read_fonts/tables/
sbix.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
//! The [sbix (Standard Bitmap Graphics)](https://docs.microsoft.com/en-us/typography/opentype/spec/sbix) table

include!("../../generated/generated_sbix.rs");

impl<'a> Strike<'a> {
    pub fn glyph_data(&self, glyph_id: GlyphId) -> Result<Option<GlyphData<'a>>, ReadError> {
        let offsets = self.glyph_data_offsets();
        let start_ix = glyph_id.to_u32() as usize;
        let start = offsets.get(start_ix).ok_or(ReadError::OutOfBounds)?.get() as usize;
        let end = offsets
            .get(start_ix + 1)
            .ok_or(ReadError::OutOfBounds)?
            .get() as usize;
        if start == end {
            // Empty glyphs are okay
            return Ok(None);
        }
        let data = self
            .offset_data()
            .slice(start..end)
            .ok_or(ReadError::OutOfBounds)?;
        Ok(Some(GlyphData::read(data)?))
    }
}

#[cfg(test)]
mod tests {
    use crate::tables::sbix::Sbix;
    use crate::test_helpers::BeBuffer;

    #[test]
    fn sbix_strikes_count_overflow_table() {
        // Contains an invalid `num_strikes` values which would move the cursor outside the able.
        // See https://issues.chromium.org/issues/347835680 for the ClusterFuzz report.
        // Failure only reproduces on 32-bit, for example, run with:
        // cargo test --target=i686-unknown-linux-gnu "sbix_strikes_count_overflow_table"
        let sbix = BeBuffer::new()
            .push(1u16) // version
            .push(0u16) // flags
            .push(u32::MAX); // num_strikes

        let table = Sbix::read(sbix.font_data(), 5);
        // Must not panic with "attempt to multiply with overflow".
        assert!(table.is_err());
    }
}