[webkit-reviews] review denied: [Bug 31302] Add WOFF support for @font-face : [Attachment 62916] Add woffToSfnt() and use it on Mac and Windows

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jul 28 22:47:06 PDT 2010 

Darin Adler <darin at apple.com> has denied mitz at webkit.org's request for review:
Bug 31302: Add WOFF support for @font-face
https://bugs.webkit.org/show_bug.cgi?id=31302

Attachment 62916: Add woffToSfnt() and use it on Mac and Windows
https://bugs.webkit.org/attachment.cgi?id=62916&action=review

------- Additional Comments from Darin Adler <darin at apple.com>
> +    while (searchRange < numTables) {
> +	   entrySelector++;
> +	   searchRange <<= 1;
> +    }

If numTables is a the maximum value, this will be an infinite loop.

> +    searchRange <<= 4;

If numTables is a large value, this could overflow.

> +    uint16_t rangeShift = (numTables << 4) - searchRange;

If numTables is a large value, this could overflow.

> +    if ((totalSfntSize - sfnt.size()) / (4 * sizeof(uint32_t)) < numTables)
> +	   return false;

What guarantees that totalSfntSize is >= sfnt.size()? Since numTables is
restricted to 16 bits, you could do this math with multiplication instead of
divison.

> +	   uint32_t tableCompLength;
> +	   if (!readUInt32(woff, offset, tableCompLength))
> +	       return false;

How about "compressed" instead of "comp"?

> +	   uint32_t tableOrigLength;
> +	   if (!readUInt32(woff, offset, tableOrigLength) || tableCompLength >
tableOrigLength)
> +	       return false;

How about "original" instead of "orig"?

> +// Returns false if woff is not a valid WOFF font. Otherwise returns true
and writes
> +// the sfnt payload into sfnt.
> +bool woffToSfnt(SharedBuffer* woff, Vector<uint8_t>& sfnt);

How about a verb? Maybe convertWOFFToSfnt?

> +#if OS(LINUX)
> +class String;
> +#endif

I think you can make the forward declaration unconditional.

> +static void freeSfntData(void*, const void*data, size_t)
> +{
> +    fastFree(const_cast<void*>(data));
> +}

Missing space after the "*" before data.

> +    Vector<uint8_t> sfnt;
> +    RefPtr<SharedBuffer> sfntBuffer;
> +    if (woffToSfnt(buffer, sfnt)) {
> +	   sfntBuffer =
SharedBuffer::adoptVector(*reinterpret_cast<Vector<char>*>(&sfnt));
> +	   buffer = sfntBuffer.get();
> +    }

The reinterpret_cast to a Vector<char>* seems really ugly and dangerous. Is
there any way around this? Perhaps we could just write into a Vector<char>.
When reading, the fact that we don't know if it's signed or unsigned could be
an issue. But when writing, it should not.

review- because you should defend against crazy values for numTables and
totalSfntSize.

More information about the webkit-reviews mailing list