fonts: harden TTF and OTF detection (#750)

* ttf: make detection stronger

Checking just the first 4 bytes is not enough, many false positives
occur. This commit makes detection inspect the first TrueType table name
against a pre-defined list.

* otf: make detection stronger

Previously, it was only bytes.HasPrefix(raw, "OTTO\x00"). This commit
makes it stronger by checking for the first sfnt table being "CFF ".

* golangci: fixes

Author: gabriel-vasile

internal/json/parser_test.go

@@ -738,7 +738,7 @@ func TestStack(t *testing.T) {
 	}
 
 	join := func(bs [][]byte) string {
-		ret := []string{}
+		ret := make([]string, 0, len(bs))
 		for _, b := range bs {
 			ret = append(ret, string(b))
 		}

internal/magic/font.go

@@ -2,6 +2,7 @@ package magic
 
 import (
 	"bytes"
+	"encoding/binary"
 )
 
 // Woff matches a Web Open Font Format file.
@@ -16,15 +17,51 @@ func Woff2(raw []byte, _ uint32) bool {
 
 // Otf matches an OpenType font file.
 func Otf(raw []byte, _ uint32) bool {
-	return bytes.HasPrefix(raw, []byte{0x4F, 0x54, 0x54, 0x4F, 0x00})
+	// After OTTO an little endian int16 specifies the number of tables.
+	// Since the number of tables cannot exceed 256, the first byte of the
+	// int16 is always 0. PUID: fmt/520
+	return len(raw) > 48 && bytes.HasPrefix(raw, []byte("OTTO\x00")) &&
+		bytes.Contains(raw[12:48], []byte("CFF "))
 }
 
 // Ttf matches a TrueType font file.
 func Ttf(raw []byte, limit uint32) bool {
 	if !bytes.HasPrefix(raw, []byte{0x00, 0x01, 0x00, 0x00}) {
 		return false
 	}
-	return !MsAccessAce(raw, limit) && !MsAccessMdb(raw, limit)
+	return hasSFNTTable(raw)
+}
+
+func hasSFNTTable(raw []byte) bool {
+	// 49 possible tables as explained below
+	if len(raw) < 16 || binary.BigEndian.Uint16(raw[4:]) >= 49 {
+		return false
+	}
+
+	// libmagic says there are 47 table names in specification, but it seems
+	// they reached 49 in the meantime.
+	// https://github.com/file/file/blob/5184ca2471c0e801c156ee120a90e669fe27b31d/magic/Magdir/fonts#L279
+	// At the same time, the TrueType docs seem misleading:
+	// 1. https://developer.apple.com/fonts/TrueType-Reference-Manual/index.html
+	// 2. https://developer.apple.com/fonts/TrueType-Reference-Manual/RM06/Chap6.html
+	// Page 1. has 48 tables. Page 2. has 49 tables. The diff is the gcid table.
+	// Take a permissive approach,
+	possibleTables := []string{
+		"acnt", "ankr", "avar", "bdat", "bhed", "bloc", "bsln", "cmap", "cvar",
+		"cvt ", "EBSC", "fdsc", "feat", "fmtx", "fond", "fpgm", "fvar", "gasp",
+		"gcid", "glyf", "gvar", "hdmx", "head", "hhea", "hmtx", "hvgl", "hvpm",
+		"just", "kern", "kerx", "lcar", "loca", "ltag", "maxp", "meta", "mort",
+		"morx", "name", "opbd", "OS/2", "post", "prep", "prop", "sbix", "trak",
+		"vhea", "vmtx", "xref", "Zapf", "DSIG",
+	}
+	// TODO: benchmark these strings comparisons. They are 4 bytes, so another
+	// option is to compare them as ints. Probably less readable that way.
+	for _, t := range possibleTables {
+		if string(raw[12:16]) == t {
+			return true
+		}
+	}
+	return false
 }
 
 // Eot matches an Embedded OpenType font file.

mime.go

@@ -118,7 +118,7 @@ func (m *MIME) match(in []byte, readLimit uint32) *MIME {
 
 // flatten transforms an hierarchy of MIMEs into a slice of MIMEs.
 func (m *MIME) flatten() []*MIME {
-	out := []*MIME{m}
+	out := []*MIME{m} //nolint:prealloc
 	for _, c := range m.children {
 		out = append(out, c.flatten()...)
 	}

mimetype_test.go

@@ -250,7 +250,7 @@ a,"b`,
 	{"ogg", "OggS\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x80\xbc\x81_\x00\x00\x00\x00\xd0\xfbP\x84\x01@fishead\x00\x03", "video/ogg", one},
 	{"ogg spx oga", "OggS\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\xc7w\xaa\x15\x00\x00\x00\x00V&\x88\x89\x01PSpeex   1", "audio/ogg", one},
 	{"one", "\xe4\x52\x5c\x7b\x8c\xd8\xa7\x4d\xae\xb1\x53\x78\xd0\x29\x96\xd3", "application/onenote", one},
-	{"otf", "OTTO\x00", "font/otf", one},
+	{"otf", "OTTO\x00\x0c\x00\x80\x00\x03\x00\x40\x43\x46\x46 " + offset(36, ""), "font/otf", one},
 	{"otg", "PK\x03\x04\x14\x00\x00\x08\x00\x00\xd1Y\xa8N\xdf%\xad\xe94\x00\x00\x004\x00\x00\x00\x08\x00\x00\x00mimetypeapplication/vnd.oasis.opendocument.graphics-template", "application/vnd.oasis.opendocument.graphics-template", one},
 	{"otp", "PK\x03\x04\x14\x00\x00\x08\x00\x00\xc4X\xa8N\xef\n\x14:8\x00\x00\x008\x00\x00\x00\x08\x00\x00\x00mimetypeapplication/vnd.oasis.opendocument.presentation-template", "application/vnd.oasis.opendocument.presentation-template", one},
 	{"ots", "PK\x03\x04\x14\x00\x00\x08\x00\x00\x1bV\xa8N{\x96\xa3N7\x00\x00\x007\x00\x00\x00\x08\x00\x00\x00mimetypeapplication/vnd.oasis.opendocument.spreadsheet-template", "application/vnd.oasis.opendocument.spreadsheet-template", one},
@@ -328,7 +328,7 @@ ENDHDR`,
 	{"tiff", "II*\x00", "image/tiff", one},
 	{"tsv", "a\t\"b\"\tc\n1\t2\t3", "text/tab-separated-values", all},
 	{"ttc", "ttcf\x00\x01\x00\x00", "font/collection", one},
-	{"ttf", "\x00\x01\x00\x00", "font/ttf", one},
+	{"ttf", "\x00\x01\x00\x00\x00\x0f\x00\x80\x00\x03\x00\x70\x4f\x53\x2f\x32", "font/ttf", one},
 	{"tzfile", fromDisk("tzfile"), "application/tzif", one},
 	{"utf16bebom txt", "\xfe\xff\x00\x74\x00\x68\x00\x69\x00\x73", "text/plain; charset=utf-16be", none},
 	{"utf16lebom txt", "\xff\xfe\x74\x00\x68\x00\x69\x00\x73\x00", "text/plain; charset=utf-16le", none},
@@ -651,7 +651,7 @@ func BenchmarkAllTogether(b *testing.B) {
 	if _, err := io.ReadFull(r, randData); err != io.ErrUnexpectedEOF && err != nil {
 		b.Fatal(err)
 	}
-	datas := [][]byte{}
+	datas := make([][]byte, 0, len(testcases))
 	for _, tc := range testcases {
 		datas = append(datas, []byte(tc.data))
 	}