static FT_Error
pcf_read_TOC( FT_Stream stream,
PCF_Face face )
{
FT_Error error;
PCF_Toc toc = &face->toc;
PCF_Table tables;
FT_Memory memory = FT_FACE( face )->memory;
FT_UInt n;
FT_ULong size;
if ( FT_STREAM_SEEK( 0 ) ||
FT_STREAM_READ_FIELDS( pcf_toc_header, toc ) )
return FT_THROW( Cannot_Open_Resource );
if ( toc->version != PCF_FILE_VERSION ||
toc->count > FT_ARRAY_MAX( face->toc.tables ) ||
toc->count == 0 )
return FT_THROW( Invalid_File_Format );
if ( FT_NEW_ARRAY( face->toc.tables, toc->count ) )
return FT_THROW( Out_Of_Memory );
tables = face->toc.tables;
for ( n = 0; n < toc->count; n++ )
{
if ( FT_STREAM_READ_FIELDS( pcf_table_header, tables ) )
goto Exit;
tables++;
}
/* Sort tables and check for overlaps. Because they are almost */
/* always ordered already, an in-place bubble sort with simultaneous */
/* boundary checking seems appropriate. */
tables = face->toc.tables;
for ( n = 0; n < toc->count - 1; n++ )
{
FT_UInt i, have_change;
have_change = 0;
for ( i = 0; i < toc->count - 1 - n; i++ )
{
PCF_TableRec tmp;
if ( tables[i].offset > tables[i + 1].offset )
{
tmp = tables[i];
tables[i] = tables[i + 1];
tables[i + 1] = tmp;
have_change = 1;
}
if ( ( tables[i].size > tables[i + 1].offset ) ||
( tables[i].offset > tables[i + 1].offset - tables[i].size ) )
{
error = FT_THROW( Invalid_Offset );
goto Exit;
}
}
if ( !have_change )
break;
}
/*
* We now check whether the `size' and `offset' values are reasonable:
* `offset' + `size' must not exceed the stream size.
*
* Note, however, that X11's `pcfWriteFont' routine (used by the
* `bdftopcf' program to create PDF font files) has two special
* features.
*
* - It always assigns the accelerator table a size of 100 bytes in the
* TOC, regardless of its real size, which can vary between 34 and 72
* bytes.
*
* - Due to the way the routine is designed, it ships out the last font
* table with its real size, ignoring the TOC's size value. Since
* the TOC size values are always rounded up to a multiple of 4, the
* difference can be up to three bytes for all tables except the
* accelerator table, for which the difference can be as large as 66
* bytes.
*
*/
tables = face->toc.tables;
size = stream->size;
for ( n = 0; n < toc->count - 1; n++ )
{
/* we need two checks to avoid overflow */
if ( ( tables->size > size ) ||
( tables->offset > size - tables->size ) )
{
error = FT_THROW( Invalid_Table );
goto Exit;
}
tables++;
}
/* only check `tables->offset' for last table element ... */
if ( ( tables->offset > size ) )
{
error = FT_THROW( Invalid_Table );
goto Exit;
}
/* ... and adjust `tables->size' to the real value if necessary */
if ( tables->size > size - tables->offset )
tables->size = size - tables->offset;
#ifdef FT_DEBUG_LEVEL_TRACE
{
FT_UInt i, j;
const char* name = "?";
FT_TRACE4(( "pcf_read_TOC:\n" ));
FT_TRACE4(( " number of tables: %ld\n", face->toc.count ));
tables = face->toc.tables;
for ( i = 0; i < toc->count; i++ )
{
for ( j = 0; j < sizeof ( tableNames ) / sizeof ( tableNames[0] );
j++ )
if ( tables[i].type == (FT_UInt)( 1 << j ) )
name = tableNames[j];
FT_TRACE4(( " %d: type=%s, format=0x%X, "
"size=%ld (0x%lX), offset=%ld (0x%lX)\n",
i, name,
tables[i].format,
tables[i].size, tables[i].size,
tables[i].offset, tables[i].offset ));
}
}
#endif
return FT_Err_Ok;
Exit:
FT_FREE( face->toc.tables );
return error;
}
static FT_Error
pcf_read_TOC( FT_Stream stream,
PCF_Face face )
{
FT_Error error;
PCF_Toc toc = &face->toc;
PCF_Table tables;
FT_Memory memory = FT_FACE(face)->memory;
FT_UInt n;
if ( FT_STREAM_SEEK ( 0 ) ||
FT_STREAM_READ_FIELDS ( pcf_toc_header, toc ) )
return PCF_Err_Cannot_Open_Resource;
if ( toc->version != PCF_FILE_VERSION ||
toc->count > FT_ARRAY_MAX( face->toc.tables ) ||
toc->count == 0 )
return PCF_Err_Invalid_File_Format;
if ( FT_NEW_ARRAY( face->toc.tables, toc->count ) )
return PCF_Err_Out_Of_Memory;
tables = face->toc.tables;
for ( n = 0; n < toc->count; n++ )
{
if ( FT_STREAM_READ_FIELDS( pcf_table_header, tables ) )
goto Exit;
tables++;
}
/* Sort tables and check for overlaps. Because they are almost */
/* always ordered already, an in-place bubble sort with simultaneous */
/* boundary checking seems appropriate. */
tables = face->toc.tables;
for ( n = 0; n < toc->count - 1; n++ )
{
FT_UInt i, have_change;
have_change = 0;
for ( i = 0; i < toc->count - 1 - n; i++ )
{
PCF_TableRec tmp;
if ( tables[i].offset > tables[i + 1].offset )
{
tmp = tables[i];
tables[i] = tables[i + 1];
tables[i + 1] = tmp;
have_change = 1;
}
if ( ( tables[i].size > tables[i + 1].offset ) ||
( tables[i].offset > tables[i + 1].offset - tables[i].size ) )
return PCF_Err_Invalid_Offset;
}
if ( !have_change )
break;
}
#ifdef FT_DEBUG_LEVEL_TRACE
{
FT_UInt i, j;
const char* name = "?";
FT_TRACE4(( "pcf_read_TOC:\n" ));
FT_TRACE4(( " number of tables: %ld\n", face->toc.count ));
tables = face->toc.tables;
for ( i = 0; i < toc->count; i++ )
{
for ( j = 0; j < sizeof ( tableNames ) / sizeof ( tableNames[0] );
j++ )
if ( tables[i].type == (FT_UInt)( 1 << j ) )
name = tableNames[j];
FT_TRACE4(( " %d: type=%s, format=0x%X, "
"size=%ld (0x%lX), offset=%ld (0x%lX)\n",
i, name,
tables[i].format,
tables[i].size, tables[i].size,
tables[i].offset, tables[i].offset ));
}
}
#endif
return PCF_Err_Ok;
Exit:
FT_FREE( face->toc.tables );
return error;
}
static FT_Error
pcf_read_TOC( FT_Stream stream,
PCF_Face face )
{
FT_Error error;
PCF_Toc toc = &face->toc;
PCF_Table tables;
FT_Memory memory = FT_FACE(face)->memory;
FT_UInt n;
if ( FT_STREAM_SEEK ( 0 ) ||
FT_STREAM_READ_FIELDS ( pcf_toc_header, toc ) )
return PCF_Err_Cannot_Open_Resource;
if ( toc->version != PCF_FILE_VERSION ||
toc->count > FT_ARRAY_MAX( face->toc.tables ) )
return PCF_Err_Invalid_File_Format;
if ( FT_NEW_ARRAY( face->toc.tables, toc->count ) )
return PCF_Err_Out_Of_Memory;
tables = face->toc.tables;
for ( n = 0; n < toc->count; n++ )
{
if ( FT_STREAM_READ_FIELDS( pcf_table_header, tables ) )
goto Exit;
tables++;
}
#if defined( FT_DEBUG_LEVEL_TRACE )
{
FT_UInt i, j;
const char* name = "?";
FT_TRACE4(( "pcf_read_TOC:\n" ));
FT_TRACE4(( " number of tables: %ld\n", face->toc.count ));
tables = face->toc.tables;
for ( i = 0; i < toc->count; i++ )
{
for( j = 0; j < sizeof ( tableNames ) / sizeof ( tableNames[0] ); j++ )
if ( tables[i].type == (FT_UInt)( 1 << j ) )
name = tableNames[j];
FT_TRACE4(( " %d: type=%s, format=0x%X, "
"size=%ld (0x%lX), offset=%ld (0x%lX)\n",
i, name,
tables[i].format,
tables[i].size, tables[i].size,
tables[i].offset, tables[i].offset ));
}
}
#endif
return PCF_Err_Ok;
Exit:
FT_FREE( face->toc.tables );
return error;
}
