2 * Copyright (C) 2007,2008,2009,2010 Red Hat, Inc.
4 * This is part of HarfBuzz, a text shaping library.
6 * Permission is hereby granted, without written agreement and without
7 * license or royalty fees, to use, copy, modify, and distribute this
8 * software and its documentation for any purpose, provided that the
9 * above copyright notice and the following two paragraphs appear in
10 * all copies of this software.
12 * IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR
13 * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
14 * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN
15 * IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
18 * THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
19 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
20 * FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
21 * ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO
22 * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
24 * Red Hat Author(s): Behdad Esfahbod
27 #ifndef HB_OPEN_TYPES_PRIVATE_HH
28 #define HB_OPEN_TYPES_PRIVATE_HH
30 #include "hb-private.h"
35 /* Table/script/language-system/feature/... not found */
36 #define NO_INDEX ((unsigned int) 0xFFFF)
44 /* Cast to "const char *" and "char *" */
45 template <typename Type>
46 inline const char * CharP (const Type* X)
47 { return reinterpret_cast<const char *>(X); }
48 template <typename Type>
49 inline char * CharP (Type* X)
50 { return reinterpret_cast<char *>(X); }
52 /* Cast to struct T, reference to reference */
53 template<typename Type, typename TObject>
54 inline const Type& CastR(const TObject &X)
55 { return reinterpret_cast<const Type&> (X); }
56 template<typename Type, typename TObject>
57 inline Type& CastR(TObject &X)
58 { return reinterpret_cast<Type&> (X); }
60 /* Cast to struct T, pointer to pointer */
61 template<typename Type, typename TObject>
62 inline const Type* CastP(const TObject *X)
63 { return reinterpret_cast<const Type*> (X); }
64 template<typename Type, typename TObject>
65 inline Type* CastP(TObject *X)
66 { return reinterpret_cast<Type*> (X); }
68 /* StructAtOffset<T>(X,Ofs) returns the struct T& that is placed at memory
69 * location of X plus Ofs bytes. */
70 template<typename Type, typename TObject>
71 inline const Type& StructAtOffset(const TObject &X, unsigned int offset)
72 { return * reinterpret_cast<const Type*> (CharP(&X) + offset); }
73 template<typename Type, typename TObject>
74 inline Type& StructAtOffset(TObject &X, unsigned int offset)
75 { return * reinterpret_cast<Type*> (CharP(&X) + offset); }
77 /* StructAfter<T>(X) returns the struct T& that is placed after X.
78 * Works with X of variable size also. X must implement get_size() */
79 template<typename Type, typename TObject>
80 inline const Type& StructAfter(const TObject &X)
81 { return StructAtOffset<Type>(X, X.get_size()); }
82 template<typename Type, typename TObject>
83 inline Type& StructAfter(TObject &X)
84 { return StructAtOffset<Type>(X, X.get_size()); }
95 /* Global nul-content Null pool. Enlarge as necessary. */
96 static const void *_NullPool[32 / sizeof (void *)];
98 /* Generic template for nul-content sizeof-sized Null objects. */
99 template <typename Type>
100 static inline const Type& Null () {
101 ASSERT_STATIC (sizeof (Type) <= sizeof (_NullPool));
102 return *CastP<Type> (_NullPool);
105 /* Specializaiton for arbitrary-content arbitrary-sized Null objects. */
106 #define DEFINE_NULL_DATA(Type, size, data) \
107 static const char _Null##Type[size + 1] = data; /* +1 is for nul-termination in data */ \
109 inline const Type& Null<Type> () { \
110 return *CastP<Type> (_Null##Type); \
111 } /* The following line really exists such that we end in a place needing semicolon */ \
112 ASSERT_STATIC (sizeof (Type) + 1 <= sizeof (_Null##Type))
114 /* Accessor macro. */
115 #define Null(Type) Null<Type>()
123 #ifndef HB_DEBUG_SANITIZE
124 #define HB_DEBUG_SANITIZE HB_DEBUG+0
127 #define TRACE_SANITIZE() \
129 if (HB_DEBUG_SANITIZE) \
130 _hb_trace ("SANITIZE", __PRETTY_FUNCTION__, this, sanitize_depth, HB_DEBUG_SANITIZE); \
134 #define SANITIZE_ARG_DEF \
135 hb_sanitize_context_t *context, \
136 unsigned int sanitize_depth HB_GNUC_UNUSED
137 #define SANITIZE_ARG \
139 (HB_DEBUG_SANITIZE ? sanitize_depth + 1 : 0)
142 typedef struct _hb_sanitize_context_t hb_sanitize_context_t;
143 struct _hb_sanitize_context_t
145 const char *start, *end;
147 unsigned int edit_count;
150 static HB_GNUC_UNUSED void
151 _hb_sanitize_init (hb_sanitize_context_t *context,
154 context->start = hb_blob_lock (blob);
155 context->end = context->start + hb_blob_get_length (blob);
156 context->writable = hb_blob_is_writable (blob);
157 context->edit_count = 0;
159 #if HB_DEBUG_SANITIZE
160 fprintf (stderr, "sanitize %p init [%p..%p] (%u bytes)\n",
161 blob, context->start, context->end, context->end - context->start);
165 static HB_GNUC_UNUSED void
166 _hb_sanitize_fini (hb_sanitize_context_t *context HB_GNUC_UNUSED,
169 #if HB_DEBUG_SANITIZE
170 fprintf (stderr, "sanitize %p fini [%p..%p] %u edit requests\n",
171 blob, context->start, context->end, context->edit_count);
174 hb_blob_unlock (blob);
177 static HB_GNUC_UNUSED inline bool
178 _hb_sanitize_check (SANITIZE_ARG_DEF,
182 bool ret = context->start <= base &&
183 base <= context->end &&
184 (unsigned int) (context->end - base) >= len;
186 #if HB_DEBUG_SANITIZE
187 if (sanitize_depth < HB_DEBUG_SANITIZE) \
188 fprintf (stderr, "SANITIZE(%p) %-*d-> check [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \
190 sanitize_depth, sanitize_depth,
192 context->start, context->end,
193 ret ? "pass" : "FAIL");
198 static HB_GNUC_UNUSED inline bool
199 _hb_sanitize_array (SANITIZE_ARG_DEF,
201 unsigned int record_size,
204 bool overflows = len >= ((unsigned int) -1) / record_size;
206 #if HB_DEBUG_SANITIZE
207 if (sanitize_depth < HB_DEBUG_SANITIZE) \
208 fprintf (stderr, "SANITIZE(%p) %-*d-> array [%p..%p] (%d*%d=%ld bytes) in [%p..%p] -> %s\n", \
210 sanitize_depth, sanitize_depth,
211 base, base + (record_size * len), record_size, len, (unsigned long) record_size * len,
212 context->start, context->end,
213 !overflows ? "does not overflow" : "OVERFLOWS FAIL");
216 return HB_LIKELY (!overflows) && _hb_sanitize_check (SANITIZE_ARG, base, record_size * len);
219 static HB_GNUC_UNUSED inline bool
220 _hb_sanitize_edit (SANITIZE_ARG_DEF,
221 const char *base HB_GNUC_UNUSED,
222 unsigned int len HB_GNUC_UNUSED)
224 context->edit_count++;
226 #if HB_DEBUG_SANITIZE
227 fprintf (stderr, "SANITIZE(%p) %-*d-> edit(%u) [%p..%p] (%d bytes) in [%p..%p] -> %s\n", \
229 sanitize_depth, sanitize_depth,
232 context->start, context->end,
233 context->writable ? "granted" : "REJECTED");
236 return context->writable;
239 #define SANITIZE(X) HB_LIKELY ((X).sanitize (SANITIZE_ARG))
240 #define SANITIZE2(X,Y) (SANITIZE (X) && SANITIZE (Y))
242 #define SANITIZE_THIS(X) HB_LIKELY ((X).sanitize (SANITIZE_ARG, CharP(this)))
243 #define SANITIZE_THIS2(X,Y) (SANITIZE_THIS (X) && SANITIZE_THIS (Y))
244 #define SANITIZE_THIS3(X,Y,Z) (SANITIZE_THIS (X) && SANITIZE_THIS (Y) && SANITIZE_THIS(Z))
246 #define SANITIZE_BASE(X,B) HB_LIKELY ((X).sanitize (SANITIZE_ARG, B))
247 #define SANITIZE_BASE2(X,Y,B) (SANITIZE_BASE (X,B) && SANITIZE_BASE (Y,B))
249 #define SANITIZE_SELF() SANITIZE_OBJ (*this)
250 #define SANITIZE_OBJ(X) SANITIZE_MEM(&(X), sizeof (X))
252 #define SANITIZE_MEM(B,L) HB_LIKELY (_hb_sanitize_check (SANITIZE_ARG, CharP(B), (L)))
254 #define SANITIZE_ARRAY(A,S,L) HB_LIKELY (_hb_sanitize_array (SANITIZE_ARG, CharP(A), S, L))
256 #define NEUTER(Obj, Val) \
257 (SANITIZE_OBJ (Obj) && \
258 _hb_sanitize_edit (SANITIZE_ARG, CharP(&(Obj)), (Obj).get_size ()) && \
259 ((Obj).set (Val), true))
262 /* Template to sanitize an object. */
263 template <typename Type>
266 static hb_blob_t *sanitize (hb_blob_t *blob) {
267 hb_sanitize_context_t context[1];
268 unsigned int sanitize_depth = 0;
271 /* TODO is_sane() stuff */
274 #if HB_DEBUG_SANITIZE
275 fprintf (stderr, "Sanitizer %p start %s\n", blob, __PRETTY_FUNCTION__);
278 _hb_sanitize_init (context, blob);
280 /* Note: We drop const here */
281 Type *t = CastP<Type> ((void *) context->start);
283 sane = t->sanitize (SANITIZE_ARG);
285 if (context->edit_count) {
286 #if HB_DEBUG_SANITIZE
287 fprintf (stderr, "Sanitizer %p passed first round with %d edits; doing a second round %s\n",
288 blob, context->edit_count, __PRETTY_FUNCTION__);
290 /* sanitize again to ensure no toe-stepping */
291 context->edit_count = 0;
292 sane = t->sanitize (SANITIZE_ARG);
293 if (context->edit_count) {
294 #if HB_DEBUG_SANITIZE
295 fprintf (stderr, "Sanitizer %p requested %d edits in second round; FAILLING %s\n",
296 blob, context->edit_count, __PRETTY_FUNCTION__);
301 _hb_sanitize_fini (context, blob);
303 unsigned int edit_count = context->edit_count;
304 _hb_sanitize_fini (context, blob);
305 if (edit_count && !hb_blob_is_writable (blob) && hb_blob_try_writable (blob)) {
306 /* ok, we made it writable by relocating. try again */
307 #if HB_DEBUG_SANITIZE
308 fprintf (stderr, "Sanitizer %p retry %s\n", blob, __PRETTY_FUNCTION__);
314 #if HB_DEBUG_SANITIZE
315 fprintf (stderr, "Sanitizer %p %s %s\n", blob, sane ? "passed" : "FAILED", __PRETTY_FUNCTION__);
320 hb_blob_destroy (blob);
321 return hb_blob_create_empty ();
329 * The OpenType Font File: Data Types
333 /* "The following data types are used in the OpenType font file.
334 * All OpenType fonts use Motorola-style byte ordering (Big Endian):" */
341 template <typename Type, int Bytes> class BEInt;
343 /* LONGTERMTODO: On machines allowing unaligned access, we can make the
344 * following tighter by using byteswap instructions on ints directly. */
345 template <typename Type>
349 inline class BEInt<Type,2>& operator = (Type i) { hb_be_uint16_put (v,i); return *this; }
350 inline operator Type () const { return hb_be_uint16_get (v); }
351 inline bool operator == (const BEInt<Type, 2>& o) const { return hb_be_uint16_cmp (v, o.v); }
352 inline bool operator != (const BEInt<Type, 2>& o) const { return !(*this == o); }
353 private: uint8_t v[2];
355 template <typename Type>
359 inline class BEInt<Type,4>& operator = (Type i) { hb_be_uint32_put (v,i); return *this; }
360 inline operator Type () const { return hb_be_uint32_get (v); }
361 inline bool operator == (const BEInt<Type, 4>& o) const { return hb_be_uint32_cmp (v, o.v); }
362 inline bool operator != (const BEInt<Type, 4>& o) const { return !(*this == o); }
363 private: uint8_t v[4];
366 /* Integer types in big-endian order and no alignment requirement */
367 template <typename Type>
370 static inline unsigned int get_size () { return sizeof (Type); }
371 inline void set (Type i) { v = i; }
372 inline operator Type(void) const { return v; }
373 inline bool operator == (const IntType<Type> &o) const { return v == o.v; }
374 inline bool operator != (const IntType<Type> &o) const { return v != o.v; }
375 inline bool sanitize (SANITIZE_ARG_DEF) {
377 return SANITIZE_SELF ();
379 private: BEInt<Type, sizeof (Type)> v;
382 typedef IntType<uint16_t> USHORT; /* 16-bit unsigned integer. */
383 typedef IntType<int16_t> SHORT; /* 16-bit signed integer. */
384 typedef IntType<uint32_t> ULONG; /* 32-bit unsigned integer. */
385 typedef IntType<int32_t> LONG; /* 32-bit signed integer. */
387 ASSERT_SIZE (USHORT, 2);
388 ASSERT_SIZE (SHORT, 2);
389 ASSERT_SIZE (ULONG, 4);
390 ASSERT_SIZE (LONG, 4);
392 /* Array of four uint8s (length = 32 bits) used to identify a script, language
393 * system, feature, or baseline */
396 /* What the char* converters return is NOT nul-terminated. Print using "%.4s" */
397 inline operator const char* (void) const { return CharP(this); }
398 inline operator char* (void) { return CharP(this); }
400 ASSERT_SIZE (Tag, 4);
401 DEFINE_NULL_DATA (Tag, 4, " ");
403 /* Glyph index number, same as uint16 (length = 16 bits) */
404 typedef USHORT GlyphID;
406 /* Offset to a table, same as uint16 (length = 16 bits), Null offset = 0x0000 */
407 typedef USHORT Offset;
409 /* LongOffset to a table, same as uint32 (length = 32 bits), Null offset = 0x00000000 */
410 typedef ULONG LongOffset;
414 struct CheckSum : ULONG
416 static uint32_t CalcTableChecksum (ULONG *Table, uint32_t Length)
419 ULONG *EndPtr = Table+((Length+3) & ~3) / ULONG::get_size ();
421 while (Table < EndPtr)
426 ASSERT_SIZE (CheckSum, 4);
435 inline operator uint32_t (void) const { return (major << 16) + minor; }
437 inline bool sanitize (SANITIZE_ARG_DEF) {
439 return SANITIZE_SELF ();
445 ASSERT_SIZE (FixedVersion, 4);
450 * Template subclasses of Offset and LongOffset that do the dereferencing.
451 * Use: (this+memberName)
454 template <typename OffsetType, typename Type>
455 struct GenericOffsetTo : OffsetType
457 inline const Type& operator () (const void *base) const
459 unsigned int offset = *this;
460 if (HB_UNLIKELY (!offset)) return Null(Type);
461 return StructAtOffset<Type> (*CharP(base), offset);
464 inline bool sanitize (SANITIZE_ARG_DEF, void *base) {
466 if (!SANITIZE_SELF ()) return false;
467 unsigned int offset = *this;
468 if (HB_UNLIKELY (!offset)) return true;
469 return SANITIZE (StructAtOffset<Type> (*CharP(base), offset)) || NEUTER (*this, 0);
471 inline bool sanitize (SANITIZE_ARG_DEF, void *base, void *base2) {
473 if (!SANITIZE_SELF ()) return false;
474 unsigned int offset = *this;
475 if (HB_UNLIKELY (!offset)) return true;
476 return SANITIZE_BASE (StructAtOffset<Type> (*CharP(base), offset), base2) || NEUTER (*this, 0);
478 inline bool sanitize (SANITIZE_ARG_DEF, void *base, unsigned int user_data) {
480 if (!SANITIZE_SELF ()) return false;
481 unsigned int offset = *this;
482 if (HB_UNLIKELY (!offset)) return true;
483 return SANITIZE_BASE (StructAtOffset<Type> (*CharP(base), offset), user_data) || NEUTER (*this, 0);
486 template <typename Base, typename OffsetType, typename Type>
487 inline const Type& operator + (const Base &base, GenericOffsetTo<OffsetType, Type> offset) { return offset (base); }
489 template <typename Type>
490 struct OffsetTo : GenericOffsetTo<Offset, Type> {};
492 template <typename Type>
493 struct LongOffsetTo : GenericOffsetTo<LongOffset, Type> {};
500 template <typename LenType, typename Type>
501 struct GenericArrayOf
503 const Type *array(void) const { return &StructAfter<Type> (len); }
504 Type *array(void) { return &StructAfter<Type> (len); }
506 const Type *sub_array (unsigned int start_offset, unsigned int *pcount /* IN/OUT */) const
508 unsigned int count = len;
509 if (HB_UNLIKELY (start_offset > count))
512 count -= start_offset;
513 count = MIN (count, *pcount);
515 return array() + start_offset;
518 inline const Type& operator [] (unsigned int i) const
520 if (HB_UNLIKELY (i >= len)) return Null(Type);
523 inline unsigned int get_size () const
524 { return len.get_size () + len * Type::get_size (); }
526 inline bool sanitize_shallow (SANITIZE_ARG_DEF) {
528 return SANITIZE_SELF() && SANITIZE_ARRAY (this, Type::get_size (), len);
531 inline bool sanitize (SANITIZE_ARG_DEF) {
533 if (!HB_LIKELY (sanitize_shallow (SANITIZE_ARG))) return false;
534 /* Note: for structs that do not reference other structs,
535 * we do not need to call their sanitize() as we already did
536 * a bound check on the aggregate array size, hence the return.
539 /* We do keep this code though to make sure the structs pointed
540 * to do have a simple sanitize(), ie. they do not reference
542 unsigned int count = len;
543 for (unsigned int i = 0; i < count; i++)
544 if (!SANITIZE (array()[i]))
548 inline bool sanitize (SANITIZE_ARG_DEF, void *base) {
550 if (!HB_LIKELY (sanitize_shallow (SANITIZE_ARG))) return false;
551 unsigned int count = len;
552 for (unsigned int i = 0; i < count; i++)
553 if (!array()[i].sanitize (SANITIZE_ARG, base))
557 inline bool sanitize (SANITIZE_ARG_DEF, void *base, void *base2) {
559 if (!HB_LIKELY (sanitize_shallow (SANITIZE_ARG))) return false;
560 unsigned int count = len;
561 for (unsigned int i = 0; i < count; i++)
562 if (!array()[i].sanitize (SANITIZE_ARG, base, base2))
566 inline bool sanitize (SANITIZE_ARG_DEF, void *base, unsigned int user_data) {
568 if (!HB_LIKELY (sanitize_shallow (SANITIZE_ARG))) return false;
569 unsigned int count = len;
570 for (unsigned int i = 0; i < count; i++)
571 if (!array()[i].sanitize (SANITIZE_ARG, base, user_data))
580 /* An array with a USHORT number of elements. */
581 template <typename Type>
582 struct ArrayOf : GenericArrayOf<USHORT, Type> {};
584 /* An array with a ULONG number of elements. */
585 template <typename Type>
586 struct LongArrayOf : GenericArrayOf<ULONG, Type> {};
588 /* Array of Offset's */
589 template <typename Type>
590 struct OffsetArrayOf : ArrayOf<OffsetTo<Type> > {};
592 /* Array of LongOffset's */
593 template <typename Type>
594 struct LongOffsetArrayOf : ArrayOf<LongOffsetTo<Type> > {};
596 /* LongArray of LongOffset's */
597 template <typename Type>
598 struct LongOffsetLongArrayOf : LongArrayOf<LongOffsetTo<Type> > {};
600 /* Array of offsets relative to the beginning of the array itself. */
601 template <typename Type>
602 struct OffsetListOf : OffsetArrayOf<Type>
604 inline const Type& operator [] (unsigned int i) const
606 if (HB_UNLIKELY (i >= this->len)) return Null(Type);
607 return this+this->array()[i];
610 inline bool sanitize (SANITIZE_ARG_DEF) {
612 return OffsetArrayOf<Type>::sanitize (SANITIZE_ARG, CharP(this));
614 inline bool sanitize (SANITIZE_ARG_DEF, unsigned int user_data) {
616 return OffsetArrayOf<Type>::sanitize (SANITIZE_ARG, CharP(this), user_data);
621 /* An array with a USHORT number of elements,
622 * starting at second element. */
623 template <typename Type>
624 struct HeadlessArrayOf
626 const Type *array(void) const { return &StructAfter<Type> (len); }
627 Type *array(void) { return &StructAfter<Type> (len); }
629 inline const Type& operator [] (unsigned int i) const
631 if (HB_UNLIKELY (i >= len || !i)) return Null(Type);
634 inline unsigned int get_size () const
635 { return len.get_size () + (len ? len - 1 : 0) * Type::get_size (); }
637 inline bool sanitize_shallow (SANITIZE_ARG_DEF) {
639 return SANITIZE_SELF() && SANITIZE_ARRAY (this, Type::get_size (), len);
642 inline bool sanitize (SANITIZE_ARG_DEF) {
644 if (!HB_LIKELY (sanitize_shallow (SANITIZE_ARG))) return false;
645 /* Note: for structs that do not reference other structs,
646 * we do not need to call their sanitize() as we already did
647 * a bound check on the aggregate array size, hence the return.
650 /* We do keep this code though to make sure the structs pointed
651 * to do have a simple sanitize(), ie. they do not reference
653 unsigned int count = len ? len - 1 : 0;
655 for (unsigned int i = 0; i < count; i++)
656 if (!SANITIZE (a[i]))
666 #endif /* HB_OPEN_TYPE_PRIVATE_HH */