Add a size limit for font tables.

Add a generous 200 MB limit for font tables. Enforce the limit in Font::Builder::LoadTableData(). Clean up some nits along the way. Fixes https://crbug.com/641446
author: Lei Zhang <leizleiz@users.noreply.github.com> 2016-09-01 00:15:48 -0700
committer: Lei Zhang <leizleiz@users.noreply.github.com> 2016-09-01 00:15:48 -0700
commit: 813efeb18bf6205354b01a525352ebdb10eebe06 (patch)
tree: ebeb0736af74deaca8c0f4e4581ceb86e2c64bd5
parent: 08652be8695a5e3732fa5c3d5d9c0a6d98b3b9e0 (diff)
download: sfntly-813efeb18bf6205354b01a525352ebdb10eebe06.tar.gz
2 files changed, 35 insertions, 29 deletions
diff --git a/cpp/src/sfntly/font.cc b/cpp/src/sfntly/font.cc
index 347e0c1..cfb956f 100644
--- a/cpp/src/sfntly/font.cc
+++ b/cpp/src/sfntly/font.cc
@@ -40,24 +40,27 @@
 
 namespace sfntly {
 
-const int32_t SFNTVERSION_MAJOR = 1;
-const int32_t SFNTVERSION_MINOR = 0;
+namespace {
+
+const int32_t kSFNTVersionMajor = 1;
+const int32_t kSFNTVersionMinor = 0;
+
+const int32_t kMaxTableSize = 200 * 1024 * 1024;
+
+}  // namespace
 
 /******************************************************************************
  * Font class
  ******************************************************************************/
 Font::~Font() {}
 
-bool Font::HasTable(int32_t tag) {
-  TableMap::const_iterator result = tables_.find(tag);
-  TableMap::const_iterator end = tables_.end();
-  return (result != end);
+bool Font::HasTable(int32_t tag) const {
+  return tables_.find(tag) != tables_.end();
 }
 
 Table* Font::GetTable(int32_t tag) {
-  if (!HasTable(tag)) {
+  if (!HasTable(tag))
     return NULL;
-  }
   return tables_[tag];
 }
 
@@ -308,15 +311,12 @@ Table::Builder* Font::Builder::NewTableBuilder(int32_t tag,
 }
 
 void Font::Builder::RemoveTableBuilder(int32_t tag) {
-  TableBuilderMap::iterator target = table_builders_.find(tag);
-  if (target != table_builders_.end()) {
-    table_builders_.erase(target);
-  }
+  table_builders_.erase(tag);
 }
 
 Font::Builder::Builder(FontFactory* factory)
     : factory_(factory),
-      sfnt_version_(Fixed1616::Fixed(SFNTVERSION_MAJOR, SFNTVERSION_MINOR)) {
+      sfnt_version_(Fixed1616::Fixed(kSFNTVersionMajor, kSFNTVersionMinor)) {
 }
 
 void Font::Builder::LoadFont(InputStream* is) {
@@ -525,32 +525,38 @@ void Font::Builder::LoadTableData(HeaderOffsetSortedSet* headers,
                                   FontInputStream* is,
                                   DataBlockMap* table_data) {
   assert(table_data);
-  for (HeaderOffsetSortedSet::iterator table_header = headers->begin(),
+  for (HeaderOffsetSortedSet::iterator it = headers->begin(),
                                        table_end = headers->end();
-                                       table_header != table_end;
-                                       ++table_header) {
-    is->Skip((*table_header)->offset() - is->position());
-    FontInputStream table_is(is, (*table_header)->length());
+                                       it != table_end;
+                                       ++it) {
+    const Ptr<Header> header = *it;
+    is->Skip(header->offset() - is->position());
+    if (header->length() > kMaxTableSize)
+      continue;
+
+    FontInputStream table_is(is, header->length());
     WritableFontDataPtr data;
-    data.Attach(
-        WritableFontData::CreateWritableFontData((*table_header)->length()));
-    data->CopyFrom(&table_is, (*table_header)->length());
-    table_data->insert(DataBlockEntry(*table_header, data));
+    data.Attach(WritableFontData::CreateWritableFontData(header->length()));
+    data->CopyFrom(&table_is, header->length());
+    table_data->insert(DataBlockEntry(header, data));
   }
 }
 
 void Font::Builder::LoadTableData(HeaderOffsetSortedSet* headers,
                                   WritableFontData* fd,
                                   DataBlockMap* table_data) {
-  for (HeaderOffsetSortedSet::iterator table_header = headers->begin(),
+  for (HeaderOffsetSortedSet::iterator it = headers->begin(),
                                        table_end = headers->end();
-                                       table_header != table_end;
-                                       ++table_header) {
+                                       it != table_end;
+                                       ++it) {
+    const Ptr<Header> header = *it;
+    if (header->length() > kMaxTableSize)
+      continue;
+
     FontDataPtr sliced_data;
-    sliced_data.Attach(
-        fd->Slice((*table_header)->offset(), (*table_header)->length()));
+    sliced_data.Attach(fd->Slice(header->offset(), header->length()));
     WritableFontDataPtr data = down_cast<WritableFontData*>(sliced_data.p_);
-    table_data->insert(DataBlockEntry(*table_header, data));
+    table_data->insert(DataBlockEntry(header, data));
   }
 }
 
diff --git a/cpp/src/sfntly/font.h b/cpp/src/sfntly/font.h
index 975e8cc..2220adb 100644
--- a/cpp/src/sfntly/font.h
+++ b/cpp/src/sfntly/font.h
@@ -245,7 +245,7 @@ class Font : public RefCounted<Font> {
   int32_t num_tables() { return (int32_t)tables_.size(); }
 
   // Whether the font has a particular table.
-  bool HasTable(int32_t tag);
+  bool HasTable(int32_t tag) const;
 
   // UNIMPLEMENTED: public Iterator<? extends Table> iterator
author	Lei Zhang <leizleiz@users.noreply.github.com>	2016-09-01 00:15:48 -0700
committer	Lei Zhang <leizleiz@users.noreply.github.com>	2016-09-01 00:15:48 -0700
commit	813efeb18bf6205354b01a525352ebdb10eebe06 (patch)
tree	ebeb0736af74deaca8c0f4e4581ceb86e2c64bd5
parent	08652be8695a5e3732fa5c3d5d9c0a6d98b3b9e0 (diff)
download	sfntly-813efeb18bf6205354b01a525352ebdb10eebe06.tar.gz