2 * Copyright (C) 2007,2008,2009,2010 Red Hat, Inc.
4 * This is part of HarfBuzz, a text shaping library.
6 * Permission is hereby granted, without written agreement and without
7 * license or royalty fees, to use, copy, modify, and distribute this
8 * software and its documentation for any purpose, provided that the
9 * above copyright notice and the following two paragraphs appear in
10 * all copies of this software.
12 * IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR
13 * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
14 * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN
15 * IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
18 * THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
19 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
20 * FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
21 * ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO
22 * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
24 * Red Hat Author(s): Behdad Esfahbod
27 #ifndef HB_OPEN_TYPES_PRIVATE_HH
28 #define HB_OPEN_TYPES_PRIVATE_HH
30 #include "hb-private.h"
35 /* Table/script/language-system/feature/... not found */
36 #define NO_INDEX ((unsigned int) 0xFFFF)
44 /* Cast to struct T, reference to reference */
45 template<typename Type, typename TObject>
46 inline const Type& CastR(const TObject &X)
47 { return reinterpret_cast<const Type&> (X); }
48 template<typename Type, typename TObject>
49 inline Type& CastR(TObject &X)
50 { return reinterpret_cast<Type&> (X); }
52 /* Cast to struct T, pointer to pointer */
53 template<typename Type, typename TObject>
54 inline const Type* CastP(const TObject *X)
55 { return reinterpret_cast<const Type*> (X); }
56 template<typename Type, typename TObject>
57 inline Type* CastP(TObject *X)
58 { return reinterpret_cast<Type*> (X); }
60 /* StructAtOffset<T>(P,Ofs) returns the struct T& that is placed at memory
61 * location pointed to by P plus Ofs bytes. */
62 template<typename Type>
63 inline const Type& StructAtOffset(const void *P, unsigned int offset)
64 { return * reinterpret_cast<const Type*> ((const char *) P + offset); }
65 template<typename Type>
66 inline Type& StructAtOffset(void *P, unsigned int offset)
67 { return * reinterpret_cast<Type*> ((char *) P + offset); }
69 /* StructAfter<T>(X) returns the struct T& that is placed after X.
70 * Works with X of variable size also. X must implement get_size() */
71 template<typename Type, typename TObject>
72 inline const Type& StructAfter(const TObject &X)
73 { return StructAtOffset<Type>(&X, X.get_size()); }
74 template<typename Type, typename TObject>
75 inline Type& StructAfter(TObject &X)
76 { return StructAtOffset<Type>(&X, X.get_size()); }
84 #define ASSERT_SIZE(_thing, _size) ASSERT_STATIC (sizeof (_thing) == (_size))
86 #define _DEFINE_SIZE_ASSERTION(_size) \
87 inline void _size_assertion (void) const { ASSERT_SIZE (*this, _size); }
90 #define DEFINE_SIZE_STATIC(size) \
91 _DEFINE_SIZE_ASSERTION (size); \
92 static inline unsigned int get_size (void) { return (size); } \
93 static const unsigned int static_size = (size); \
94 static const unsigned int min_size = (size)
96 /* Size signifying variable-sized array */
100 #define DEFINE_SIZE_MIN(size) \
101 static const unsigned int min_size = (size)
103 #define DEFINE_SIZE_VAR(size, _var_type) \
104 _DEFINE_SIZE_ASSERTION ((size) + VAR0 * sizeof (_var_type)); \
105 static const unsigned int min_size = (size)
107 #define DEFINE_SIZE_VAR2(size, _var_type1, _var_type2) \
108 _DEFINE_SIZE_ASSERTION ((size) + VAR0 * sizeof (_var_type1) + VAR0 * sizeof (_var_type2)); \
109 static const unsigned int min_size = (size)
117 /* Global nul-content Null pool. Enlarge as necessary. */
118 static const void *_NullPool[32 / sizeof (void *)];
120 /* Generic template for nul-content sizeof-sized Null objects. */
121 template <typename Type>
122 static inline const Type& Null () {
123 ASSERT_STATIC (Type::min_size <= sizeof (_NullPool));
124 return *CastP<Type> (_NullPool);
127 /* Specializaiton for arbitrary-content arbitrary-sized Null objects. */
128 #define DEFINE_NULL_DATA(Type, data) \
129 static const char _Null##Type[Type::min_size + 1] = data; /* +1 is for nul-termination in data */ \
131 inline const Type& Null<Type> () { \
132 return *CastP<Type> (_Null##Type); \
133 } /* The following line really exists such that we end in a place needing semicolon */ \
134 ASSERT_STATIC (Type::min_size + 1 <= sizeof (_Null##Type))
136 /* Accessor macro. */
137 #define Null(Type) Null<Type>()
145 template <int max_depth>
147 explicit hb_trace_t (unsigned int *pdepth) : pdepth(pdepth) { if (max_depth) ++*pdepth; }
148 ~hb_trace_t (void) { if (max_depth) --*pdepth; }
150 inline void log (const char *what, const char *function, const void *obj)
152 if (*pdepth < max_depth)
153 fprintf (stderr, "%s(%p) %-*d-> %s\n", what, obj, *pdepth, *pdepth, function);
157 unsigned int *pdepth;
159 template <> /* Optimize when tracing is disabled */
160 struct hb_trace_t<0> {
161 explicit hb_trace_t (unsigned int *p) {}
162 inline void log (const char *what, const char *function, const void *obj) {};
171 #ifndef HB_DEBUG_SANITIZE
172 #define HB_DEBUG_SANITIZE HB_DEBUG+0
176 #define TRACE_SANITIZE() \
177 hb_trace_t<HB_DEBUG_SANITIZE> trace (&context->debug_depth); \
178 trace.log ("SANITIZE", HB_FUNC, this);
181 struct hb_sanitize_context_t
183 inline void init (hb_blob_t *blob)
185 this->blob = hb_blob_reference (blob);
186 this->start = hb_blob_lock (blob);
187 this->end = this->start + hb_blob_get_length (blob);
188 this->writable = hb_blob_is_writable (blob);
189 this->edit_count = 0;
190 this->debug_depth = 0;
192 if (HB_DEBUG_SANITIZE)
193 fprintf (stderr, "sanitize %p init [%p..%p] (%u bytes)\n",
194 this->blob, this->start, this->end, this->end - this->start);
197 inline void finish (void)
199 if (HB_DEBUG_SANITIZE)
200 fprintf (stderr, "sanitize %p fini [%p..%p] %u edit requests\n",
201 this->blob, this->start, this->end, this->edit_count);
203 hb_blob_unlock (this->blob);
204 hb_blob_destroy (this->blob);
206 this->start = this->end = NULL;
209 inline bool check_range (const void *base, unsigned int len) const
211 const char *p = (const char *) base;
212 bool ret = this->start <= p &&
214 (unsigned int) (this->end - p) >= len;
216 if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE) \
217 fprintf (stderr, "SANITIZE(%p) %-*d-> range [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \
219 this->debug_depth, this->debug_depth,
221 this->start, this->end,
222 ret ? "pass" : "FAIL");
227 inline bool check_array (const void *base, unsigned int record_size, unsigned int len) const
229 const char *p = (const char *) base;
230 bool overflows = len >= ((unsigned int) -1) / record_size;
232 if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE)
233 fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n", \
235 this->debug_depth, this->debug_depth,
236 p, p + (record_size * len), record_size, len, (unsigned long) record_size * len,
237 this->start, this->end,
238 !overflows ? "does not overflow" : "OVERFLOWS FAIL");
240 return likely (!overflows && this->check_range (base, record_size * len));
243 template <typename Type>
244 inline bool check_struct (const Type *obj) const
246 return likely (this->check_range (obj, sizeof (*obj)));
249 inline bool can_edit (const void *base HB_UNUSED, unsigned int len HB_UNUSED)
251 const char *p = (const char *) base;
254 if (HB_DEBUG_SANITIZE && (int) this->debug_depth < (int) HB_DEBUG_SANITIZE)
255 fprintf (stderr, "SANITIZE(%p) %-*d-> edit(%u) [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \
257 this->debug_depth, this->debug_depth,
260 this->start, this->end,
261 this->writable ? "granted" : "REJECTED");
263 return this->writable;
266 unsigned int debug_depth;
267 const char *start, *end;
269 unsigned int edit_count;
275 /* Template to sanitize an object. */
276 template <typename Type>
279 static hb_blob_t *sanitize (hb_blob_t *blob) {
280 hb_sanitize_context_t context[1] = {{0}};
283 /* TODO is_sane() stuff */
286 if (HB_DEBUG_SANITIZE)
287 fprintf (stderr, "Sanitizer %p start %s\n", blob, HB_FUNC);
289 context->init (blob);
291 Type *t = CastP<Type> (const_cast<char *> (context->start));
293 sane = t->sanitize (context);
295 if (context->edit_count) {
296 if (HB_DEBUG_SANITIZE)
297 fprintf (stderr, "Sanitizer %p passed first round with %d edits; doing a second round %s\n",
298 blob, context->edit_count, HB_FUNC);
300 /* sanitize again to ensure no toe-stepping */
301 context->edit_count = 0;
302 sane = t->sanitize (context);
303 if (context->edit_count) {
304 if (HB_DEBUG_SANITIZE)
305 fprintf (stderr, "Sanitizer %p requested %d edits in second round; FAILLING %s\n",
306 blob, context->edit_count, HB_FUNC);
312 unsigned int edit_count = context->edit_count;
314 if (edit_count && !hb_blob_is_writable (blob) && hb_blob_try_writable (blob)) {
315 /* ok, we made it writable by relocating. try again */
316 if (HB_DEBUG_SANITIZE)
317 fprintf (stderr, "Sanitizer %p retry %s\n", blob, HB_FUNC);
322 if (HB_DEBUG_SANITIZE)
323 fprintf (stderr, "Sanitizer %p %s %s\n", blob, sane ? "passed" : "FAILED", HB_FUNC);
327 hb_blob_destroy (blob);
328 return hb_blob_create_empty ();
338 * The OpenType Font File: Data Types
342 /* "The following data types are used in the OpenType font file.
343 * All OpenType fonts use Motorola-style byte ordering (Big Endian):" */
350 template <typename Type, int Bytes> class BEInt;
352 /* LONGTERMTODO: On machines allowing unaligned access, we can make the
353 * following tighter by using byteswap instructions on ints directly. */
354 template <typename Type>
358 inline class BEInt<Type,2>& operator = (Type i) { hb_be_uint16_put (v,i); return *this; }
359 inline operator Type () const { return hb_be_uint16_get (v); }
360 inline bool operator == (const BEInt<Type, 2>& o) const { return hb_be_uint16_cmp (v, o.v); }
361 inline bool operator != (const BEInt<Type, 2>& o) const { return !(*this == o); }
362 private: uint8_t v[2];
364 template <typename Type>
368 inline class BEInt<Type,4>& operator = (Type i) { hb_be_uint32_put (v,i); return *this; }
369 inline operator Type () const { return hb_be_uint32_get (v); }
370 inline bool operator == (const BEInt<Type, 4>& o) const { return hb_be_uint32_cmp (v, o.v); }
371 inline bool operator != (const BEInt<Type, 4>& o) const { return !(*this == o); }
372 private: uint8_t v[4];
375 /* Integer types in big-endian order and no alignment requirement */
376 template <typename Type>
379 inline void set (Type i) { v = i; }
380 inline operator Type(void) const { return v; }
381 inline bool operator == (const IntType<Type> &o) const { return v == o.v; }
382 inline bool operator != (const IntType<Type> &o) const { return v != o.v; }
383 inline bool sanitize (hb_sanitize_context_t *context) {
385 return context->check_struct (this);
388 BEInt<Type, sizeof (Type)> v;
390 DEFINE_SIZE_STATIC (sizeof (Type));
393 typedef IntType<uint16_t> USHORT; /* 16-bit unsigned integer. */
394 typedef IntType<int16_t> SHORT; /* 16-bit signed integer. */
395 typedef IntType<uint32_t> ULONG; /* 32-bit unsigned integer. */
396 typedef IntType<int32_t> LONG; /* 32-bit signed integer. */
398 /* Array of four uint8s (length = 32 bits) used to identify a script, language
399 * system, feature, or baseline */
402 /* What the char* converters return is NOT nul-terminated. Print using "%.4s" */
403 inline operator const char* (void) const { return reinterpret_cast<const char *> (&this->v); }
404 inline operator char* (void) { return reinterpret_cast<char *> (&this->v); }
406 DEFINE_SIZE_STATIC (4);
408 DEFINE_NULL_DATA (Tag, " ");
410 /* Glyph index number, same as uint16 (length = 16 bits) */
411 typedef USHORT GlyphID;
413 /* Offset to a table, same as uint16 (length = 16 bits), Null offset = 0x0000 */
414 typedef USHORT Offset;
416 /* LongOffset to a table, same as uint32 (length = 32 bits), Null offset = 0x00000000 */
417 typedef ULONG LongOffset;
421 struct CheckSum : ULONG
423 static uint32_t CalcTableChecksum (ULONG *Table, uint32_t Length)
426 ULONG *EndPtr = Table+((Length+3) & ~3) / ULONG::static_size;
428 while (Table < EndPtr)
433 DEFINE_SIZE_STATIC (4);
443 inline operator uint32_t (void) const { return (major << 16) + minor; }
445 inline bool sanitize (hb_sanitize_context_t *context) {
447 return context->check_struct (this);
453 DEFINE_SIZE_STATIC (4);
459 * Template subclasses of Offset and LongOffset that do the dereferencing.
463 template <typename OffsetType, typename Type>
464 struct GenericOffsetTo : OffsetType
466 inline const Type& operator () (const void *base) const
468 unsigned int offset = *this;
469 if (unlikely (!offset)) return Null(Type);
470 return StructAtOffset<Type> (base, offset);
473 inline bool sanitize (hb_sanitize_context_t *context, void *base) {
475 if (!context->check_struct (this)) return false;
476 unsigned int offset = *this;
477 if (unlikely (!offset)) return true;
478 Type &obj = StructAtOffset<Type> (base, offset);
479 return likely (obj.sanitize (context)) || neuter (context);
481 template <typename T>
482 inline bool sanitize (hb_sanitize_context_t *context, void *base, T user_data) {
484 if (!context->check_struct (this)) return false;
485 unsigned int offset = *this;
486 if (unlikely (!offset)) return true;
487 Type &obj = StructAtOffset<Type> (base, offset);
488 return likely (obj.sanitize (context, user_data)) || neuter (context);
492 /* Set the offset to Null */
493 inline bool neuter (hb_sanitize_context_t *context) {
494 if (context->can_edit (this, this->static_size)) {
495 this->set (0); /* 0 is Null offset */
501 template <typename Base, typename OffsetType, typename Type>
502 inline const Type& operator + (const Base &base, GenericOffsetTo<OffsetType, Type> offset) { return offset (base); }
504 template <typename Type>
505 struct OffsetTo : GenericOffsetTo<Offset, Type> {};
507 template <typename Type>
508 struct LongOffsetTo : GenericOffsetTo<LongOffset, Type> {};
515 template <typename LenType, typename Type>
516 struct GenericArrayOf
518 const Type *array(void) const { return &StructAfter<Type> (len); }
519 Type *array(void) { return &StructAfter<Type> (len); }
521 const Type *sub_array (unsigned int start_offset, unsigned int *pcount /* IN/OUT */) const
523 unsigned int count = len;
524 if (unlikely (start_offset > count))
527 count -= start_offset;
528 count = MIN (count, *pcount);
530 return array() + start_offset;
533 inline const Type& operator [] (unsigned int i) const
535 if (unlikely (i >= len)) return Null(Type);
538 inline unsigned int get_size () const
539 { return len.static_size + len * Type::static_size; }
541 inline bool sanitize (hb_sanitize_context_t *context) {
543 if (!likely (sanitize_shallow (context))) return false;
544 /* Note: for structs that do not reference other structs,
545 * we do not need to call their sanitize() as we already did
546 * a bound check on the aggregate array size, hence the return.
549 /* We do keep this code though to make sure the structs pointed
550 * to do have a simple sanitize(), ie. they do not reference
552 unsigned int count = len;
553 for (unsigned int i = 0; i < count; i++)
554 if (array()[i].sanitize (context))
558 inline bool sanitize (hb_sanitize_context_t *context, void *base) {
560 if (!likely (sanitize_shallow (context))) return false;
561 unsigned int count = len;
562 for (unsigned int i = 0; i < count; i++)
563 if (!array()[i].sanitize (context, base))
567 template <typename T>
568 inline bool sanitize (hb_sanitize_context_t *context, void *base, T user_data) {
570 if (!likely (sanitize_shallow (context))) return false;
571 unsigned int count = len;
572 for (unsigned int i = 0; i < count; i++)
573 if (!array()[i].sanitize (context, base, user_data))
579 inline bool sanitize_shallow (hb_sanitize_context_t *context) {
581 return context->check_struct (this)
582 && context->check_array (this, Type::static_size, len);
590 DEFINE_SIZE_VAR (sizeof (LenType), Type);
593 /* An array with a USHORT number of elements. */
594 template <typename Type>
595 struct ArrayOf : GenericArrayOf<USHORT, Type> {};
597 /* An array with a ULONG number of elements. */
598 template <typename Type>
599 struct LongArrayOf : GenericArrayOf<ULONG, Type> {};
601 /* Array of Offset's */
602 template <typename Type>
603 struct OffsetArrayOf : ArrayOf<OffsetTo<Type> > {};
605 /* Array of LongOffset's */
606 template <typename Type>
607 struct LongOffsetArrayOf : ArrayOf<LongOffsetTo<Type> > {};
609 /* LongArray of LongOffset's */
610 template <typename Type>
611 struct LongOffsetLongArrayOf : LongArrayOf<LongOffsetTo<Type> > {};
613 /* Array of offsets relative to the beginning of the array itself. */
614 template <typename Type>
615 struct OffsetListOf : OffsetArrayOf<Type>
617 inline const Type& operator [] (unsigned int i) const
619 if (unlikely (i >= this->len)) return Null(Type);
620 return this+this->array()[i];
623 inline bool sanitize (hb_sanitize_context_t *context) {
625 return OffsetArrayOf<Type>::sanitize (context, this);
627 template <typename T>
628 inline bool sanitize (hb_sanitize_context_t *context, T user_data) {
630 return OffsetArrayOf<Type>::sanitize (context, this, user_data);
635 /* An array with a USHORT number of elements,
636 * starting at second element. */
637 template <typename Type>
638 struct HeadlessArrayOf
640 const Type *array(void) const { return &StructAfter<Type> (len); }
641 Type *array(void) { return &StructAfter<Type> (len); }
643 inline const Type& operator [] (unsigned int i) const
645 if (unlikely (i >= len || !i)) return Null(Type);
648 inline unsigned int get_size () const
649 { return len.static_size + (len ? len - 1 : 0) * Type::static_size; }
651 inline bool sanitize_shallow (hb_sanitize_context_t *context) {
652 return context->check_struct (this)
653 && context->check_array (this, Type::static_size, len);
656 inline bool sanitize (hb_sanitize_context_t *context) {
658 if (!likely (sanitize_shallow (context))) return false;
659 /* Note: for structs that do not reference other structs,
660 * we do not need to call their sanitize() as we already did
661 * a bound check on the aggregate array size, hence the return.
664 /* We do keep this code though to make sure the structs pointed
665 * to do have a simple sanitize(), ie. they do not reference
667 unsigned int count = len ? len - 1 : 0;
669 for (unsigned int i = 0; i < count; i++)
670 if (!a[i].sanitize (context))
679 DEFINE_SIZE_VAR (sizeof (USHORT), Type);
683 #endif /* HB_OPEN_TYPE_PRIVATE_HH */