content/common/mac/font_loader.mm - chromium/src - Git at Google

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "content/common/mac/font_loader.h"

 #import <Cocoa/Cocoa.h>

 #include <limits>

 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/logging.h"
 #include "base/mac/foundation_util.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/mac/scoped_nsobject.h"
 #include "base/strings/sys_string_conversions.h"
 #include "base/threading/thread_restrictions.h"
 #include "content/common/mac/font_descriptor.h"

 #include <map>

 extern "C" {

 // Work around http://crbug.com/93191, a really nasty memory smasher bug.
 // On Mac OS X 10.7 ("Lion"), ATS writes to memory it doesn't own.
 // SendDeactivateFontsInContainerMessage, called by ATSFontDeactivate,
 // may trash memory whenever dlsym(RTLD_DEFAULT,
 // "_CTFontManagerUnregisterFontForData") returns NULL. In that case, it tries
 // to locate that symbol in the CoreText framework, doing some extremely
 // sloppy string handling resulting in a likelihood that the string
 // "Text.framework/Versions/A/CoreText" will be written over memory that it
 // doesn't own. The kicker here is that Apple dlsym always inserts its own
 // leading underscore, so ATS actually winds up looking up a
 // __CTFontManagerUnregisterFontForData symbol, which doesn't even exist in
 // CoreText. It's only got the single-underscore variant corresponding to an
 // underscoreless extern "C" name.
 //
 // Providing a single-underscored extern "C" function by this name results in
 // a __CTFontManagerUnregisterFontForData symbol that, as long as it's public
 // (not private extern) and unstripped, ATS will find. If it finds it, it
 // avoids making amateur string mistakes that ruin everyone else's good time.
 //
 // Since ATS wouldn't normally be able to call this function anyway, it's just
 // left as a no-op here.
 //
 // This file seems as good as any other to place this function. It was chosen
 // because it already interfaces with ATS for other reasons.
 //
 // SendDeactivateFontsInContainerMessage on 10.6 ("Snow Leopard") appears to
 // share this bug but this sort of memory corruption wasn't detected until
 // 10.7. The implementation in 10.5 ("Leopard") does not have this problem.
 __attribute__((visibility("default")))
 void _CTFontManagerUnregisterFontForData(NSUInteger, int) {
 }

 }  // extern "C"

 namespace {

 uint32_t GetFontIDForFont(const base::FilePath& font_path) {
   // content/common can't depend on content/browser, so this cannot call
   // BrowserThread::CurrentlyOn(). Check this is always called on the same
   // thread.
   static pthread_t thread_id = pthread_self();
   DCHECK_EQ(pthread_self(), thread_id);

   // Font loading used to call ATSFontGetContainer()
   // and used that as font id.
   // ATS is deprecated and CTFont doesn't seem to have a obvious fixed id for a
   // font. Since this function is only called from a single thread, use a static
   // map to store ids.
   typedef std::map<base::FilePath, uint32_t> FontIdMap;
   CR_DEFINE_STATIC_LOCAL(FontIdMap, font_ids, ());

   auto it = font_ids.find(font_path);
   if (it != font_ids.end())
     return it->second;

   uint32_t font_id = font_ids.size() + 1;
   font_ids[font_path] = font_id;
   return font_id;
 }

 }  // namespace

 // static
 void FontLoader::LoadFont(const FontDescriptor& font,
                           FontLoader::Result* result) {
   base::ThreadRestrictions::AssertIOAllowed();

   DCHECK(result);
   result->font_data_size = 0;
   result->font_id = 0;

   NSFont* font_to_encode = font.ToNSFont();

   // Load appropriate NSFont.
   if (!font_to_encode) {
     DLOG(ERROR) << "Failed to load font " << font.font_name;
     return;
   }

   // NSFont -> File path.
   // Warning: Calling this function on a font activated from memory will result
   // in failure with a -50 - paramErr.  This may occur if
   // CreateCGFontFromBuffer() is called in the same process as this function
   // e.g. when writing a unit test that exercises these two functions together.
   // If said unit test were to load a system font and activate it from memory
   // it becomes impossible for the system to the find the original file ref
   // since the font now lives in memory as far as it's concerned.
   CTFontRef ct_font_to_encode = (CTFontRef)font_to_encode;
   base::scoped_nsobject<NSURL> font_url(
       base::mac::CFToNSCast(base::mac::CFCastStrict<CFURLRef>(
           CTFontCopyAttribute(ct_font_to_encode, kCTFontURLAttribute))));
   if (![font_url isFileURL]) {
     DLOG(ERROR) << "Failed to find font file for " << font.font_name;
     return;
   }

   base::FilePath font_path = base::mac::NSStringToFilePath([font_url path]);

   // Load file into shared memory buffer.
   int64_t font_file_size_64 = -1;
   if (!base::GetFileSize(font_path, &font_file_size_64)) {
     DLOG(ERROR) << "Couldn't get font file size for " << font_path.value();
     return;
   }

   if (font_file_size_64 <= 0 ||
       font_file_size_64 >= std::numeric_limits<int32_t>::max()) {
     DLOG(ERROR) << "Bad size for font file " << font_path.value();
     return;
   }

   int32_t font_file_size_32 = static_cast<int32_t>(font_file_size_64);
   if (!result->font_data.CreateAndMapAnonymous(font_file_size_32)) {
     DLOG(ERROR) << "Failed to create shmem area for " << font.font_name;
     return;
   }

   int32_t amt_read = base::ReadFile(
       font_path, reinterpret_cast<char*>(result->font_data.memory()),
       font_file_size_32);
   if (amt_read != font_file_size_32) {
     DLOG(ERROR) << "Failed to read font data for " << font_path.value();
     return;
   }

   result->font_data_size = font_file_size_32;
   result->font_id = GetFontIDForFont(font_path);
 }

 // static
 bool FontLoader::CGFontRefFromBuffer(base::SharedMemoryHandle font_data,
                                      uint32_t font_data_size,
                                      CGFontRef* out) {
   *out = NULL;

   using base::SharedMemory;
   DCHECK(SharedMemory::IsHandleValid(font_data));
   DCHECK_GT(font_data_size, 0U);

   SharedMemory shm(font_data, /*read_only=*/true);
   if (!shm.Map(font_data_size))
     return false;

   NSData* data = [NSData dataWithBytes:shm.memory()
                                 length:font_data_size];
   base::ScopedCFTypeRef<CGDataProviderRef> provider(
       CGDataProviderCreateWithCFData(base::mac::NSToCFCast(data)));
   if (!provider)
     return false;

   *out = CGFontCreateWithDataProvider(provider.get());

   if (*out == NULL)
     return false;

   return true;
 }
	// Copyright (c) 2012 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "content/common/mac/font_loader.h"

	#import <Cocoa/Cocoa.h>

	#include <limits>

	#include "base/files/file_path.h"
	#include "base/files/file_util.h"
	#include "base/logging.h"
	#include "base/mac/foundation_util.h"
	#include "base/mac/scoped_cftyperef.h"
	#include "base/mac/scoped_nsobject.h"
	#include "base/strings/sys_string_conversions.h"
	#include "base/threading/thread_restrictions.h"
	#include "content/common/mac/font_descriptor.h"

	#include <map>

	extern "C" {

	// Work around http://crbug.com/93191, a really nasty memory smasher bug.
	// On Mac OS X 10.7 ("Lion"), ATS writes to memory it doesn't own.
	// SendDeactivateFontsInContainerMessage, called by ATSFontDeactivate,
	// may trash memory whenever dlsym(RTLD_DEFAULT,
	// "_CTFontManagerUnregisterFontForData") returns NULL. In that case, it tries
	// to locate that symbol in the CoreText framework, doing some extremely
	// sloppy string handling resulting in a likelihood that the string
	// "Text.framework/Versions/A/CoreText" will be written over memory that it
	// doesn't own. The kicker here is that Apple dlsym always inserts its own
	// leading underscore, so ATS actually winds up looking up a
	// __CTFontManagerUnregisterFontForData symbol, which doesn't even exist in
	// CoreText. It's only got the single-underscore variant corresponding to an
	// underscoreless extern "C" name.
	//
	// Providing a single-underscored extern "C" function by this name results in
	// a __CTFontManagerUnregisterFontForData symbol that, as long as it's public
	// (not private extern) and unstripped, ATS will find. If it finds it, it
	// avoids making amateur string mistakes that ruin everyone else's good time.
	//
	// Since ATS wouldn't normally be able to call this function anyway, it's just
	// left as a no-op here.
	//
	// This file seems as good as any other to place this function. It was chosen
	// because it already interfaces with ATS for other reasons.
	//
	// SendDeactivateFontsInContainerMessage on 10.6 ("Snow Leopard") appears to
	// share this bug but this sort of memory corruption wasn't detected until
	// 10.7. The implementation in 10.5 ("Leopard") does not have this problem.
	__attribute__((visibility("default")))
	void _CTFontManagerUnregisterFontForData(NSUInteger, int) {
	}

	} // extern "C"

	namespace {

	uint32_t GetFontIDForFont(const base::FilePath& font_path) {
	// content/common can't depend on content/browser, so this cannot call
	// BrowserThread::CurrentlyOn(). Check this is always called on the same
	// thread.
	static pthread_t thread_id = pthread_self();
	DCHECK_EQ(pthread_self(), thread_id);

	// Font loading used to call ATSFontGetContainer()
	// and used that as font id.
	// ATS is deprecated and CTFont doesn't seem to have a obvious fixed id for a
	// font. Since this function is only called from a single thread, use a static
	// map to store ids.
	typedef std::map<base::FilePath, uint32_t> FontIdMap;
	CR_DEFINE_STATIC_LOCAL(FontIdMap, font_ids, ());

	auto it = font_ids.find(font_path);
	if (it != font_ids.end())
	return it->second;

	uint32_t font_id = font_ids.size() + 1;
	font_ids[font_path] = font_id;
	return font_id;
	}

	} // namespace

	// static
	void FontLoader::LoadFont(const FontDescriptor& font,
	FontLoader::Result* result) {
	base::ThreadRestrictions::AssertIOAllowed();

	DCHECK(result);
	result->font_data_size = 0;
	result->font_id = 0;

	NSFont* font_to_encode = font.ToNSFont();

	// Load appropriate NSFont.
	if (!font_to_encode) {
	DLOG(ERROR) << "Failed to load font " << font.font_name;
	return;
	}

	// NSFont -> File path.
	// Warning: Calling this function on a font activated from memory will result
	// in failure with a -50 - paramErr. This may occur if
	// CreateCGFontFromBuffer() is called in the same process as this function
	// e.g. when writing a unit test that exercises these two functions together.
	// If said unit test were to load a system font and activate it from memory
	// it becomes impossible for the system to the find the original file ref
	// since the font now lives in memory as far as it's concerned.
	CTFontRef ct_font_to_encode = (CTFontRef)font_to_encode;
	base::scoped_nsobject<NSURL> font_url(
	base::mac::CFToNSCast(base::mac::CFCastStrict<CFURLRef>(
	CTFontCopyAttribute(ct_font_to_encode, kCTFontURLAttribute))));
	if (![font_url isFileURL]) {
	DLOG(ERROR) << "Failed to find font file for " << font.font_name;
	return;
	}

	base::FilePath font_path = base::mac::NSStringToFilePath([font_url path]);

	// Load file into shared memory buffer.
	int64_t font_file_size_64 = -1;
	if (!base::GetFileSize(font_path, &font_file_size_64)) {
	DLOG(ERROR) << "Couldn't get font file size for " << font_path.value();
	return;
	}

	if (font_file_size_64 <= 0 \|\|
	font_file_size_64 >= std::numeric_limits<int32_t>::max()) {
	DLOG(ERROR) << "Bad size for font file " << font_path.value();
	return;
	}

	int32_t font_file_size_32 = static_cast<int32_t>(font_file_size_64);
	if (!result->font_data.CreateAndMapAnonymous(font_file_size_32)) {
	DLOG(ERROR) << "Failed to create shmem area for " << font.font_name;
	return;
	}

	int32_t amt_read = base::ReadFile(
	font_path, reinterpret_cast<char*>(result->font_data.memory()),
	font_file_size_32);
	if (amt_read != font_file_size_32) {
	DLOG(ERROR) << "Failed to read font data for " << font_path.value();
	return;
	}

	result->font_data_size = font_file_size_32;
	result->font_id = GetFontIDForFont(font_path);
	}

	// static
	bool FontLoader::CGFontRefFromBuffer(base::SharedMemoryHandle font_data,
	uint32_t font_data_size,
	CGFontRef* out) {
	*out = NULL;

	using base::SharedMemory;
	DCHECK(SharedMemory::IsHandleValid(font_data));
	DCHECK_GT(font_data_size, 0U);

	SharedMemory shm(font_data, /read_only=/true);
	if (!shm.Map(font_data_size))
	return false;

	NSData* data = [NSData dataWithBytes:shm.memory()
	length:font_data_size];
	base::ScopedCFTypeRef<CGDataProviderRef> provider(
	CGDataProviderCreateWithCFData(base::mac::NSToCFCast(data)));
	if (!provider)
	return false;

	*out = CGFontCreateWithDataProvider(provider.get());

	if (*out == NULL)
	return false;

	return true;
	}