static void
gxv_kern_subtable_fmt2_validate( FT_Bytes table,
FT_Bytes limit,
GXV_Validator gxvalid )
{
GXV_ODTECT( 3, odtect );
GXV_kern_subtable_fmt2_DataRec fmt2_rec =
{ 0, 0, { 0, 0 }, { 0, 0 }, { "leftClass", "rightClass" }, NULL };
FT_Bytes p = table + GXV_KERN_SUBTABLE_HEADER_SIZE;
FT_UShort leftOffsetTable;
FT_UShort rightOffsetTable;
GXV_NAME_ENTER( "kern subtable format 2" );
GXV_ODTECT_INIT( odtect );
fmt2_rec.odtect = odtect;
GXV_KERN_DATA( subtable_data ) = &fmt2_rec;
GXV_LIMIT_CHECK( 2 + 2 + 2 + 2 );
GXV_KERN_FMT2_DATA( rowWidth ) = FT_NEXT_USHORT( p );
leftOffsetTable = FT_NEXT_USHORT( p );
rightOffsetTable = FT_NEXT_USHORT( p );
GXV_KERN_FMT2_DATA( array ) = FT_NEXT_USHORT( p );
GXV_TRACE(( "rowWidth = %d\n", GXV_KERN_FMT2_DATA( rowWidth ) ));
GXV_LIMIT_CHECK( leftOffsetTable );
GXV_LIMIT_CHECK( rightOffsetTable );
GXV_LIMIT_CHECK( GXV_KERN_FMT2_DATA( array ) );
gxv_kern_subtable_fmt2_clstbl_validate( table + leftOffsetTable, limit,
GXV_KERN_CLS_L, gxvalid );
gxv_kern_subtable_fmt2_clstbl_validate( table + rightOffsetTable, limit,
GXV_KERN_CLS_R, gxvalid );
if ( GXV_KERN_FMT2_DATA( offset_min[GXV_KERN_CLS_L] ) +
GXV_KERN_FMT2_DATA( offset_min[GXV_KERN_CLS_R] )
< GXV_KERN_FMT2_DATA( array ) )
FT_INVALID_OFFSET;
gxv_odtect_add_range( table + GXV_KERN_FMT2_DATA( array ),
GXV_KERN_FMT2_DATA( offset_max[GXV_KERN_CLS_L] )
+ GXV_KERN_FMT2_DATA( offset_max[GXV_KERN_CLS_R] )
- GXV_KERN_FMT2_DATA( array ),
"array", odtect );
gxv_odtect_validate( odtect, gxvalid );
GXV_EXIT;
}
static void
gxv_trak_trackData_validate( FT_Bytes table,
FT_Bytes limit,
GXV_Validator gxvalid )
{
FT_Bytes p = table;
FT_UShort nTracks;
FT_UShort nSizes;
FT_ULong sizeTableOffset;
GXV_ODTECT( 4, odtect );
GXV_ODTECT_INIT( odtect );
GXV_NAME_ENTER( "trackData" );
/* read the header of trackData */
GXV_LIMIT_CHECK( 2 + 2 + 4 );
nTracks = FT_NEXT_USHORT( p );
nSizes = FT_NEXT_USHORT( p );
sizeTableOffset = FT_NEXT_ULONG( p );
gxv_odtect_add_range( table, (FT_ULong)( p - table ),
"trackData header", odtect );
/* validate trackTable */
gxv_trak_trackTable_validate( p, limit, nTracks, gxvalid );
gxv_odtect_add_range( p, gxvalid->subtable_length,
"trackTable", odtect );
/* sizeTable is array of FT_Fixed, don't check contents */
p = gxvalid->root->base + sizeTableOffset;
GXV_LIMIT_CHECK( nSizes * 4 );
gxv_odtect_add_range( p, nSizes * 4, "sizeTable", odtect );
/* validate trackValueOffet */
p = gxvalid->root->base + GXV_TRAK_DATA( trackValueOffset_min );
if ( limit - p < nTracks * nSizes * 2 )
GXV_TRACE(( "too short trackValue array\n" ));
p = gxvalid->root->base + GXV_TRAK_DATA( trackValueOffset_max );
GXV_LIMIT_CHECK( nSizes * 2 );
gxv_odtect_add_range( gxvalid->root->base
+ GXV_TRAK_DATA( trackValueOffset_min ),
GXV_TRAK_DATA( trackValueOffset_max )
- GXV_TRAK_DATA( trackValueOffset_min )
+ nSizes * 2,
"trackValue array", odtect );
gxv_odtect_validate( odtect, gxvalid );
GXV_EXIT;
}
gxv_just_validate( FT_Bytes table,
FT_Face face,
FT_Validator ftvalid )
{
FT_Bytes p = table;
FT_Bytes limit = 0;
FT_UInt table_size;
GXV_ValidatorRec validrec;
GXV_Validator valid = &validrec;
GXV_just_DataRec justrec;
GXV_just_Data just = &justrec;
FT_ULong version;
FT_UShort format;
FT_UShort horizOffset;
FT_UShort vertOffset;
GXV_ODTECT( 3, odtect );
GXV_ODTECT_INIT( odtect );
valid->root = ftvalid;
valid->table_data = just;
valid->face = face;
FT_TRACE3(( "validating `just' table\n" ));
GXV_INIT;
limit = valid->root->limit;
table_size = limit - table;
GXV_LIMIT_CHECK( 4 + 2 + 2 + 2 );
version = FT_NEXT_ULONG( p );
format = FT_NEXT_USHORT( p );
horizOffset = FT_NEXT_USHORT( p );
vertOffset = FT_NEXT_USHORT( p );
gxv_odtect_add_range( table, p - table, "just header", odtect );
/* Version 1.0 (always:2000) */
GXV_TRACE(( " (version = 0x%08x)\n", version ));
if ( version != 0x00010000UL )
FT_INVALID_FORMAT;
/* format 0 (always:2000) */
GXV_TRACE(( " (format = 0x%04x)\n", format ));
if ( format != 0x0000 )
FT_INVALID_FORMAT;
GXV_TRACE(( " (horizOffset = %d)\n", horizOffset ));
GXV_TRACE(( " (vertOffset = %d)\n", vertOffset ));
/* validate justData */
if ( 0 < horizOffset )
{
gxv_just_justData_validate( table + horizOffset, limit, valid );
gxv_odtect_add_range( table + horizOffset, valid->subtable_length,
"horizJustData", odtect );
}
if ( 0 < vertOffset )
{
gxv_just_justData_validate( table + vertOffset, limit, valid );
gxv_odtect_add_range( table + vertOffset, valid->subtable_length,
"vertJustData", odtect );
}
gxv_odtect_validate( odtect, valid );
FT_TRACE4(( "\n" ));
}
/*
* gxv_just_justData_validate() parses and validates horizData, vertData.
*/
static void
gxv_just_justData_validate( FT_Bytes table,
FT_Bytes limit,
GXV_Validator valid )
{
/*
* following 3 offsets are measured from the start of `just'
* (which table points to), not justData
*/
FT_UShort justClassTableOffset;
FT_UShort wdcTableOffset;
FT_UShort pcTableOffset;
FT_Bytes p = table;
GXV_ODTECT( 4, odtect );
GXV_NAME_ENTER( "just justData" );
GXV_ODTECT_INIT( odtect );
GXV_LIMIT_CHECK( 2 + 2 + 2 );
justClassTableOffset = FT_NEXT_USHORT( p );
wdcTableOffset = FT_NEXT_USHORT( p );
pcTableOffset = FT_NEXT_USHORT( p );
GXV_TRACE(( " (justClassTableOffset = 0x%04x)\n", justClassTableOffset ));
GXV_TRACE(( " (wdcTableOffset = 0x%04x)\n", wdcTableOffset ));
GXV_TRACE(( " (pcTableOffset = 0x%04x)\n", pcTableOffset ));
gxv_just_justData_lookuptable_validate( p, limit, valid );
gxv_odtect_add_range( p, valid->subtable_length,
"just_LookupTable", odtect );
if ( wdcTableOffset )
{
gxv_just_widthDeltaClusters_validate(
valid->root->base + wdcTableOffset, limit, valid );
gxv_odtect_add_range( valid->root->base + wdcTableOffset,
valid->subtable_length, "just_wdcTable", odtect );
}
if ( pcTableOffset )
{
gxv_just_postcompTable_validate( valid->root->base + pcTableOffset,
limit, valid );
gxv_odtect_add_range( valid->root->base + pcTableOffset,
valid->subtable_length, "just_pcTable", odtect );
}
if ( justClassTableOffset )
{
gxv_just_justClassTable_validate(
valid->root->base + justClassTableOffset, limit, valid );
gxv_odtect_add_range( valid->root->base + justClassTableOffset,
valid->subtable_length, "just_justClassTable",
odtect );
}
gxv_odtect_validate( odtect, valid );
GXV_EXIT;
}
gxv_trak_validate( FT_Bytes table,
FT_Face face,
FT_Validator ftvalid )
{
FT_Bytes p = table;
FT_Bytes limit = 0;
GXV_ValidatorRec gxvalidrec;
GXV_Validator gxvalid = &gxvalidrec;
GXV_trak_DataRec trakrec;
GXV_trak_Data trak = &trakrec;
FT_ULong version;
FT_UShort format;
FT_UShort horizOffset;
FT_UShort vertOffset;
FT_UShort reserved;
GXV_ODTECT( 3, odtect );
GXV_ODTECT_INIT( odtect );
gxvalid->root = ftvalid;
gxvalid->table_data = trak;
gxvalid->face = face;
limit = gxvalid->root->limit;
FT_TRACE3(( "validating `trak' table\n" ));
GXV_INIT;
GXV_LIMIT_CHECK( 4 + 2 + 2 + 2 + 2 );
version = FT_NEXT_ULONG( p );
format = FT_NEXT_USHORT( p );
horizOffset = FT_NEXT_USHORT( p );
vertOffset = FT_NEXT_USHORT( p );
reserved = FT_NEXT_USHORT( p );
GXV_TRACE(( " (version = 0x%08x)\n", version ));
GXV_TRACE(( " (format = 0x%04x)\n", format ));
GXV_TRACE(( " (horizOffset = 0x%04x)\n", horizOffset ));
GXV_TRACE(( " (vertOffset = 0x%04x)\n", vertOffset ));
GXV_TRACE(( " (reserved = 0x%04x)\n", reserved ));
/* Version 1.0 (always:1996) */
if ( version != 0x00010000UL )
FT_INVALID_FORMAT;
/* format 0 (always:1996) */
if ( format != 0x0000 )
FT_INVALID_FORMAT;
GXV_32BIT_ALIGNMENT_VALIDATE( horizOffset );
GXV_32BIT_ALIGNMENT_VALIDATE( vertOffset );
/* Reserved Fixed Value (always) */
if ( reserved != 0x0000 )
FT_INVALID_DATA;
/* validate trackData */
if ( 0 < horizOffset )
{
gxv_trak_trackData_validate( table + horizOffset, limit, gxvalid );
gxv_odtect_add_range( table + horizOffset, gxvalid->subtable_length,
"horizJustData", odtect );
}
if ( 0 < vertOffset )
{
gxv_trak_trackData_validate( table + vertOffset, limit, gxvalid );
gxv_odtect_add_range( table + vertOffset, gxvalid->subtable_length,
"vertJustData", odtect );
}
gxv_odtect_validate( odtect, gxvalid );
FT_TRACE4(( "\n" ));
}