1 /***************************************************************************/ 2 /* */ 3 /* cidload.c */ 4 /* */ 5 /* CID-keyed Type1 font loader (body). */ 6 /* */ 7 /* Copyright 1996-2016 by */ 8 /* David Turner, Robert Wilhelm, and Werner Lemberg. */ 9 /* */ 10 /* This file is part of the FreeType project, and may only be used, */ 11 /* modified, and distributed under the terms of the FreeType project */ 12 /* license, LICENSE.TXT. By continuing to use, modify, or distribute */ 13 /* this file you indicate that you have read the license and */ 14 /* understand and accept it fully. */ 15 /* */ 16 /***************************************************************************/ 17 18 19 #include <ft2build.h> 20 #include FT_INTERNAL_DEBUG_H 21 #include FT_CONFIG_CONFIG_H 22 #include FT_MULTIPLE_MASTERS_H 23 #include FT_INTERNAL_TYPE1_TYPES_H 24 25 #include "cidload.h" 26 27 #include "ciderrs.h" 28 29 30 /*************************************************************************/ 31 /* */ 32 /* The macro FT_COMPONENT is used in trace mode. It is an implicit */ 33 /* parameter of the FT_TRACE() and FT_ERROR() macros, used to print/log */ 34 /* messages during execution. */ 35 /* */ 36 #undef FT_COMPONENT 37 #define FT_COMPONENT trace_cidload 38 39 40 /* read a single offset */ 41 FT_LOCAL_DEF( FT_ULong ) cid_get_offset(FT_Byte ** start,FT_Byte offsize)42 cid_get_offset( FT_Byte* *start, 43 FT_Byte offsize ) 44 { 45 FT_ULong result; 46 FT_Byte* p = *start; 47 48 49 for ( result = 0; offsize > 0; offsize-- ) 50 { 51 result <<= 8; 52 result |= *p++; 53 } 54 55 *start = p; 56 return result; 57 } 58 59 60 /*************************************************************************/ 61 /*************************************************************************/ 62 /***** *****/ 63 /***** TYPE 1 SYMBOL PARSING *****/ 64 /***** *****/ 65 /*************************************************************************/ 66 /*************************************************************************/ 67 68 69 static FT_Error cid_load_keyword(CID_Face face,CID_Loader * loader,const T1_Field keyword)70 cid_load_keyword( CID_Face face, 71 CID_Loader* loader, 72 const T1_Field keyword ) 73 { 74 FT_Error error; 75 CID_Parser* parser = &loader->parser; 76 FT_Byte* object; 77 void* dummy_object; 78 CID_FaceInfo cid = &face->cid; 79 80 81 /* if the keyword has a dedicated callback, call it */ 82 if ( keyword->type == T1_FIELD_TYPE_CALLBACK ) 83 { 84 keyword->reader( (FT_Face)face, parser ); 85 error = parser->root.error; 86 goto Exit; 87 } 88 89 /* we must now compute the address of our target object */ 90 switch ( keyword->location ) 91 { 92 case T1_FIELD_LOCATION_CID_INFO: 93 object = (FT_Byte*)cid; 94 break; 95 96 case T1_FIELD_LOCATION_FONT_INFO: 97 object = (FT_Byte*)&cid->font_info; 98 break; 99 100 case T1_FIELD_LOCATION_FONT_EXTRA: 101 object = (FT_Byte*)&face->font_extra; 102 break; 103 104 case T1_FIELD_LOCATION_BBOX: 105 object = (FT_Byte*)&cid->font_bbox; 106 break; 107 108 default: 109 { 110 CID_FaceDict dict; 111 112 113 if ( parser->num_dict < 0 || parser->num_dict >= cid->num_dicts ) 114 { 115 FT_ERROR(( "cid_load_keyword: invalid use of `%s'\n", 116 keyword->ident )); 117 error = FT_THROW( Syntax_Error ); 118 goto Exit; 119 } 120 121 dict = cid->font_dicts + parser->num_dict; 122 switch ( keyword->location ) 123 { 124 case T1_FIELD_LOCATION_PRIVATE: 125 object = (FT_Byte*)&dict->private_dict; 126 break; 127 128 default: 129 object = (FT_Byte*)dict; 130 } 131 } 132 } 133 134 dummy_object = object; 135 136 /* now, load the keyword data in the object's field(s) */ 137 if ( keyword->type == T1_FIELD_TYPE_INTEGER_ARRAY || 138 keyword->type == T1_FIELD_TYPE_FIXED_ARRAY ) 139 error = cid_parser_load_field_table( &loader->parser, keyword, 140 &dummy_object ); 141 else 142 error = cid_parser_load_field( &loader->parser, 143 keyword, &dummy_object ); 144 Exit: 145 return error; 146 } 147 148 149 FT_CALLBACK_DEF( FT_Error ) cid_parse_font_matrix(CID_Face face,CID_Parser * parser)150 cid_parse_font_matrix( CID_Face face, 151 CID_Parser* parser ) 152 { 153 CID_FaceDict dict; 154 FT_Face root = (FT_Face)&face->root; 155 FT_Fixed temp[6]; 156 FT_Fixed temp_scale; 157 158 159 if ( parser->num_dict >= 0 && parser->num_dict < face->cid.num_dicts ) 160 { 161 FT_Matrix* matrix; 162 FT_Vector* offset; 163 FT_Int result; 164 165 166 dict = face->cid.font_dicts + parser->num_dict; 167 matrix = &dict->font_matrix; 168 offset = &dict->font_offset; 169 170 /* input is scaled by 1000 to accommodate default FontMatrix */ 171 result = cid_parser_to_fixed_array( parser, 6, temp, 3 ); 172 173 if ( result < 6 ) 174 return FT_THROW( Invalid_File_Format ); 175 176 temp_scale = FT_ABS( temp[3] ); 177 178 if ( temp_scale == 0 ) 179 { 180 FT_ERROR(( "cid_parse_font_matrix: invalid font matrix\n" )); 181 return FT_THROW( Invalid_File_Format ); 182 } 183 184 /* atypical case */ 185 if ( temp_scale != 0x10000L ) 186 { 187 /* set units per EM based on FontMatrix values */ 188 root->units_per_EM = (FT_UShort)FT_DivFix( 1000, temp_scale ); 189 190 temp[0] = FT_DivFix( temp[0], temp_scale ); 191 temp[1] = FT_DivFix( temp[1], temp_scale ); 192 temp[2] = FT_DivFix( temp[2], temp_scale ); 193 temp[4] = FT_DivFix( temp[4], temp_scale ); 194 temp[5] = FT_DivFix( temp[5], temp_scale ); 195 temp[3] = temp[3] < 0 ? -0x10000L : 0x10000L; 196 } 197 198 matrix->xx = temp[0]; 199 matrix->yx = temp[1]; 200 matrix->xy = temp[2]; 201 matrix->yy = temp[3]; 202 203 /* note that the font offsets are expressed in integer font units */ 204 offset->x = temp[4] >> 16; 205 offset->y = temp[5] >> 16; 206 } 207 208 return FT_Err_Ok; 209 } 210 211 212 FT_CALLBACK_DEF( FT_Error ) parse_fd_array(CID_Face face,CID_Parser * parser)213 parse_fd_array( CID_Face face, 214 CID_Parser* parser ) 215 { 216 CID_FaceInfo cid = &face->cid; 217 FT_Memory memory = face->root.memory; 218 FT_Stream stream = parser->stream; 219 FT_Error error = FT_Err_Ok; 220 FT_Long num_dicts; 221 222 223 num_dicts = cid_parser_to_int( parser ); 224 if ( num_dicts < 0 ) 225 { 226 FT_ERROR(( "parse_fd_array: invalid number of dictionaries\n" )); 227 error = FT_THROW( Invalid_File_Format ); 228 goto Exit; 229 } 230 231 /* 232 * A single entry in the FDArray must (at least) contain the following 233 * structure elements. 234 * 235 * %ADOBeginFontDict 18 236 * X dict begin 13 237 * /FontMatrix [X X X X] 22 238 * /Private X dict begin 22 239 * end 4 240 * end 4 241 * %ADOEndFontDict 16 242 * 243 * This needs 18+13+22+22+4+4+16=99 bytes or more. Normally, you also 244 * need a `dup X' at the very beginning and a `put' at the end, so a 245 * rough guess using 100 bytes as the minimum is justified. 246 */ 247 if ( (FT_ULong)num_dicts > stream->size / 100 ) 248 { 249 FT_TRACE0(( "parse_fd_array: adjusting FDArray size" 250 " (from %d to %d)\n", 251 num_dicts, 252 stream->size / 100 )); 253 num_dicts = (FT_Long)( stream->size / 100 ); 254 } 255 256 if ( !cid->font_dicts ) 257 { 258 FT_Int n; 259 260 261 if ( FT_NEW_ARRAY( cid->font_dicts, num_dicts ) ) 262 goto Exit; 263 264 cid->num_dicts = num_dicts; 265 266 /* don't forget to set a few defaults */ 267 for ( n = 0; n < cid->num_dicts; n++ ) 268 { 269 CID_FaceDict dict = cid->font_dicts + n; 270 271 272 /* default value for lenIV */ 273 dict->private_dict.lenIV = 4; 274 } 275 } 276 277 Exit: 278 return error; 279 } 280 281 282 /* by mistake, `expansion_factor' appears both in PS_PrivateRec */ 283 /* and CID_FaceDictRec (both are public header files and can't */ 284 /* changed); we simply copy the value */ 285 286 FT_CALLBACK_DEF( FT_Error ) parse_expansion_factor(CID_Face face,CID_Parser * parser)287 parse_expansion_factor( CID_Face face, 288 CID_Parser* parser ) 289 { 290 CID_FaceDict dict; 291 292 293 if ( parser->num_dict >= 0 && parser->num_dict < face->cid.num_dicts ) 294 { 295 dict = face->cid.font_dicts + parser->num_dict; 296 297 dict->expansion_factor = cid_parser_to_fixed( parser, 0 ); 298 dict->private_dict.expansion_factor = dict->expansion_factor; 299 } 300 301 return FT_Err_Ok; 302 } 303 304 305 static 306 const T1_FieldRec cid_field_records[] = 307 { 308 309 #include "cidtoken.h" 310 311 T1_FIELD_CALLBACK( "FDArray", parse_fd_array, 0 ) 312 T1_FIELD_CALLBACK( "FontMatrix", cid_parse_font_matrix, 0 ) 313 T1_FIELD_CALLBACK( "ExpansionFactor", parse_expansion_factor, 0 ) 314 315 { 0, T1_FIELD_LOCATION_CID_INFO, T1_FIELD_TYPE_NONE, 0, 0, 0, 0, 0, 0 } 316 }; 317 318 319 static FT_Error cid_parse_dict(CID_Face face,CID_Loader * loader,FT_Byte * base,FT_ULong size)320 cid_parse_dict( CID_Face face, 321 CID_Loader* loader, 322 FT_Byte* base, 323 FT_ULong size ) 324 { 325 CID_Parser* parser = &loader->parser; 326 327 328 parser->root.cursor = base; 329 parser->root.limit = base + size; 330 parser->root.error = FT_Err_Ok; 331 332 { 333 FT_Byte* cur = base; 334 FT_Byte* limit = cur + size; 335 336 337 for (;;) 338 { 339 FT_Byte* newlimit; 340 341 342 parser->root.cursor = cur; 343 cid_parser_skip_spaces( parser ); 344 345 if ( parser->root.cursor >= limit ) 346 newlimit = limit - 1 - 17; 347 else 348 newlimit = parser->root.cursor - 17; 349 350 /* look for `%ADOBeginFontDict' */ 351 for ( ; cur < newlimit; cur++ ) 352 { 353 if ( *cur == '%' && 354 ft_strncmp( (char*)cur, "%ADOBeginFontDict", 17 ) == 0 ) 355 { 356 /* if /FDArray was found, then cid->num_dicts is > 0, and */ 357 /* we can start increasing parser->num_dict */ 358 if ( face->cid.num_dicts > 0 ) 359 parser->num_dict++; 360 } 361 } 362 363 cur = parser->root.cursor; 364 /* no error can occur in cid_parser_skip_spaces */ 365 if ( cur >= limit ) 366 break; 367 368 cid_parser_skip_PS_token( parser ); 369 if ( parser->root.cursor >= limit || parser->root.error ) 370 break; 371 372 /* look for immediates */ 373 if ( *cur == '/' && cur + 2 < limit ) 374 { 375 FT_UInt len; 376 377 378 cur++; 379 len = (FT_UInt)( parser->root.cursor - cur ); 380 381 if ( len > 0 && len < 22 ) 382 { 383 /* now compare the immediate name to the keyword table */ 384 T1_Field keyword = (T1_Field)cid_field_records; 385 386 387 for (;;) 388 { 389 FT_Byte* name; 390 391 392 name = (FT_Byte*)keyword->ident; 393 if ( !name ) 394 break; 395 396 if ( cur[0] == name[0] && 397 len == ft_strlen( (const char*)name ) ) 398 { 399 FT_UInt n; 400 401 402 for ( n = 1; n < len; n++ ) 403 if ( cur[n] != name[n] ) 404 break; 405 406 if ( n >= len ) 407 { 408 /* we found it - run the parsing callback */ 409 parser->root.error = cid_load_keyword( face, 410 loader, 411 keyword ); 412 if ( parser->root.error ) 413 return parser->root.error; 414 break; 415 } 416 } 417 keyword++; 418 } 419 } 420 } 421 422 cur = parser->root.cursor; 423 } 424 425 if ( !face->cid.num_dicts ) 426 { 427 FT_ERROR(( "cid_parse_dict: No font dictionary found\n" )); 428 return FT_THROW( Invalid_File_Format ); 429 } 430 } 431 432 return parser->root.error; 433 } 434 435 436 /* read the subrmap and the subrs of each font dict */ 437 static FT_Error cid_read_subrs(CID_Face face)438 cid_read_subrs( CID_Face face ) 439 { 440 CID_FaceInfo cid = &face->cid; 441 FT_Memory memory = face->root.memory; 442 FT_Stream stream = face->cid_stream; 443 FT_Error error; 444 FT_Int n; 445 CID_Subrs subr; 446 FT_UInt max_offsets = 0; 447 FT_ULong* offsets = NULL; 448 PSAux_Service psaux = (PSAux_Service)face->psaux; 449 450 451 if ( FT_NEW_ARRAY( face->subrs, cid->num_dicts ) ) 452 goto Exit; 453 454 subr = face->subrs; 455 for ( n = 0; n < cid->num_dicts; n++, subr++ ) 456 { 457 CID_FaceDict dict = cid->font_dicts + n; 458 FT_Int lenIV = dict->private_dict.lenIV; 459 FT_UInt count, num_subrs = dict->num_subrs; 460 FT_ULong data_len; 461 FT_Byte* p; 462 463 464 /* reallocate offsets array if needed */ 465 if ( num_subrs + 1 > max_offsets ) 466 { 467 FT_UInt new_max = FT_PAD_CEIL( num_subrs + 1, 4 ); 468 469 470 if ( new_max <= max_offsets ) 471 { 472 error = FT_THROW( Syntax_Error ); 473 goto Fail; 474 } 475 476 if ( FT_RENEW_ARRAY( offsets, max_offsets, new_max ) ) 477 goto Fail; 478 479 max_offsets = new_max; 480 } 481 482 /* read the subrmap's offsets */ 483 if ( FT_STREAM_SEEK( cid->data_offset + dict->subrmap_offset ) || 484 FT_FRAME_ENTER( ( num_subrs + 1 ) * (FT_UInt)dict->sd_bytes ) ) 485 goto Fail; 486 487 p = (FT_Byte*)stream->cursor; 488 for ( count = 0; count <= num_subrs; count++ ) 489 offsets[count] = cid_get_offset( &p, (FT_Byte)dict->sd_bytes ); 490 491 FT_FRAME_EXIT(); 492 493 /* offsets must be ordered */ 494 for ( count = 1; count <= num_subrs; count++ ) 495 if ( offsets[count - 1] > offsets[count] ) 496 { 497 FT_ERROR(( "cid_read_subrs: offsets are not ordered\n" )); 498 error = FT_THROW( Invalid_File_Format ); 499 goto Fail; 500 } 501 502 if ( offsets[num_subrs] > stream->size - cid->data_offset ) 503 { 504 FT_ERROR(( "cid_read_subrs: too large `subrs' offsets\n" )); 505 error = FT_THROW( Invalid_File_Format ); 506 goto Fail; 507 } 508 509 /* now, compute the size of subrs charstrings, */ 510 /* allocate, and read them */ 511 data_len = offsets[num_subrs] - offsets[0]; 512 513 if ( FT_NEW_ARRAY( subr->code, num_subrs + 1 ) || 514 FT_ALLOC( subr->code[0], data_len ) ) 515 goto Fail; 516 517 if ( FT_STREAM_SEEK( cid->data_offset + offsets[0] ) || 518 FT_STREAM_READ( subr->code[0], data_len ) ) 519 goto Fail; 520 521 /* set up pointers */ 522 for ( count = 1; count <= num_subrs; count++ ) 523 { 524 FT_ULong len; 525 526 527 len = offsets[count] - offsets[count - 1]; 528 subr->code[count] = subr->code[count - 1] + len; 529 } 530 531 /* decrypt subroutines, but only if lenIV >= 0 */ 532 if ( lenIV >= 0 ) 533 { 534 for ( count = 0; count < num_subrs; count++ ) 535 { 536 FT_ULong len; 537 538 539 len = offsets[count + 1] - offsets[count]; 540 psaux->t1_decrypt( subr->code[count], len, 4330 ); 541 } 542 } 543 544 subr->num_subrs = (FT_Int)num_subrs; 545 } 546 547 Exit: 548 FT_FREE( offsets ); 549 return error; 550 551 Fail: 552 if ( face->subrs ) 553 { 554 for ( n = 0; n < cid->num_dicts; n++ ) 555 { 556 if ( face->subrs[n].code ) 557 FT_FREE( face->subrs[n].code[0] ); 558 559 FT_FREE( face->subrs[n].code ); 560 } 561 FT_FREE( face->subrs ); 562 } 563 goto Exit; 564 } 565 566 567 static void cid_init_loader(CID_Loader * loader,CID_Face face)568 cid_init_loader( CID_Loader* loader, 569 CID_Face face ) 570 { 571 FT_UNUSED( face ); 572 573 FT_MEM_ZERO( loader, sizeof ( *loader ) ); 574 } 575 576 577 static void cid_done_loader(CID_Loader * loader)578 cid_done_loader( CID_Loader* loader ) 579 { 580 CID_Parser* parser = &loader->parser; 581 582 583 /* finalize parser */ 584 cid_parser_done( parser ); 585 } 586 587 588 static FT_Error cid_hex_to_binary(FT_Byte * data,FT_ULong data_len,FT_ULong offset,CID_Face face)589 cid_hex_to_binary( FT_Byte* data, 590 FT_ULong data_len, 591 FT_ULong offset, 592 CID_Face face ) 593 { 594 FT_Stream stream = face->root.stream; 595 FT_Error error; 596 597 FT_Byte buffer[256]; 598 FT_Byte *p, *plimit; 599 FT_Byte *d, *dlimit; 600 FT_Byte val; 601 602 FT_Bool upper_nibble, done; 603 604 605 if ( FT_STREAM_SEEK( offset ) ) 606 goto Exit; 607 608 d = data; 609 dlimit = d + data_len; 610 p = buffer; 611 plimit = p; 612 613 upper_nibble = 1; 614 done = 0; 615 616 while ( d < dlimit ) 617 { 618 if ( p >= plimit ) 619 { 620 FT_ULong oldpos = FT_STREAM_POS(); 621 FT_ULong size = stream->size - oldpos; 622 623 624 if ( size == 0 ) 625 { 626 error = FT_THROW( Syntax_Error ); 627 goto Exit; 628 } 629 630 if ( FT_STREAM_READ( buffer, 256 > size ? size : 256 ) ) 631 goto Exit; 632 p = buffer; 633 plimit = p + FT_STREAM_POS() - oldpos; 634 } 635 636 if ( ft_isdigit( *p ) ) 637 val = (FT_Byte)( *p - '0' ); 638 else if ( *p >= 'a' && *p <= 'f' ) 639 val = (FT_Byte)( *p - 'a' ); 640 else if ( *p >= 'A' && *p <= 'F' ) 641 val = (FT_Byte)( *p - 'A' + 10 ); 642 else if ( *p == ' ' || 643 *p == '\t' || 644 *p == '\r' || 645 *p == '\n' || 646 *p == '\f' || 647 *p == '\0' ) 648 { 649 p++; 650 continue; 651 } 652 else if ( *p == '>' ) 653 { 654 val = 0; 655 done = 1; 656 } 657 else 658 { 659 error = FT_THROW( Syntax_Error ); 660 goto Exit; 661 } 662 663 if ( upper_nibble ) 664 *d = (FT_Byte)( val << 4 ); 665 else 666 { 667 *d = (FT_Byte)( *d + val ); 668 d++; 669 } 670 671 upper_nibble = (FT_Byte)( 1 - upper_nibble ); 672 673 if ( done ) 674 break; 675 676 p++; 677 } 678 679 error = FT_Err_Ok; 680 681 Exit: 682 return error; 683 } 684 685 686 FT_LOCAL_DEF( FT_Error ) cid_face_open(CID_Face face,FT_Int face_index)687 cid_face_open( CID_Face face, 688 FT_Int face_index ) 689 { 690 CID_Loader loader; 691 CID_Parser* parser; 692 FT_Memory memory = face->root.memory; 693 FT_Error error; 694 FT_Int n; 695 696 CID_FaceInfo cid = &face->cid; 697 698 FT_ULong binary_length; 699 FT_ULong entry_len; 700 701 702 cid_init_loader( &loader, face ); 703 704 parser = &loader.parser; 705 error = cid_parser_new( parser, face->root.stream, face->root.memory, 706 (PSAux_Service)face->psaux ); 707 if ( error ) 708 goto Exit; 709 710 error = cid_parse_dict( face, &loader, 711 parser->postscript, 712 parser->postscript_len ); 713 if ( error ) 714 goto Exit; 715 716 if ( face_index < 0 ) 717 goto Exit; 718 719 if ( FT_NEW( face->cid_stream ) ) 720 goto Exit; 721 722 if ( parser->binary_length ) 723 { 724 if ( parser->binary_length > 725 face->root.stream->size - parser->data_offset ) 726 { 727 FT_TRACE0(( "cid_face_open: adjusting length of binary data\n" 728 " (from %d to %d bytes)\n", 729 parser->binary_length, 730 face->root.stream->size - parser->data_offset )); 731 parser->binary_length = face->root.stream->size - 732 parser->data_offset; 733 } 734 735 /* we must convert the data section from hexadecimal to binary */ 736 if ( FT_ALLOC( face->binary_data, parser->binary_length ) || 737 cid_hex_to_binary( face->binary_data, parser->binary_length, 738 parser->data_offset, face ) ) 739 goto Exit; 740 741 FT_Stream_OpenMemory( face->cid_stream, 742 face->binary_data, parser->binary_length ); 743 cid->data_offset = 0; 744 } 745 else 746 { 747 *face->cid_stream = *face->root.stream; 748 cid->data_offset = loader.parser.data_offset; 749 } 750 751 /* sanity tests */ 752 753 if ( cid->fd_bytes < 0 || cid->gd_bytes < 1 ) 754 { 755 FT_ERROR(( "cid_parse_dict:" 756 " Invalid `FDBytes' or `GDBytes' value\n" )); 757 error = FT_THROW( Invalid_File_Format ); 758 goto Exit; 759 } 760 761 /* allow at most 32bit offsets */ 762 if ( cid->fd_bytes > 4 || cid->gd_bytes > 4 ) 763 { 764 FT_ERROR(( "cid_parse_dict:" 765 " Values of `FDBytes' or `GDBytes' larger than 4\n" 766 " " 767 " are not supported\n" )); 768 error = FT_THROW( Invalid_File_Format ); 769 goto Exit; 770 } 771 772 binary_length = face->cid_stream->size - cid->data_offset; 773 entry_len = (FT_ULong)( cid->fd_bytes + cid->gd_bytes ); 774 775 for ( n = 0; n < cid->num_dicts; n++ ) 776 { 777 CID_FaceDict dict = cid->font_dicts + n; 778 779 780 if ( dict->sd_bytes < 0 ) 781 { 782 FT_ERROR(( "cid_parse_dict: Invalid `SDBytes' value\n" )); 783 error = FT_THROW( Invalid_File_Format ); 784 goto Exit; 785 } 786 787 if ( dict->sd_bytes > 4 ) 788 { 789 FT_ERROR(( "cid_parse_dict:" 790 " Values of `SDBytes' larger than 4" 791 " are not supported\n" )); 792 error = FT_THROW( Invalid_File_Format ); 793 goto Exit; 794 } 795 796 if ( dict->subrmap_offset > binary_length ) 797 { 798 FT_ERROR(( "cid_parse_dict: Invalid `SubrMapOffset' value\n" )); 799 error = FT_THROW( Invalid_File_Format ); 800 goto Exit; 801 } 802 803 /* `num_subrs' is scanned as a signed integer */ 804 if ( (FT_Int)dict->num_subrs < 0 || 805 ( dict->sd_bytes && 806 dict->num_subrs > ( binary_length - dict->subrmap_offset ) / 807 (FT_UInt)dict->sd_bytes ) ) 808 { 809 FT_ERROR(( "cid_parse_dict: Invalid `SubrCount' value\n" )); 810 error = FT_THROW( Invalid_File_Format ); 811 goto Exit; 812 } 813 } 814 815 if ( cid->cidmap_offset > binary_length ) 816 { 817 FT_ERROR(( "cid_parse_dict: Invalid `CIDMapOffset' value\n" )); 818 error = FT_THROW( Invalid_File_Format ); 819 goto Exit; 820 } 821 822 if ( entry_len && 823 cid->cid_count > 824 ( binary_length - cid->cidmap_offset ) / entry_len ) 825 { 826 FT_ERROR(( "cid_parse_dict: Invalid `CIDCount' value\n" )); 827 error = FT_THROW( Invalid_File_Format ); 828 goto Exit; 829 } 830 831 /* we can now safely proceed */ 832 error = cid_read_subrs( face ); 833 834 Exit: 835 cid_done_loader( &loader ); 836 return error; 837 } 838 839 840 /* END */ 841