1 /***************************************************************************/ 2 /* */ 3 /* cidload.c */ 4 /* */ 5 /* CID-keyed Type1 font loader (body). */ 6 /* */ 7 /* Copyright 1996-2017 by */ 8 /* David Turner, Robert Wilhelm, and Werner Lemberg. */ 9 /* */ 10 /* This file is part of the FreeType project, and may only be used, */ 11 /* modified, and distributed under the terms of the FreeType project */ 12 /* license, LICENSE.TXT. By continuing to use, modify, or distribute */ 13 /* this file you indicate that you have read the license and */ 14 /* understand and accept it fully. */ 15 /* */ 16 /***************************************************************************/ 17 18 19 #include <ft2build.h> 20 #include FT_INTERNAL_DEBUG_H 21 #include FT_CONFIG_CONFIG_H 22 #include FT_MULTIPLE_MASTERS_H 23 #include FT_INTERNAL_TYPE1_TYPES_H 24 25 #include "cidload.h" 26 27 #include "ciderrs.h" 28 29 30 /*************************************************************************/ 31 /* */ 32 /* The macro FT_COMPONENT is used in trace mode. It is an implicit */ 33 /* parameter of the FT_TRACE() and FT_ERROR() macros, used to print/log */ 34 /* messages during execution. */ 35 /* */ 36 #undef FT_COMPONENT 37 #define FT_COMPONENT trace_cidload 38 39 40 /* read a single offset */ 41 FT_LOCAL_DEF( FT_ULong ) cid_get_offset(FT_Byte ** start,FT_Byte offsize)42 cid_get_offset( FT_Byte* *start, 43 FT_Byte offsize ) 44 { 45 FT_ULong result; 46 FT_Byte* p = *start; 47 48 49 for ( result = 0; offsize > 0; offsize-- ) 50 { 51 result <<= 8; 52 result |= *p++; 53 } 54 55 *start = p; 56 return result; 57 } 58 59 60 /*************************************************************************/ 61 /*************************************************************************/ 62 /***** *****/ 63 /***** TYPE 1 SYMBOL PARSING *****/ 64 /***** *****/ 65 /*************************************************************************/ 66 /*************************************************************************/ 67 68 69 static FT_Error cid_load_keyword(CID_Face face,CID_Loader * loader,const T1_Field keyword)70 cid_load_keyword( CID_Face face, 71 CID_Loader* loader, 72 const T1_Field keyword ) 73 { 74 FT_Error error; 75 CID_Parser* parser = &loader->parser; 76 FT_Byte* object; 77 void* dummy_object; 78 CID_FaceInfo cid = &face->cid; 79 80 81 /* if the keyword has a dedicated callback, call it */ 82 if ( keyword->type == T1_FIELD_TYPE_CALLBACK ) 83 { 84 keyword->reader( (FT_Face)face, parser ); 85 error = parser->root.error; 86 goto Exit; 87 } 88 89 /* we must now compute the address of our target object */ 90 switch ( keyword->location ) 91 { 92 case T1_FIELD_LOCATION_CID_INFO: 93 object = (FT_Byte*)cid; 94 break; 95 96 case T1_FIELD_LOCATION_FONT_INFO: 97 object = (FT_Byte*)&cid->font_info; 98 break; 99 100 case T1_FIELD_LOCATION_FONT_EXTRA: 101 object = (FT_Byte*)&face->font_extra; 102 break; 103 104 case T1_FIELD_LOCATION_BBOX: 105 object = (FT_Byte*)&cid->font_bbox; 106 break; 107 108 default: 109 { 110 CID_FaceDict dict; 111 112 113 if ( parser->num_dict < 0 || parser->num_dict >= cid->num_dicts ) 114 { 115 FT_ERROR(( "cid_load_keyword: invalid use of `%s'\n", 116 keyword->ident )); 117 error = FT_THROW( Syntax_Error ); 118 goto Exit; 119 } 120 121 dict = cid->font_dicts + parser->num_dict; 122 switch ( keyword->location ) 123 { 124 case T1_FIELD_LOCATION_PRIVATE: 125 object = (FT_Byte*)&dict->private_dict; 126 break; 127 128 default: 129 object = (FT_Byte*)dict; 130 } 131 } 132 } 133 134 dummy_object = object; 135 136 /* now, load the keyword data in the object's field(s) */ 137 if ( keyword->type == T1_FIELD_TYPE_INTEGER_ARRAY || 138 keyword->type == T1_FIELD_TYPE_FIXED_ARRAY ) 139 error = cid_parser_load_field_table( &loader->parser, keyword, 140 &dummy_object ); 141 else 142 error = cid_parser_load_field( &loader->parser, 143 keyword, &dummy_object ); 144 Exit: 145 return error; 146 } 147 148 149 FT_CALLBACK_DEF( FT_Error ) cid_parse_font_matrix(CID_Face face,CID_Parser * parser)150 cid_parse_font_matrix( CID_Face face, 151 CID_Parser* parser ) 152 { 153 CID_FaceDict dict; 154 FT_Face root = (FT_Face)&face->root; 155 FT_Fixed temp[6]; 156 FT_Fixed temp_scale; 157 158 159 if ( parser->num_dict >= 0 && parser->num_dict < face->cid.num_dicts ) 160 { 161 FT_Matrix* matrix; 162 FT_Vector* offset; 163 FT_Int result; 164 165 166 dict = face->cid.font_dicts + parser->num_dict; 167 matrix = &dict->font_matrix; 168 offset = &dict->font_offset; 169 170 /* input is scaled by 1000 to accommodate default FontMatrix */ 171 result = cid_parser_to_fixed_array( parser, 6, temp, 3 ); 172 173 if ( result < 6 ) 174 return FT_THROW( Invalid_File_Format ); 175 176 temp_scale = FT_ABS( temp[3] ); 177 178 if ( temp_scale == 0 ) 179 { 180 FT_ERROR(( "cid_parse_font_matrix: invalid font matrix\n" )); 181 return FT_THROW( Invalid_File_Format ); 182 } 183 184 /* atypical case */ 185 if ( temp_scale != 0x10000L ) 186 { 187 /* set units per EM based on FontMatrix values */ 188 root->units_per_EM = (FT_UShort)FT_DivFix( 1000, temp_scale ); 189 190 temp[0] = FT_DivFix( temp[0], temp_scale ); 191 temp[1] = FT_DivFix( temp[1], temp_scale ); 192 temp[2] = FT_DivFix( temp[2], temp_scale ); 193 temp[4] = FT_DivFix( temp[4], temp_scale ); 194 temp[5] = FT_DivFix( temp[5], temp_scale ); 195 temp[3] = temp[3] < 0 ? -0x10000L : 0x10000L; 196 } 197 198 matrix->xx = temp[0]; 199 matrix->yx = temp[1]; 200 matrix->xy = temp[2]; 201 matrix->yy = temp[3]; 202 203 /* note that the font offsets are expressed in integer font units */ 204 offset->x = temp[4] >> 16; 205 offset->y = temp[5] >> 16; 206 } 207 208 return FT_Err_Ok; 209 } 210 211 212 FT_CALLBACK_DEF( FT_Error ) parse_fd_array(CID_Face face,CID_Parser * parser)213 parse_fd_array( CID_Face face, 214 CID_Parser* parser ) 215 { 216 CID_FaceInfo cid = &face->cid; 217 FT_Memory memory = face->root.memory; 218 FT_Stream stream = parser->stream; 219 FT_Error error = FT_Err_Ok; 220 FT_Long num_dicts; 221 222 223 num_dicts = cid_parser_to_int( parser ); 224 if ( num_dicts < 0 ) 225 { 226 FT_ERROR(( "parse_fd_array: invalid number of dictionaries\n" )); 227 error = FT_THROW( Invalid_File_Format ); 228 goto Exit; 229 } 230 231 /* 232 * A single entry in the FDArray must (at least) contain the following 233 * structure elements. 234 * 235 * %ADOBeginFontDict 18 236 * X dict begin 13 237 * /FontMatrix [X X X X] 22 238 * /Private X dict begin 22 239 * end 4 240 * end 4 241 * %ADOEndFontDict 16 242 * 243 * This needs 18+13+22+22+4+4+16=99 bytes or more. Normally, you also 244 * need a `dup X' at the very beginning and a `put' at the end, so a 245 * rough guess using 100 bytes as the minimum is justified. 246 */ 247 if ( (FT_ULong)num_dicts > stream->size / 100 ) 248 { 249 FT_TRACE0(( "parse_fd_array: adjusting FDArray size" 250 " (from %d to %d)\n", 251 num_dicts, 252 stream->size / 100 )); 253 num_dicts = (FT_Long)( stream->size / 100 ); 254 } 255 256 if ( !cid->font_dicts ) 257 { 258 FT_Int n; 259 260 261 if ( FT_NEW_ARRAY( cid->font_dicts, num_dicts ) ) 262 goto Exit; 263 264 cid->num_dicts = num_dicts; 265 266 /* don't forget to set a few defaults */ 267 for ( n = 0; n < cid->num_dicts; n++ ) 268 { 269 CID_FaceDict dict = cid->font_dicts + n; 270 271 272 /* default value for lenIV */ 273 dict->private_dict.lenIV = 4; 274 } 275 } 276 277 Exit: 278 return error; 279 } 280 281 282 /* by mistake, `expansion_factor' appears both in PS_PrivateRec */ 283 /* and CID_FaceDictRec (both are public header files and can't */ 284 /* changed); we simply copy the value */ 285 286 FT_CALLBACK_DEF( FT_Error ) parse_expansion_factor(CID_Face face,CID_Parser * parser)287 parse_expansion_factor( CID_Face face, 288 CID_Parser* parser ) 289 { 290 CID_FaceDict dict; 291 292 293 if ( parser->num_dict >= 0 && parser->num_dict < face->cid.num_dicts ) 294 { 295 dict = face->cid.font_dicts + parser->num_dict; 296 297 dict->expansion_factor = cid_parser_to_fixed( parser, 0 ); 298 dict->private_dict.expansion_factor = dict->expansion_factor; 299 } 300 301 return FT_Err_Ok; 302 } 303 304 305 static 306 const T1_FieldRec cid_field_records[] = 307 { 308 309 #include "cidtoken.h" 310 311 T1_FIELD_CALLBACK( "FDArray", parse_fd_array, 0 ) 312 T1_FIELD_CALLBACK( "FontMatrix", cid_parse_font_matrix, 0 ) 313 T1_FIELD_CALLBACK( "ExpansionFactor", parse_expansion_factor, 0 ) 314 315 { 0, T1_FIELD_LOCATION_CID_INFO, T1_FIELD_TYPE_NONE, 0, 0, 0, 0, 0, 0 } 316 }; 317 318 319 static FT_Error cid_parse_dict(CID_Face face,CID_Loader * loader,FT_Byte * base,FT_ULong size)320 cid_parse_dict( CID_Face face, 321 CID_Loader* loader, 322 FT_Byte* base, 323 FT_ULong size ) 324 { 325 CID_Parser* parser = &loader->parser; 326 327 328 parser->root.cursor = base; 329 parser->root.limit = base + size; 330 parser->root.error = FT_Err_Ok; 331 332 { 333 FT_Byte* cur = base; 334 FT_Byte* limit = cur + size; 335 336 337 for (;;) 338 { 339 FT_Byte* newlimit; 340 341 342 parser->root.cursor = cur; 343 cid_parser_skip_spaces( parser ); 344 345 if ( parser->root.cursor >= limit ) 346 newlimit = limit - 1 - 17; 347 else 348 newlimit = parser->root.cursor - 17; 349 350 /* look for `%ADOBeginFontDict' */ 351 for ( ; cur < newlimit; cur++ ) 352 { 353 if ( *cur == '%' && 354 ft_strncmp( (char*)cur, "%ADOBeginFontDict", 17 ) == 0 ) 355 { 356 /* if /FDArray was found, then cid->num_dicts is > 0, and */ 357 /* we can start increasing parser->num_dict */ 358 if ( face->cid.num_dicts > 0 ) 359 parser->num_dict++; 360 } 361 } 362 363 cur = parser->root.cursor; 364 /* no error can occur in cid_parser_skip_spaces */ 365 if ( cur >= limit ) 366 break; 367 368 cid_parser_skip_PS_token( parser ); 369 if ( parser->root.cursor >= limit || parser->root.error ) 370 break; 371 372 /* look for immediates */ 373 if ( *cur == '/' && cur + 2 < limit ) 374 { 375 FT_UInt len; 376 377 378 cur++; 379 len = (FT_UInt)( parser->root.cursor - cur ); 380 381 if ( len > 0 && len < 22 ) 382 { 383 /* now compare the immediate name to the keyword table */ 384 T1_Field keyword = (T1_Field)cid_field_records; 385 386 387 for (;;) 388 { 389 FT_Byte* name; 390 391 392 name = (FT_Byte*)keyword->ident; 393 if ( !name ) 394 break; 395 396 if ( cur[0] == name[0] && 397 len == ft_strlen( (const char*)name ) ) 398 { 399 FT_UInt n; 400 401 402 for ( n = 1; n < len; n++ ) 403 if ( cur[n] != name[n] ) 404 break; 405 406 if ( n >= len ) 407 { 408 /* we found it - run the parsing callback */ 409 parser->root.error = cid_load_keyword( face, 410 loader, 411 keyword ); 412 if ( parser->root.error ) 413 return parser->root.error; 414 break; 415 } 416 } 417 keyword++; 418 } 419 } 420 } 421 422 cur = parser->root.cursor; 423 } 424 425 if ( !face->cid.num_dicts ) 426 { 427 FT_ERROR(( "cid_parse_dict: No font dictionary found\n" )); 428 return FT_THROW( Invalid_File_Format ); 429 } 430 } 431 432 return parser->root.error; 433 } 434 435 436 /* read the subrmap and the subrs of each font dict */ 437 static FT_Error cid_read_subrs(CID_Face face)438 cid_read_subrs( CID_Face face ) 439 { 440 CID_FaceInfo cid = &face->cid; 441 FT_Memory memory = face->root.memory; 442 FT_Stream stream = face->cid_stream; 443 FT_Error error; 444 FT_Int n; 445 CID_Subrs subr; 446 FT_UInt max_offsets = 0; 447 FT_ULong* offsets = NULL; 448 PSAux_Service psaux = (PSAux_Service)face->psaux; 449 450 451 if ( FT_NEW_ARRAY( face->subrs, cid->num_dicts ) ) 452 goto Exit; 453 454 subr = face->subrs; 455 for ( n = 0; n < cid->num_dicts; n++, subr++ ) 456 { 457 CID_FaceDict dict = cid->font_dicts + n; 458 FT_Int lenIV = dict->private_dict.lenIV; 459 FT_UInt count, num_subrs = dict->num_subrs; 460 FT_ULong data_len; 461 FT_Byte* p; 462 463 464 if ( !num_subrs ) 465 continue; 466 467 /* reallocate offsets array if needed */ 468 if ( num_subrs + 1 > max_offsets ) 469 { 470 FT_UInt new_max = FT_PAD_CEIL( num_subrs + 1, 4 ); 471 472 473 if ( new_max <= max_offsets ) 474 { 475 error = FT_THROW( Syntax_Error ); 476 goto Fail; 477 } 478 479 if ( FT_RENEW_ARRAY( offsets, max_offsets, new_max ) ) 480 goto Fail; 481 482 max_offsets = new_max; 483 } 484 485 /* read the subrmap's offsets */ 486 if ( FT_STREAM_SEEK( cid->data_offset + dict->subrmap_offset ) || 487 FT_FRAME_ENTER( ( num_subrs + 1 ) * (FT_UInt)dict->sd_bytes ) ) 488 goto Fail; 489 490 p = (FT_Byte*)stream->cursor; 491 for ( count = 0; count <= num_subrs; count++ ) 492 offsets[count] = cid_get_offset( &p, (FT_Byte)dict->sd_bytes ); 493 494 FT_FRAME_EXIT(); 495 496 /* offsets must be ordered */ 497 for ( count = 1; count <= num_subrs; count++ ) 498 if ( offsets[count - 1] > offsets[count] ) 499 { 500 FT_ERROR(( "cid_read_subrs: offsets are not ordered\n" )); 501 error = FT_THROW( Invalid_File_Format ); 502 goto Fail; 503 } 504 505 if ( offsets[num_subrs] > stream->size - cid->data_offset ) 506 { 507 FT_ERROR(( "cid_read_subrs: too large `subrs' offsets\n" )); 508 error = FT_THROW( Invalid_File_Format ); 509 goto Fail; 510 } 511 512 /* now, compute the size of subrs charstrings, */ 513 /* allocate, and read them */ 514 data_len = offsets[num_subrs] - offsets[0]; 515 516 if ( FT_NEW_ARRAY( subr->code, num_subrs + 1 ) || 517 FT_ALLOC( subr->code[0], data_len ) ) 518 goto Fail; 519 520 if ( FT_STREAM_SEEK( cid->data_offset + offsets[0] ) || 521 FT_STREAM_READ( subr->code[0], data_len ) ) 522 goto Fail; 523 524 /* set up pointers */ 525 for ( count = 1; count <= num_subrs; count++ ) 526 { 527 FT_ULong len; 528 529 530 len = offsets[count] - offsets[count - 1]; 531 subr->code[count] = subr->code[count - 1] + len; 532 } 533 534 /* decrypt subroutines, but only if lenIV >= 0 */ 535 if ( lenIV >= 0 ) 536 { 537 for ( count = 0; count < num_subrs; count++ ) 538 { 539 FT_ULong len; 540 541 542 len = offsets[count + 1] - offsets[count]; 543 psaux->t1_decrypt( subr->code[count], len, 4330 ); 544 } 545 } 546 547 subr->num_subrs = (FT_Int)num_subrs; 548 } 549 550 Exit: 551 FT_FREE( offsets ); 552 return error; 553 554 Fail: 555 if ( face->subrs ) 556 { 557 for ( n = 0; n < cid->num_dicts; n++ ) 558 { 559 if ( face->subrs[n].code ) 560 FT_FREE( face->subrs[n].code[0] ); 561 562 FT_FREE( face->subrs[n].code ); 563 } 564 FT_FREE( face->subrs ); 565 } 566 goto Exit; 567 } 568 569 570 static void cid_init_loader(CID_Loader * loader,CID_Face face)571 cid_init_loader( CID_Loader* loader, 572 CID_Face face ) 573 { 574 FT_UNUSED( face ); 575 576 FT_ZERO( loader ); 577 } 578 579 580 static void cid_done_loader(CID_Loader * loader)581 cid_done_loader( CID_Loader* loader ) 582 { 583 CID_Parser* parser = &loader->parser; 584 585 586 /* finalize parser */ 587 cid_parser_done( parser ); 588 } 589 590 591 static FT_Error cid_hex_to_binary(FT_Byte * data,FT_ULong data_len,FT_ULong offset,CID_Face face)592 cid_hex_to_binary( FT_Byte* data, 593 FT_ULong data_len, 594 FT_ULong offset, 595 CID_Face face ) 596 { 597 FT_Stream stream = face->root.stream; 598 FT_Error error; 599 600 FT_Byte buffer[256]; 601 FT_Byte *p, *plimit; 602 FT_Byte *d, *dlimit; 603 FT_Byte val; 604 605 FT_Bool upper_nibble, done; 606 607 608 if ( FT_STREAM_SEEK( offset ) ) 609 goto Exit; 610 611 d = data; 612 dlimit = d + data_len; 613 p = buffer; 614 plimit = p; 615 616 upper_nibble = 1; 617 done = 0; 618 619 while ( d < dlimit ) 620 { 621 if ( p >= plimit ) 622 { 623 FT_ULong oldpos = FT_STREAM_POS(); 624 FT_ULong size = stream->size - oldpos; 625 626 627 if ( size == 0 ) 628 { 629 error = FT_THROW( Syntax_Error ); 630 goto Exit; 631 } 632 633 if ( FT_STREAM_READ( buffer, 256 > size ? size : 256 ) ) 634 goto Exit; 635 p = buffer; 636 plimit = p + FT_STREAM_POS() - oldpos; 637 } 638 639 if ( ft_isdigit( *p ) ) 640 val = (FT_Byte)( *p - '0' ); 641 else if ( *p >= 'a' && *p <= 'f' ) 642 val = (FT_Byte)( *p - 'a' ); 643 else if ( *p >= 'A' && *p <= 'F' ) 644 val = (FT_Byte)( *p - 'A' + 10 ); 645 else if ( *p == ' ' || 646 *p == '\t' || 647 *p == '\r' || 648 *p == '\n' || 649 *p == '\f' || 650 *p == '\0' ) 651 { 652 p++; 653 continue; 654 } 655 else if ( *p == '>' ) 656 { 657 val = 0; 658 done = 1; 659 } 660 else 661 { 662 error = FT_THROW( Syntax_Error ); 663 goto Exit; 664 } 665 666 if ( upper_nibble ) 667 *d = (FT_Byte)( val << 4 ); 668 else 669 { 670 *d = (FT_Byte)( *d + val ); 671 d++; 672 } 673 674 upper_nibble = (FT_Byte)( 1 - upper_nibble ); 675 676 if ( done ) 677 break; 678 679 p++; 680 } 681 682 error = FT_Err_Ok; 683 684 Exit: 685 return error; 686 } 687 688 689 FT_LOCAL_DEF( FT_Error ) cid_face_open(CID_Face face,FT_Int face_index)690 cid_face_open( CID_Face face, 691 FT_Int face_index ) 692 { 693 CID_Loader loader; 694 CID_Parser* parser; 695 FT_Memory memory = face->root.memory; 696 FT_Error error; 697 FT_Int n; 698 699 CID_FaceInfo cid = &face->cid; 700 701 FT_ULong binary_length; 702 FT_ULong entry_len; 703 704 705 cid_init_loader( &loader, face ); 706 707 parser = &loader.parser; 708 error = cid_parser_new( parser, face->root.stream, face->root.memory, 709 (PSAux_Service)face->psaux ); 710 if ( error ) 711 goto Exit; 712 713 error = cid_parse_dict( face, &loader, 714 parser->postscript, 715 parser->postscript_len ); 716 if ( error ) 717 goto Exit; 718 719 if ( face_index < 0 ) 720 goto Exit; 721 722 if ( FT_NEW( face->cid_stream ) ) 723 goto Exit; 724 725 if ( parser->binary_length ) 726 { 727 if ( parser->binary_length > 728 face->root.stream->size - parser->data_offset ) 729 { 730 FT_TRACE0(( "cid_face_open: adjusting length of binary data\n" 731 " (from %d to %d bytes)\n", 732 parser->binary_length, 733 face->root.stream->size - parser->data_offset )); 734 parser->binary_length = face->root.stream->size - 735 parser->data_offset; 736 } 737 738 /* we must convert the data section from hexadecimal to binary */ 739 if ( FT_ALLOC( face->binary_data, parser->binary_length ) || 740 FT_SET_ERROR( cid_hex_to_binary( face->binary_data, 741 parser->binary_length, 742 parser->data_offset, 743 face ) ) ) 744 goto Exit; 745 746 FT_Stream_OpenMemory( face->cid_stream, 747 face->binary_data, parser->binary_length ); 748 cid->data_offset = 0; 749 } 750 else 751 { 752 *face->cid_stream = *face->root.stream; 753 cid->data_offset = loader.parser.data_offset; 754 } 755 756 /* sanity tests */ 757 758 if ( cid->fd_bytes < 0 || cid->gd_bytes < 1 ) 759 { 760 FT_ERROR(( "cid_parse_dict:" 761 " Invalid `FDBytes' or `GDBytes' value\n" )); 762 error = FT_THROW( Invalid_File_Format ); 763 goto Exit; 764 } 765 766 /* allow at most 32bit offsets */ 767 if ( cid->fd_bytes > 4 || cid->gd_bytes > 4 ) 768 { 769 FT_ERROR(( "cid_parse_dict:" 770 " Values of `FDBytes' or `GDBytes' larger than 4\n" 771 " " 772 " are not supported\n" )); 773 error = FT_THROW( Invalid_File_Format ); 774 goto Exit; 775 } 776 777 binary_length = face->cid_stream->size - cid->data_offset; 778 entry_len = (FT_ULong)( cid->fd_bytes + cid->gd_bytes ); 779 780 for ( n = 0; n < cid->num_dicts; n++ ) 781 { 782 CID_FaceDict dict = cid->font_dicts + n; 783 784 785 if ( dict->sd_bytes < 0 || 786 ( dict->num_subrs && dict->sd_bytes < 1 ) ) 787 { 788 FT_ERROR(( "cid_parse_dict: Invalid `SDBytes' value\n" )); 789 error = FT_THROW( Invalid_File_Format ); 790 goto Exit; 791 } 792 793 if ( dict->sd_bytes > 4 ) 794 { 795 FT_ERROR(( "cid_parse_dict:" 796 " Values of `SDBytes' larger than 4" 797 " are not supported\n" )); 798 error = FT_THROW( Invalid_File_Format ); 799 goto Exit; 800 } 801 802 if ( dict->subrmap_offset > binary_length ) 803 { 804 FT_ERROR(( "cid_parse_dict: Invalid `SubrMapOffset' value\n" )); 805 error = FT_THROW( Invalid_File_Format ); 806 goto Exit; 807 } 808 809 /* `num_subrs' is scanned as a signed integer */ 810 if ( (FT_Int)dict->num_subrs < 0 || 811 ( dict->sd_bytes && 812 dict->num_subrs > ( binary_length - dict->subrmap_offset ) / 813 (FT_UInt)dict->sd_bytes ) ) 814 { 815 FT_ERROR(( "cid_parse_dict: Invalid `SubrCount' value\n" )); 816 error = FT_THROW( Invalid_File_Format ); 817 goto Exit; 818 } 819 } 820 821 if ( cid->cidmap_offset > binary_length ) 822 { 823 FT_ERROR(( "cid_parse_dict: Invalid `CIDMapOffset' value\n" )); 824 error = FT_THROW( Invalid_File_Format ); 825 goto Exit; 826 } 827 828 if ( entry_len && 829 cid->cid_count > 830 ( binary_length - cid->cidmap_offset ) / entry_len ) 831 { 832 FT_ERROR(( "cid_parse_dict: Invalid `CIDCount' value\n" )); 833 error = FT_THROW( Invalid_File_Format ); 834 goto Exit; 835 } 836 837 /* we can now safely proceed */ 838 error = cid_read_subrs( face ); 839 840 Exit: 841 cid_done_loader( &loader ); 842 return error; 843 } 844 845 846 /* END */ 847