yusukes@chromium.org | d257d18 | 2009-11-04 04:56:32 +0000 | [diff] [blame] | 1 | // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
yusukes@chromium.org | 9601aa9 | 2009-12-03 10:25:32 +0000 | [diff] [blame^] | 5 | #if !defined(_MSC_VER) |
| 6 | #ifdef __linux__ |
| 7 | // Linux |
| 8 | #include <freetype/ftoutln.h> |
yusukes@chromium.org | d257d18 | 2009-11-04 04:56:32 +0000 | [diff] [blame] | 9 | #include <ft2build.h> |
| 10 | #include FT_FREETYPE_H |
yusukes@chromium.org | 9601aa9 | 2009-12-03 10:25:32 +0000 | [diff] [blame^] | 11 | #else |
| 12 | // Mac OS X |
| 13 | #include <ApplicationServices/ApplicationServices.h> // g++ -framework Cocoa |
| 14 | #endif // __linux__ |
| 15 | #else |
| 16 | // Windows |
| 17 | // TODO(yusukes): Support Windows. |
| 18 | #endif // _MSC_VER |
| 19 | |
| 20 | #include <fcntl.h> |
yusukes@chromium.org | d257d18 | 2009-11-04 04:56:32 +0000 | [diff] [blame] | 21 | #include <sys/stat.h> |
| 22 | #include <sys/types.h> |
yusukes@chromium.org | 8ad0a17 | 2009-11-04 06:07:58 +0000 | [diff] [blame] | 23 | #include <unistd.h> |
yusukes@chromium.org | d257d18 | 2009-11-04 04:56:32 +0000 | [diff] [blame] | 24 | |
| 25 | #include <cstdio> |
| 26 | #include <cstdlib> |
| 27 | #include <cstring> |
| 28 | |
| 29 | #include "opentype-sanitiser.h" |
| 30 | #include "ots-memory-stream.h" |
| 31 | |
| 32 | namespace { |
| 33 | |
yusukes@chromium.org | 9601aa9 | 2009-12-03 10:25:32 +0000 | [diff] [blame^] | 34 | #if !defined(_MSC_VER) |
| 35 | #ifdef __linux__ |
| 36 | // Linux |
yusukes@chromium.org | d257d18 | 2009-11-04 04:56:32 +0000 | [diff] [blame] | 37 | void LoadChar(FT_Face face, int pt, FT_ULong c) { |
| 38 | FT_Matrix matrix; |
| 39 | matrix.xx = matrix.yy = 1 << 16; |
| 40 | matrix.xy = matrix.yx = 0 << 16; |
| 41 | |
| 42 | FT_Set_Char_Size(face, pt * (1 << 6), 0, 72, 0); |
| 43 | FT_Set_Transform(face, &matrix, 0); |
| 44 | FT_Load_Char(face, c, FT_LOAD_RENDER); |
| 45 | } |
| 46 | |
yusukes@chromium.org | 9601aa9 | 2009-12-03 10:25:32 +0000 | [diff] [blame^] | 47 | int OpenAndLoadChars( |
| 48 | const char *file_name, uint8_t *trans_font, size_t trans_len) { |
| 49 | FT_Library library; |
| 50 | FT_Error error = FT_Init_FreeType(&library); |
| 51 | if (error) { |
| 52 | std::fprintf(stderr, "Failed to initialize FreeType2!\n"); |
| 53 | return 1; |
| 54 | } |
| 55 | |
yusukes@chromium.org | d257d18 | 2009-11-04 04:56:32 +0000 | [diff] [blame] | 56 | FT_Face trans_face; |
yusukes@chromium.org | 9601aa9 | 2009-12-03 10:25:32 +0000 | [diff] [blame^] | 57 | error = FT_New_Memory_Face(library, trans_font, trans_len, 0, &trans_face); |
yusukes@chromium.org | d257d18 | 2009-11-04 04:56:32 +0000 | [diff] [blame] | 58 | if (error) { |
| 59 | std::fprintf(stderr, |
| 60 | "OK: FreeType2 couldn't open the transcoded font: %s\n", |
| 61 | file_name); |
| 62 | return 0; |
| 63 | } |
| 64 | |
| 65 | static const int kPts[] = {100, 20, 18, 16, 12, 10, 8}; // pt |
| 66 | static const size_t kPtsLen = sizeof(kPts) / sizeof(kPts[0]); |
| 67 | |
| 68 | static const int kUnicodeRanges[] = { |
| 69 | 0x0020, 0x007E, // Basic Latin (ASCII) |
| 70 | 0x00A1, 0x017F, // Latin-1 |
| 71 | 0x1100, 0x11FF, // Hangul |
| 72 | 0x3040, 0x309F, // Japanese HIRAGANA letters |
| 73 | 0x3130, 0x318F, // Hangul |
| 74 | 0x4E00, 0x4F00, // CJK Kanji/Hanja |
| 75 | 0xAC00, 0xAD00, // Hangul |
| 76 | }; |
| 77 | static const size_t kUnicodeRangesLen |
| 78 | = sizeof(kUnicodeRanges) / sizeof(kUnicodeRanges[0]); |
| 79 | |
| 80 | for (size_t i = 0; i < kPtsLen; ++i) { |
| 81 | for (size_t j = 0; j < kUnicodeRangesLen; j += 2) { |
| 82 | for (int k = 0; k <= kUnicodeRanges[j + 1] - kUnicodeRanges[j]; ++k) { |
| 83 | LoadChar(trans_face, kPts[i], kUnicodeRanges[j] + k); |
| 84 | } |
| 85 | } |
| 86 | } |
| 87 | |
| 88 | std::fprintf(stderr, "OK: FreeType2 didn't crash: %s\n", file_name); |
| 89 | return 0; |
| 90 | } |
yusukes@chromium.org | 9601aa9 | 2009-12-03 10:25:32 +0000 | [diff] [blame^] | 91 | #else |
| 92 | // Mac OS X |
| 93 | int OpenAndLoadChars( |
| 94 | const char *file_name, uint8_t *trans_font, size_t trans_len) { |
| 95 | ATSFontContainerRef container_ref = 0; |
| 96 | ATSFontActivateFromMemory(trans_font, trans_len, 3, kATSFontFormatUnspecified, |
| 97 | NULL, kATSOptionFlagsDefault, &container_ref); |
| 98 | if (!container_ref) { |
| 99 | std::fprintf(stderr, |
| 100 | "OK: font renderer couldn't open the transcoded font: %s\n", |
| 101 | file_name); |
| 102 | return 0; |
| 103 | } |
| 104 | |
| 105 | ItemCount count; |
| 106 | ATSFontFindFromContainer( |
| 107 | container_ref, kATSOptionFlagsDefault, 0, NULL, &count); |
| 108 | if (!count) { |
| 109 | std::fprintf(stderr, |
| 110 | "OK: font renderer couldn't open the transcoded font: %s\n", |
| 111 | file_name); |
| 112 | return 0; |
| 113 | } |
| 114 | |
| 115 | ATSFontRef ats_font_ref = 0; |
| 116 | ATSFontFindFromContainer( |
| 117 | container_ref, kATSOptionFlagsDefault, 1, &ats_font_ref, NULL); |
| 118 | if (!ats_font_ref) { |
| 119 | std::fprintf(stderr, |
| 120 | "OK: font renderer couldn't open the transcoded font: %s\n", |
| 121 | file_name); |
| 122 | return 0; |
| 123 | } |
| 124 | |
| 125 | CGFontRef cg_font_ref = CGFontCreateWithPlatformFont(&ats_font_ref); |
| 126 | if (!CGFontGetNumberOfGlyphs(cg_font_ref)) { |
| 127 | std::fprintf(stderr, |
| 128 | "OK: font renderer couldn't open the transcoded font: %s\n", |
| 129 | file_name); |
| 130 | return 0; |
| 131 | } |
| 132 | |
| 133 | std::fprintf(stderr, "OK: font renderer didn't crash: %s\n", file_name); |
| 134 | // TODO(yusukes): would be better to perform LoadChar() like Linux. |
| 135 | return 0; |
| 136 | } |
| 137 | #endif // __linux__ |
| 138 | #else |
| 139 | // Windows |
| 140 | // TODO(yusukes): Support Windows. |
| 141 | #endif // _MSC_VER |
yusukes@chromium.org | d257d18 | 2009-11-04 04:56:32 +0000 | [diff] [blame] | 142 | |
| 143 | } // namespace |
| 144 | |
| 145 | int main(int argc, char **argv) { |
| 146 | ots::DisableDebugOutput(); // turn off ERROR and WARNING outputs. |
| 147 | |
| 148 | if (argc != 2) { |
| 149 | std::fprintf(stderr, "Usage: %s ttf_or_otf_filename\n", argv[0]); |
| 150 | return 1; |
| 151 | } |
| 152 | |
| 153 | // load the font to memory. |
| 154 | const int fd = ::open(argv[1], O_RDONLY); |
| 155 | if (fd < 0) { |
| 156 | ::perror("open"); |
| 157 | return 1; |
| 158 | } |
| 159 | |
| 160 | struct stat st; |
| 161 | ::fstat(fd, &st); |
| 162 | const off_t orig_len = st.st_size; |
| 163 | |
| 164 | uint8_t *orig_font = new uint8_t[orig_len]; |
| 165 | if (::read(fd, orig_font, orig_len) != orig_len) { |
| 166 | std::fprintf(stderr, "Failed to read file!\n"); |
| 167 | return 1; |
| 168 | } |
| 169 | ::close(fd); |
| 170 | |
| 171 | // transcode the malicious font. |
| 172 | static const size_t kBigPadLen = 1024 * 1024; // 1MB |
| 173 | uint8_t *trans_font = new uint8_t[orig_len + kBigPadLen]; |
| 174 | ots::MemoryStream output(trans_font, orig_len + kBigPadLen); |
| 175 | |
| 176 | bool result = ots::Process(&output, orig_font, orig_len); |
| 177 | if (!result) { |
| 178 | std::fprintf(stderr, "OK: the malicious font was filtered: %s\n", argv[1]); |
| 179 | return 0; |
| 180 | } |
| 181 | const size_t trans_len = output.Tell(); |
| 182 | |
yusukes@chromium.org | 9601aa9 | 2009-12-03 10:25:32 +0000 | [diff] [blame^] | 183 | return OpenAndLoadChars(argv[1], trans_font, trans_len); |
yusukes@chromium.org | d257d18 | 2009-11-04 04:56:32 +0000 | [diff] [blame] | 184 | } |