigned int) 0xFFFF)
44 /* Cast to "const char *" and "char *" */
45 template <typename Type>
46 inline const char * CharP (const Type* X)
47 { return reinterpret_cast<const char *>(X); }
48 template <typename Type>
49 inline char * CharP (Type* X)
50 { return reinterpret_cast<char *>(X); }
52 /* Cast to struct T, reference to reference */
53 template<typename Type, typename TObject>
54 inline const Type& CastR(const TObject &X)
55 { return reinterpret_cast<const Type&> (X); }
56 template<typename Type, typename TObject>
57 inline Type& CastR(TObject &X)
58 { return reinterpret_cast<Type&> (X); }
60 /* Cast to struct T, pointer to pointer */
61 template<typename Type, typename TObject>
62 inline const Type* CastP(const TObject *X)
63 { return reinterpret_cast<const Type*> (X); }
64 template<typename Type, typename TObject>
65 inline Type* CastP(TObject *X)
66 { return reinterpret_cast<Type*> (X); }
68 /* StructAtOffset<T>(X,Ofs) returns the struct T& that is placed at memory
69 * location of X plus Ofs bytes. */
70 template<typename Type, typename TObject>
71 inline const Type& StructAtOffset(const TObject &X, unsigned int offset)
72 { return * reinterpret_cast<const Type*> (CharP(&X) + offset); }
73 template<typename Type, typename TObject>
74 inline Type& StructAtOffset(TObject &X, unsigned int offset)
75 { return * reinterpret_cast<Type*> (CharP(&X) + offset); }
77 /* StructAfter<T>(X) returns the struct T& that is placed after X.
78 * Works with X of variable size also. X must implement get_size() */
79 template<typename Type, typename TObject>
80 inline const Type& StructAfter(const TObject &X)
81 { return StructAtOffset<Type>(X, X.get_size()); }
82 template<typename Type, typename TObject>
83 inline Type& StructAfter(TObject &X)
84 { return StructAtOffset<Type>(X, X.get_size()); }
92 /* Global nul-content Null pool. Enlarge as necessary. */
93 static const void *_NullPool[32 / sizeof (void *)];
95 /* Generic template for nul-content sizeof-sized Null objects. */
96 template <typename Type>
97 static inline const Type& Null () {
98 ASSERT_STATIC (sizeof (Type) <= sizeof (_NullPool));
99 return *CastP<Type> (_NullPool);
102 /* Specializaiton for arbitrary-content arbitrary-sized Null objects. */
103 #define DEFINE_NULL_DATA(Type, size, data) \
104 static const char _Null##Type[size + 1] = data; /* +1 is for nul-termination in data */ \
106 inline const Type& Null<Type> () { \
107 return *CastP<Type> (_Null##Type); \
108 } /* The following line really exists such that we end in a place needing semicolon */ \
109 ASSERT_STATIC (sizeof (Type) + 1 <= sizeof (_Null##Type))
111 /* Accessor macro. */
112 #define Null(Type) Null<Type>()
120 template <int max_depth>
122 explicit hb_trace_t (unsigned int *pdepth) : pdepth(pdepth) { if (max_depth) ++*pdepth; }
123 ~hb_trace_t (void) { if (max_depth) --*pdepth; }
125 inline void log (const char *what, const char *function, const void *obj)
127 if (*pdepth < max_depth)
128 fprintf (stderr, "%s(%p) %-*d-> %s\n", what, obj, *pdepth, *pdepth, function);
132 unsigned int *pdepth;
134 template <> /* Optimize when tracing is disabled */
135 struct hb_trace_t<0> {
136 explicit hb_trace_t (unsigned int *p) {}
137 inline void log (const char *what, const char *function, const void *obj) {};
146 #ifndef HB_DEBUG_SANITIZE
147 #define HB_DEBUG_SANITIZE HB_DEBUG+0
151 #define TRACE_SANITIZE() \
152 hb_trace_t<HB_DEBUG_SANITIZE> trace (&context->debug_depth); \
153 trace.log ("SANITIZE", HB_FUNC, this);
156 struct hb_sanitize_context_t
158 inline void init (hb_blob_t *blob)
160 this->blob = hb_blob_reference (blob);
161 this->start = hb_blob_lock (blob);
162 this->end = this->start + hb_blob_get_length (blob);
163 this->writable = hb_blob_is_writable (blob);
164 this->edit_count = 0;
165 this->debug_depth = 0;
167 if (HB_DEBUG_SANITIZE)
168 fprintf (stderr, "sanitize %p init [%p..%p] (%u bytes)\n",
169 this->blob, this->start, this->end, this->end - this->start);
172 inline void finish (void)
174 if (HB_DEBUG_SANITIZE)
175 fprintf (stderr, "sanitize %p fini [%p..%p] %u edit requests\n",
176 this->blob, this->start, this->end, this->edit_count);
178 hb_blob_unlock (this->blob);
179 hb_blob_destroy (this->blob);
181 this->start = this->end = NULL;
184 inline bool check (const char *base, unsigned int len) const
186 bool ret = this->start <= base &&
188 (unsigned int) (this->end - base) >= len;
190 if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE) \
191 fprintf (stderr, "SANITIZE(%p) %-*d-> check [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \
193 this->debug_depth, this->debug_depth,
195 this->start, this->end,
196 ret ? "pass" : "FAIL");
201 inline bool check_array (const char *base, unsigned int record_size, unsigned int len) const
203 bool overflows = len >= ((unsigned int) -1) / record_size;
206 if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE)
207 fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n", \
209 this->debug_depth, this->debug_depth,
210 base, base + (record_size * len), record_size, len, (unsigned long) record_size * len,
211 this->start, this->end,
212 !overflows ? "does not overflow" : "OVERFLOWS FAIL");
214 return likely (!overflows && this->check (base, record_size * len));
217 inline bool can_edit (const char *base HB_UNUSED, unsigned int len HB_UNUSED)
221 if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE)
222 fprintf (stderr, "SANITIZE(%p) %-*d-> edit(%u) [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \
224 this->debug_depth, this->debug_depth,
227 this->start, this->end,
228 this->writable ? "granted" : "REJECTED");
230 return this->writable;
233 const char *start, *end;
235 unsigned int edit_count;
237 unsigned int debug_depth;
241 #define SANITIZE(X) likely ((X).sanitize (context))
243 #define SANITIZE_WITH_BASE(B,X) likely ((X).sanitize (context, CharP(B)))
245 #define SANITIZE_SELF() SANITIZE_MEM(this, sizeof (*this))
247 #define SANITIZE_MEM(B,L) likely (context->check (CharP(B), (L)))
249 #define SANITIZE_ARRAY(A,S,L) likely (context->check_array (CharP(A), S, L))
252 /* Template to sanitize an object. */
253 template <typename Type>
256 static hb_blob_t *sanitize (hb_blob_t *blob) {
257 hb_sanitize_context_t context[1];
260 /* TODO is_sane() stuff */
263 if (HB_DEBUG_SANITIZE)
264 fprintf (stderr, "Sanitizer %p start %s\n", blob, HB_FUNC);
266 context->init (blob);
268 Type *t = CastP<Type> (const_cast<char *> (context->start));
270 sane = t->sanitize (context);
272 if (context->edit_count) {
273 if (HB_DEBUG_SANITIZE)
274 fprintf (stderr, "Sanitizer %p passed first round with %d edits; doing a second round %s\n",
275 blob, context->edit_count, HB_FUNC);
277 /* sanitize again to ensure no toe-stepping */
278 context->edit_count = 0;
279 sane = t->sanitize (context);
280 if (context->edit_count) {
281 if (HB_DEBUG_SANITIZE)
282 fprintf (stderr, "Sanitizer %p requested %d edits in second round; FAILLING %s\n",
283 blob, context->edit_count, HB_FUNC);
289 unsigned int edit_count = context->edit_count;
291 if (edit_count && !hb_blob_is_writable (blob) && hb_blob_try_writable (blob)) {
292 /* ok, we made it writable by relocating. try again */
293 if (HB_DEBUG_SANITIZE)
294 fprintf (stderr, "Sanitizer %p retry %s\n", blob, HB_FUNC);
299 if (HB_DEBUG_SANITIZE)
300 fprintf (stderr, "Sanitizer %p %s %s\n", blob, sane ? "passed" : "FAILED", HB_FUNC);
304 hb_blob_destroy (blob);
305 return hb_blob_create_empty ();
315 * The OpenType Font File: Data Types
319 /* "The following data types are used in the OpenType font file.
320 * All OpenType fonts use Motorola-style byte ordering (Big Endian):" */
327 template <typename Type, int Bytes> class BEInt;
329 /* LONGTERMTODO: On machines allowing unaligned access, we can make the
330 * following tighter by using byteswap instructions on ints directly. */
331 template <typename Type>
335 inline class BEInt<Type,2>& operator = (Type i) { hb_be_uint16_put (v,i); return *this; }
336 inline operator Type () const { return hb_be_uint16_get (v); }
337 inline bool operator == (const BEInt<Type, 2>& o) const { return hb_be_uint16_cmp (v, o.v); }
338 inline bool operator != (const BEInt<Type, 2>& o) const { return !(*this == o); }
339 private: uint8_t v[2];
341 template <typename Type>
345 inline class BEInt<Type,4>& operator = (Type i) { hb_be_uint32_put (v,i); return *this; }
346 inline operator Type () const { return hb_be_uint32_get (v); }
347 inline bool operator == (const BEInt<Type, 4>& o) const { return hb_be_uint32_cmp (v, o.v); }
348 inline bool operator != (const BEInt<Type, 4>& o) const { return !(*this == o); }
349 private: uint8_t v[4];
352 /* Integer types in big-endian order and no alignment requirement */
353 template <typename Type>
356 static inline unsigned int get_size () { return sizeof (Type); }
357 inline void set (Type i) { v = i; }
358 inline operator Type(void) const { return v; }
359 inline bool operator == (const IntType<Type> &o) const { return v == o.v; }
360 inline bool operator != (const IntType<Type> &o) const { return v != o.v; }
361 inline bool sanitize (hb_sanitize_context_t *context) {
363 return SANITIZE_SELF ();
365 private: BEInt<Type, sizeof (Type)> v;
368 typedef IntType<uint16_t> USHORT; /* 16-bit unsigned integer. */
369 typedef IntType<int16_t> SHORT; /* 16-bit signed integer. */
370 typedef IntType<uint32_t> ULONG; /* 32-bit unsigned integer. */
371 typedef IntType<int32_t> LONG; /* 32-bit signed integer. */
373 ASSERT_SIZE (USHORT, 2);
374 ASSERT_SIZE (SHORT, 2);
375 ASSERT_SIZE (ULONG, 4);
376 ASSERT_SIZE (LONG, 4);
378 /* Array of four uint8s (length = 32 bits) used to identify a script, language
379 * system, feature, or baseline */
382 /* What the char* converters return is NOT nul-terminated. Print using "%.4s" */
383 inline operator const char* (void) const { return CharP(this); }
384 inline operator char* (void) { return CharP(this); }
386 ASSERT_SIZE (Tag, 4);
387 DEFINE_NULL_DATA (Tag, 4, " ");
389 /* Glyph index number, same as uint16 (length = 16 bits) */
390 typedef USHORT GlyphID;
392 /* Offset to a table, same as uint16 (length = 16 bits), Null offset = 0x0000 */
393 typedef USHORT Offset;
395 /* LongOffset to a table, same as uint32 (length = 32 bits), Null offset = 0x00000000 */
396 typedef ULONG LongOffset;
400 struct CheckSum : ULONG
402 static uint32_t CalcTableChecksum (ULONG *Table, uint32_t Length)
405 ULONG *EndPtr = Table+((Length+3) & ~3) / ULONG::get_size ();
407 while (Table < EndPtr)
412 ASSERT_SIZE (CheckSum, 4);
421 inline operator uint32_t (void) const { return (major << 16) + minor; }
423 inline bool sanitize (hb_sanitize_context_t *context) {
425 return SANITIZE_SELF ();
431 ASSERT_SIZE (FixedVersion, 4);
436 * Template subclasses of Offset and LongOffset that do the dereferencing.
440 template <typename OffsetType, typename Type>
441 struct GenericOffsetTo : OffsetType
443 inline const Type& operator () (const void *base) const
445 unsigned int offset = *this;
446 if (unlikely (!offset)) return Null(Type);
447 return StructAtOffset<Type> (*CharP(base), offset);
450 inline bool sanitize (hb_sanitize_context_t *context, void *base) {
452 if (!SANITIZE_SELF ()) return false;
453 unsigned int offset = *this;
454 if (unlikely (!offset)) return true;
455 Type &obj = StructAtOffset<Type> (*CharP(base), offset);
456 return likely (obj.sanitize (context)) || neuter (context);
458 template <typename T>
459 inline bool sanitize (hb_sanitize_context_t *context, void *base, T user_data) {
461 if (!SANITIZE_SELF ()) return false;
462 unsigned int offset = *this;
463 if (unlikely (!offset)) return true;
464 Type &obj = StructAtOffset<Type> (*CharP(base), offset);
465 return likely (obj.sanitize (context, user_data)) || neuter (context);
469 /* Set the offset to Null */
470 inline bool neuter (hb_sanitize_context_t *context) {
471 if (context->can_edit (CharP(this), this->get_size ())) {
472 this->set (0); /* 0 is Null offset */
478 template <typename Base, typename OffsetType, typename Type>
479 inline const Type& operator + (const Base &base, GenericOffsetTo<OffsetType, Type> offset) { return offset (base); }
481 template <typename Type>
482 struct OffsetTo : GenericOffsetTo<Offset, Type> {};
484 template <typename Type>
485 struct LongOffsetTo : GenericOffsetTo<LongOffset, Type> {};
492 template <typename LenType, typename Type>
493 struct GenericArrayOf
495 const Type *array(void) const { return &StructAfter<Type> (len); }
496 Type *array(void) { return &StructAfter<Type> (len); }
498 const Type *sub_array (unsigned int start_offset, unsigned int *pcount /* IN/OUT */) const
500 unsigned int count = len;
501 if (unlikely (start_offset > count))
504 count -= start_offset;
505 count = MIN (count, *pcount);
507 return array() + start_offset;
510 inline const Type& operator [] (unsigned int i) const
512 if (unlikely (i >= len)) return Null(Type);
515 inline unsigned int get_size () const
516 { return len.get_size () + len * Type::get_size (); }
518 inline bool sanitize (hb_sanitize_context_t *context) {
520 if (!likely (sanitize_shallow (context))) return false;
521 /* Note: for structs that do not reference other structs,
522 * we do not need to call their sanitize() as we already did
523 * a bound check on the aggregate array size, hence the return.
526 /* We do keep this code though to make sure the structs pointed
527 * to do have a simple sanitize(), ie. they do not reference
529 unsigned int count = len;
530 for (unsigned int i = 0; i < count; i++)
531 if (!SANITIZE (array()[i]))
535 inline bool sanitize (hb_sanitize_context_t *context, void *base) {
537 if (!likely (sanitize_shallow (context))) return false;
538 unsigned int count = len;
539 for (unsigned int i = 0; i < count; i++)
540 if (!array()[i].sanitize (context, base))
544 template <typename T>
545 inline bool sanitize (hb_sanitize_context_t *context, void *base, T user_data) {
547 if (!likely (sanitize_shallow (context))) return false;
548 unsigned int count = len;
549 for (unsigned int i = 0; i < count; i++)
550 if (!array()[i].sanitize (context, base, user_data))
556 inline bool sanitize_shallow (hb_sanitize_context_t *context) {
558 return SANITIZE_SELF() && SANITIZE_ARRAY (this, Type::get_size (), len);
566 /* An array with a USHORT number of elements. */
567 template <typename Type>
568 struct ArrayOf : GenericArrayOf<USHORT, Type> {};
570 /* An array with a ULONG number of elements. */
571 template <typename Type>
572 struct LongArrayOf : GenericArrayOf<ULONG, Type> {};
574 /* Array of Offset's */
575 template <typename Type>
576 struct OffsetArrayOf : ArrayOf<OffsetTo<Type> > {};
578 /* Array of LongOffset's */
579 template <typename Type>
580 struct LongOffsetArrayOf : ArrayOf<LongOffsetTo<Type> > {};
582 /* LongArray of LongOffset's */
583 template <typename Type>
584 struct LongOffsetLongArrayOf : LongArrayOf<LongOffsetTo<Type> > {};
586 /* Array of offsets relative to the beginning of the array itself. */
587 template <typename Type>
588 struct OffsetListOf : OffsetArrayOf<Type>
590 inline const Type& operator [] (unsigned int i) const
592 if (unlikely (i >= this->len)) return Null(Type);
593 return this+this->array()[i];
596 inline bool sanitize (hb_sanitize_context_t *context) {
598 return OffsetArrayOf<Type>::sanitize (context, CharP(this));
600 template <typename T>
601 inline bool sanitize (hb_sanitize_context_t *context, T user_data) {
603 return OffsetArrayOf<Type>::sanitize (context, CharP(this), user_data);
608 /* An array with a USHORT number of elements,
609 * starting at second element. */
610 template <typename Type>
611 struct HeadlessArrayOf
613 const Type *array(void) const { return &StructAfter<Type> (len); }
614 Type *array(void) { return &StructAfter<Type> (len); }
616 inline const Type& operator [] (unsigned int i) const
618 if (unlikely (i >= len || !i)) return Null(Type);
621 inline unsigned int get_size () const
622 { return len.get_size () + (len ? len - 1 : 0) * Type::get_size (); }
624 inline bool sanitize_shallow (hb_sanitize_context_t *context) {
625 return SANITIZE_SELF() && SANITIZE_ARRAY (this, Type::get_size (), len);
628 inline bool sanitize (hb_sanitize_context_t *context) {
630 if (!likely (sanitize_shallow (context))) return false;
631 /* Note: for structs that do not reference other structs,
632 * we do not need to call their sanitize() as we already did
633 * a bound check on the aggregate array size, hence the return.
636 /* We do keep this code though to make sure the structs pointed
637 * to do have a simple sanitize(), ie. they do not reference
639 unsigned int count = len ? len - 1 : 0;
641 for (unsigned int i = 0; i < count; i++)
642 if (!SANITIZE (a[i]))
652 #endif /* HB_OPEN_TYPE_PRIVATE_HH */