From d851cd1d85b5056ef4dde4fc0aa8925af90fa62b Mon Sep 17 00:00:00 2001 From: James Zern Date: Sat, 16 Mar 2013 16:32:30 -0700 Subject: [PATCH] demux: make the parse a bit more strict * VP8L shouldn't have an alpha chunk * expect an animation to only contain frames, not a mix of image chunks * enforce ANIM/ANMF order * expect a full frame in a complete file Change-Id: I953a8b6058f9bc00f1d042635548f158abdf6fce --- src/demux/demux.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/demux/demux.c b/src/demux/demux.c index 56eb9194..5259e790 100644 --- a/src/demux/demux.c +++ b/src/demux/demux.c @@ -235,8 +235,10 @@ static ParseStatus StoreFrame(int frame_num, uint32_t min_size, goto Done; } break; - case MKFOURCC('V', 'P', '8', ' '): case MKFOURCC('V', 'P', '8', 'L'): + if (alpha_chunks > 0) return PARSE_ERROR; // VP8L has its own alpha + // fall through + case MKFOURCC('V', 'P', '8', ' '): if (image_chunks == 0) { // Extract the bitstream features, tolerating failures when the data // is incomplete. @@ -506,6 +508,9 @@ static ParseStatus ParseVP8X(WebPDemuxer* const dmux) { case MKFOURCC('A', 'L', 'P', 'H'): case MKFOURCC('V', 'P', '8', ' '): case MKFOURCC('V', 'P', '8', 'L'): { + // check that this isn't an animation (all frames should be in an ANMF). + if (anim_chunks > 0) return PARSE_ERROR; + Rewind(mem, CHUNK_HEADER_SIZE); status = ParseSingleImage(dmux); break; @@ -527,6 +532,7 @@ static ParseStatus ParseVP8X(WebPDemuxer* const dmux) { break; } case MKFOURCC('A', 'N', 'M', 'F'): { + if (anim_chunks == 0) return PARSE_ERROR; // 'ANIM' precedes frames. status = ParseFrame(dmux, chunk_size_padded); break; } @@ -623,6 +629,9 @@ static int IsValidExtendedFormat(const WebPDemuxer* const dmux) { if (f->width_ <= 0 || f->height_ <= 0) return 0; } else { + // There shouldn't be a partial frame in a complete file. + if (dmux->state_ == WEBP_DEMUX_DONE) return 0; + // Ensure alpha precedes image bitstream. if (alpha->size_ > 0 && image->size_ > 0 && alpha->offset_ > image->offset_) {