mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Sandbox woff2
Trickiest part here was memory allocation and test handling.
This commit is contained in:
parent
6d51497cbf
commit
7a616718d8
|
@ -22,6 +22,7 @@ set(SAPI_CONTRIB_SANDBOXES
|
||||||
turbojpeg
|
turbojpeg
|
||||||
zopfli
|
zopfli
|
||||||
zstd
|
zstd
|
||||||
|
woff2
|
||||||
)
|
)
|
||||||
|
|
||||||
foreach(_contrib IN LISTS SAPI_CONTRIB_SANDBOXES)
|
foreach(_contrib IN LISTS SAPI_CONTRIB_SANDBOXES)
|
||||||
|
|
75
contrib/woff2/CMakeLists.txt
Normal file
75
contrib/woff2/CMakeLists.txt
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
# Copyright 2022 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
cmake_minimum_required(VERSION 3.13..3.22)
|
||||||
|
project(woff2-sapi CXX C)
|
||||||
|
|
||||||
|
set(CMAKE_CXX_STANDARD 17)
|
||||||
|
set(CMAKE_CXX_STANDARD_REQUIRED True)
|
||||||
|
|
||||||
|
if(NOT TARGET sapi::sapi)
|
||||||
|
set(SAPI_ROOT "../.." CACHE PATH "Path to the Sandboxed API source tree")
|
||||||
|
add_subdirectory("${SAPI_ROOT}"
|
||||||
|
"${CMAKE_BINARY_DIR}/sandboxed-api-build"
|
||||||
|
# Omit this to have the full Sandboxed API in IDE
|
||||||
|
EXCLUDE_FROM_ALL)
|
||||||
|
endif()
|
||||||
|
|
||||||
|
find_package(PkgConfig REQUIRED)
|
||||||
|
pkg_check_modules(WOFF2_ENC REQUIRED IMPORTED_TARGET GLOBAL libwoff2enc)
|
||||||
|
pkg_check_modules(WOFF2_DEC REQUIRED IMPORTED_TARGET GLOBAL libwoff2dec)
|
||||||
|
pkg_check_modules(WOFF2_COMMON REQUIRED IMPORTED_TARGET GLOBAL libwoff2common)
|
||||||
|
|
||||||
|
add_library(woff2_sapi_wrapper woff2_wrapper.cc woff2_wrapper.h)
|
||||||
|
target_link_libraries(woff2_sapi_wrapper
|
||||||
|
PRIVATE
|
||||||
|
PkgConfig::WOFF2_ENC
|
||||||
|
PkgConfig::WOFF2_DEC
|
||||||
|
PkgConfig::WOFF2_COMMON
|
||||||
|
)
|
||||||
|
|
||||||
|
add_sapi_library(woff2_sapi
|
||||||
|
FUNCTIONS
|
||||||
|
WOFF2_ConvertWOFF2ToTTF
|
||||||
|
WOFF2_ConvertTTFToWOFF2
|
||||||
|
WOFF2_Free
|
||||||
|
INPUTS
|
||||||
|
"woff2_wrapper.h"
|
||||||
|
LIBRARY
|
||||||
|
woff2_sapi_wrapper
|
||||||
|
LIBRARY_NAME
|
||||||
|
WOFF2
|
||||||
|
NAMESPACE
|
||||||
|
sapi_woff2
|
||||||
|
)
|
||||||
|
|
||||||
|
target_include_directories(woff2_sapi INTERFACE
|
||||||
|
"${PROJECT_BINARY_DIR}"
|
||||||
|
"${SAPI_SOURCE_DIR}"
|
||||||
|
)
|
||||||
|
|
||||||
|
if(SAPI_ENABLE_TESTS)
|
||||||
|
enable_testing()
|
||||||
|
add_executable(woff2_sapi_test
|
||||||
|
woff2_sapi_test.cc
|
||||||
|
)
|
||||||
|
target_link_libraries(woff2_sapi_test PRIVATE
|
||||||
|
woff2_sapi
|
||||||
|
sapi::base
|
||||||
|
gtest
|
||||||
|
gmock
|
||||||
|
)
|
||||||
|
gtest_discover_tests(woff2_sapi_test PROPERTIES
|
||||||
|
ENVIRONMENT "TEST_DATA_DIR=${PROJECT_SOURCE_DIR}/testdata")
|
||||||
|
endif()
|
BIN
contrib/woff2/testdata/Roboto-Regular.ttf
vendored
Normal file
BIN
contrib/woff2/testdata/Roboto-Regular.ttf
vendored
Normal file
Binary file not shown.
BIN
contrib/woff2/testdata/Roboto-Regular.woff2
vendored
Normal file
BIN
contrib/woff2/testdata/Roboto-Regular.woff2
vendored
Normal file
Binary file not shown.
48
contrib/woff2/woff2_sapi.h
Normal file
48
contrib/woff2/woff2_sapi.h
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
// Copyright 2022 Google LLC
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
#ifndef CONTRIB_WOFF2_WOFF2_SAPI_H_
|
||||||
|
#define CONTRIB_WOFF2_WOFF2_SAPI_H_
|
||||||
|
|
||||||
|
#include <syscall.h>
|
||||||
|
|
||||||
|
#include <cstdlib>
|
||||||
|
|
||||||
|
#include "woff2_sapi.sapi.h" // NOLINT(build/include)
|
||||||
|
namespace sapi_woff2 {
|
||||||
|
class Woff2SapiSandbox : public WOFF2Sandbox {
|
||||||
|
public:
|
||||||
|
std::unique_ptr<sandbox2::Policy> ModifyPolicy(
|
||||||
|
sandbox2::PolicyBuilder*) override {
|
||||||
|
return sandbox2::PolicyBuilder()
|
||||||
|
.AllowDynamicStartup()
|
||||||
|
.AllowSystemMalloc()
|
||||||
|
.AllowRead()
|
||||||
|
.AllowStat()
|
||||||
|
.AllowWrite()
|
||||||
|
.AllowExit()
|
||||||
|
.AllowSyscalls({
|
||||||
|
__NR_futex,
|
||||||
|
__NR_close,
|
||||||
|
__NR_lseek,
|
||||||
|
__NR_getpid,
|
||||||
|
__NR_clock_gettime,
|
||||||
|
__NR_mmap,
|
||||||
|
__NR_madvise,
|
||||||
|
})
|
||||||
|
.BuildOrDie();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
} // namespace sapi_woff2
|
||||||
|
#endif // CONTRIB_WOFF2_WOFF2_SAPI_H_
|
137
contrib/woff2/woff2_sapi_test.cc
Normal file
137
contrib/woff2/woff2_sapi_test.cc
Normal file
|
@ -0,0 +1,137 @@
|
||||||
|
// Copyright 2022 Google LLC
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
#include <woff2/encode.h>
|
||||||
|
|
||||||
|
#include <cstddef>
|
||||||
|
#include <cstdlib>
|
||||||
|
#include <fstream>
|
||||||
|
#include <iostream>
|
||||||
|
#include <optional>
|
||||||
|
|
||||||
|
#include "contrib/woff2/woff2_sapi.h"
|
||||||
|
#include "gflags/gflags.h"
|
||||||
|
#include "glog/logging.h"
|
||||||
|
#include "gmock/gmock.h"
|
||||||
|
#include "gtest/gtest.h"
|
||||||
|
#include "sandboxed_api/testing.h"
|
||||||
|
#include "sandboxed_api/util/fileops.h"
|
||||||
|
#include "sandboxed_api/util/path.h"
|
||||||
|
#include "sandboxed_api/util/status_matchers.h"
|
||||||
|
#include "woff2_sapi.h" // NOLINT(build/include)
|
||||||
|
#include "woff2_sapi.sapi.h" // NOLINT(build/include)
|
||||||
|
#include "woff2_wrapper.h" // NOLINT(build/include)
|
||||||
|
|
||||||
|
namespace {
|
||||||
|
|
||||||
|
using ::sapi::IsOk;
|
||||||
|
using ::testing::Eq;
|
||||||
|
using ::testing::IsNull;
|
||||||
|
using ::testing::Not;
|
||||||
|
using ::testing::StrEq;
|
||||||
|
|
||||||
|
class Woff2SapiSandboxTest : public testing::Test {
|
||||||
|
protected:
|
||||||
|
static void SetUpTestSuite() {
|
||||||
|
test_data_dir_ = ::getenv("TEST_DATA_DIR");
|
||||||
|
ASSERT_THAT(test_data_dir_, Not(IsNull()));
|
||||||
|
sandbox_ = new ::sapi_woff2::Woff2SapiSandbox();
|
||||||
|
ASSERT_THAT(sandbox_->Init(), IsOk());
|
||||||
|
api_ = new ::sapi_woff2::WOFF2Api(sandbox_);
|
||||||
|
}
|
||||||
|
static void TearDownTestSuite() {
|
||||||
|
delete api_;
|
||||||
|
delete sandbox_;
|
||||||
|
}
|
||||||
|
static absl::StatusOr<std::vector<uint8_t>> ReadFile(
|
||||||
|
const char* in_file, size_t expected_size = SIZE_MAX);
|
||||||
|
static const char* test_data_dir_;
|
||||||
|
static ::sapi_woff2::WOFF2Api* api_;
|
||||||
|
|
||||||
|
private:
|
||||||
|
static ::sapi_woff2::Woff2SapiSandbox* sandbox_;
|
||||||
|
};
|
||||||
|
|
||||||
|
::sapi_woff2::Woff2SapiSandbox* Woff2SapiSandboxTest::sandbox_;
|
||||||
|
::sapi_woff2::WOFF2Api* Woff2SapiSandboxTest::api_;
|
||||||
|
const char* Woff2SapiSandboxTest::test_data_dir_;
|
||||||
|
|
||||||
|
std::streamsize GetStreamSize(std::ifstream& stream) {
|
||||||
|
stream.seekg(0, std::ios_base::end);
|
||||||
|
std::streamsize ssize = stream.tellg();
|
||||||
|
stream.seekg(0, std::ios_base::beg);
|
||||||
|
|
||||||
|
return ssize;
|
||||||
|
}
|
||||||
|
|
||||||
|
absl::StatusOr<std::vector<uint8_t>> Woff2SapiSandboxTest::ReadFile(
|
||||||
|
const char* in_file, size_t expected_size) {
|
||||||
|
auto env = absl::StrCat(test_data_dir_, "/", in_file);
|
||||||
|
std::ifstream f(env);
|
||||||
|
if (!f.is_open()) {
|
||||||
|
return absl::UnavailableError("File could not be opened");
|
||||||
|
}
|
||||||
|
std::streamsize ssize = GetStreamSize(f);
|
||||||
|
if (expected_size != SIZE_MAX && ssize != expected_size) {
|
||||||
|
return absl::UnavailableError("Incorrect size of file");
|
||||||
|
}
|
||||||
|
std::vector<uint8_t> inbuf((ssize));
|
||||||
|
f.read(reinterpret_cast<char*>(inbuf.data()), ssize);
|
||||||
|
if (ssize != f.gcount()) {
|
||||||
|
return absl::UnavailableError("Premature end of file");
|
||||||
|
}
|
||||||
|
if (f.fail() || f.eof()) {
|
||||||
|
return absl::UnavailableError("Error reading file");
|
||||||
|
}
|
||||||
|
return inbuf;
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_F(Woff2SapiSandboxTest, Compress) {
|
||||||
|
auto result = ReadFile("Roboto-Regular.ttf");
|
||||||
|
ASSERT_THAT(result, IsOk());
|
||||||
|
sapi::v::Array array(result->data(), result->size());
|
||||||
|
sapi::v::GenericPtr p;
|
||||||
|
sapi::v::IntBase<size_t> out_length;
|
||||||
|
auto compress_result = api_->WOFF2_ConvertTTFToWOFF2(
|
||||||
|
array.PtrBefore(), result->size(), p.PtrAfter(), out_length.PtrAfter());
|
||||||
|
ASSERT_THAT(compress_result, IsOk());
|
||||||
|
ASSERT_TRUE(compress_result.value());
|
||||||
|
ASSERT_THAT(p.GetValue(), Not(Eq(0)));
|
||||||
|
auto ptr = sapi::v::RemotePtr{reinterpret_cast<void*>(p.GetValue())};
|
||||||
|
ASSERT_THAT(api_->WOFF2_Free(&ptr), IsOk());
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_F(Woff2SapiSandboxTest, Decompress) {
|
||||||
|
auto result = ReadFile("Roboto-Regular.woff2");
|
||||||
|
ASSERT_THAT(result, IsOk());
|
||||||
|
sapi::v::Array array(result->data(), result->size());
|
||||||
|
sapi::v::GenericPtr p;
|
||||||
|
sapi::v::IntBase<size_t> out_length;
|
||||||
|
auto decompress_result = api_->WOFF2_ConvertWOFF2ToTTF(
|
||||||
|
array.PtrBefore(), result->size(), p.PtrAfter(), out_length.PtrAfter(),
|
||||||
|
1 << 25);
|
||||||
|
ASSERT_THAT(decompress_result, IsOk());
|
||||||
|
ASSERT_TRUE(decompress_result.value());
|
||||||
|
ASSERT_THAT(p.GetValue(), Not(Eq(0)));
|
||||||
|
auto ptr = sapi::v::RemotePtr{reinterpret_cast<void*>(p.GetValue())};
|
||||||
|
ASSERT_THAT(api_->WOFF2_Free(&ptr), IsOk());
|
||||||
|
}
|
||||||
|
} // namespace
|
||||||
|
|
||||||
|
int main(int argc, char* argv[]) {
|
||||||
|
if (argc < 1) return 255;
|
||||||
|
::google::InitGoogleLogging(argv[0]);
|
||||||
|
::testing::InitGoogleTest(&argc, argv);
|
||||||
|
return RUN_ALL_TESTS();
|
||||||
|
}
|
42
contrib/woff2/woff2_wrapper.cc
Normal file
42
contrib/woff2/woff2_wrapper.cc
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
#include <woff2/decode.h>
|
||||||
|
#include <woff2/encode.h>
|
||||||
|
#include <woff2/output.h>
|
||||||
|
|
||||||
|
#include <cinttypes>
|
||||||
|
#include <cstddef>
|
||||||
|
#include <memory>
|
||||||
|
|
||||||
|
extern "C" bool WOFF2_ConvertWOFF2ToTTF(const uint8_t* data, size_t length,
|
||||||
|
uint8_t** result, size_t* result_length,
|
||||||
|
size_t max_size) noexcept {
|
||||||
|
if (result) *result = nullptr;
|
||||||
|
if (result_length) *result_length = 0;
|
||||||
|
if (!data || !length || !result || !result_length) return false;
|
||||||
|
size_t final_size = ::woff2::ComputeWOFF2FinalSize(data, length);
|
||||||
|
if (final_size > (max_size ? max_size : woff2::kDefaultMaxSize)) return false;
|
||||||
|
std::unique_ptr<uint8_t[]> buffer = std::make_unique<uint8_t[]>(final_size);
|
||||||
|
woff2::WOFF2MemoryOut output(buffer.get(), final_size);
|
||||||
|
if (!::woff2::ConvertWOFF2ToTTF(data, length, &output)) return false;
|
||||||
|
*result = buffer.release();
|
||||||
|
*result_length = final_size;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
extern "C" bool WOFF2_ConvertTTFToWOFF2(const uint8_t* data, size_t length,
|
||||||
|
uint8_t** result,
|
||||||
|
size_t* result_length) noexcept {
|
||||||
|
if (result) *result = nullptr;
|
||||||
|
if (result_length) *result_length = 0;
|
||||||
|
if (!data || !length || !result || !result_length) return false;
|
||||||
|
size_t size = woff2::MaxWOFF2CompressedSize(data, length);
|
||||||
|
std::unique_ptr<uint8_t[]> buffer = std::make_unique<uint8_t[]>(size);
|
||||||
|
if (!buffer) return false;
|
||||||
|
if (!woff2::ConvertTTFToWOFF2(data, length, buffer.get(), &size)) return false;
|
||||||
|
*result = buffer.release();
|
||||||
|
*result_length = size;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
extern "C" void WOFF2_Free(uint8_t* data) noexcept {
|
||||||
|
std::unique_ptr<uint8_t[]> p{data};
|
||||||
|
}
|
17
contrib/woff2/woff2_wrapper.h
Normal file
17
contrib/woff2/woff2_wrapper.h
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
#ifndef CONTRIB_WOFF2_WOFF2_WRAPPER_H
|
||||||
|
#define CONTRIB_WOFF2_WOFF2_WRAPPER_H
|
||||||
|
|
||||||
|
#include <cinttypes>
|
||||||
|
#include <cstddef>
|
||||||
|
#include <cstdlib>
|
||||||
|
|
||||||
|
extern "C" {
|
||||||
|
bool WOFF2_ConvertWOFF2ToTTF(const uint8_t* data, size_t length,
|
||||||
|
uint8_t** result, size_t* result_length,
|
||||||
|
size_t max_size) noexcept;
|
||||||
|
bool WOFF2_ConvertTTFToWOFF2(const uint8_t* data, size_t length,
|
||||||
|
uint8_t** result, size_t* result_length) noexcept;
|
||||||
|
void WOFF2_Free(uint8_t* data) noexcept;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif // CONTRIB_WOFF2_WOFF2_WRAPPER_H
|
Loading…
Reference in New Issue
Block a user