| Gil Dekel | bf30863 | 2019-05-28 22:24:17 | [diff] [blame] | 1 | // Copyright 2019 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "media/parsers/webp_parser.h" |
| 6 | |
| 7 | #include <limits.h> |
| 8 | #include <stddef.h> |
| 9 | #include <string.h> |
| 10 | |
| 11 | #include "base/bits.h" |
| 12 | #include "base/logging.h" |
| 13 | #include "base/numerics/safe_conversions.h" |
| 14 | #include "build/build_config.h" |
| 15 | #include "media/parsers/vp8_parser.h" |
| 16 | |
| 17 | #if !defined(ARCH_CPU_LITTLE_ENDIAN) |
| 18 | #error Big-Endian architecture not supported. |
| 19 | #endif |
| 20 | |
| 21 | namespace media { |
| 22 | |
| 23 | namespace { |
| 24 | |
| 25 | // The byte position storing the size of the file. |
| 26 | constexpr size_t kFileSizeBytePosition = 4u; |
| 27 | |
| 28 | // The byte position in which the WebP image data begins. |
| 29 | constexpr size_t kWebPFileBeginBytePosition = 8u; |
| 30 | |
| 31 | // The byte position storing the size of the VP8 frame. |
| 32 | constexpr size_t kVp8FrameSizePosition = 16u; |
| 33 | |
| 34 | // The 12 bytes that include the FourCC "WEBPVP8 " plus the VP8 chunk size info. |
| 35 | constexpr size_t kWebPFileHeaderByteSize = 12u; |
| 36 | |
| 37 | // A valid WebP image header and VP8 chunk header require 20 bytes. |
| 38 | // The VP8 Key Frame's payload also begins at byte 20. |
| 39 | constexpr size_t kWebPFileAndVp8ChunkHeaderSizeInBytes = 20u; |
| 40 | |
| 41 | // The max WebP file size is (2^32 - 10) per the WebP spec: |
| 42 | // https://developers.google.com/speed/webp/docs/riff_container#webp_file_header |
| 43 | constexpr uint32_t kMaxWebPFileSize = (1ull << 32) - 10u; |
| 44 | |
| 45 | constexpr size_t kSizeOfUint32t = sizeof(uint32_t); |
| 46 | |
| 47 | } // namespace |
| 48 | |
| 49 | bool IsLossyWebPImage(base::span<const uint8_t> encoded_data) { |
| 50 | if (encoded_data.size() < kWebPFileAndVp8ChunkHeaderSizeInBytes) |
| 51 | return false; |
| 52 | |
| 53 | DCHECK(encoded_data.data()); |
| 54 | |
| 55 | return !memcmp(encoded_data.data(), "RIFF", 4) && |
| 56 | !memcmp(encoded_data.data() + kWebPFileBeginBytePosition, "WEBPVP8 ", |
| 57 | 8); |
| 58 | } |
| 59 | |
| 60 | std::unique_ptr<Vp8FrameHeader> ParseWebPImage( |
| 61 | base::span<const uint8_t> encoded_data) { |
| 62 | if (!IsLossyWebPImage(encoded_data)) |
| 63 | return nullptr; |
| 64 | |
| 65 | static_assert(CHAR_BIT == 8, "Size of a char is not 8 bits."); |
| 66 | static_assert(kSizeOfUint32t == 4u, "Size of uint32_t is not 4 bytes."); |
| 67 | |
| 68 | // Try to acquire the WebP file size. IsLossyWebPImage() has ensured |
| 69 | // that we have enough data to read the file size. |
| 70 | DCHECK_GE(encoded_data.size(), kFileSizeBytePosition + kSizeOfUint32t); |
| 71 | |
| 72 | // No need to worry about endianness because we assert little-endianness. |
| 73 | const uint32_t file_size = *reinterpret_cast<const uint32_t*>( |
| 74 | encoded_data.data() + kFileSizeBytePosition); |
| 75 | |
| 76 | // Check that |file_size| is even, per the WebP spec: |
| 77 | // https://developers.google.com/speed/webp/docs/riff_container#webp_file_header |
| 78 | if (file_size % 2 != 0) |
| 79 | return nullptr; |
| 80 | |
| 81 | // Check that |file_size| <= 2^32 - 10, per the WebP spec: |
| 82 | // https://developers.google.com/speed/webp/docs/riff_container#webp_file_header |
| 83 | if (file_size > kMaxWebPFileSize) |
| 84 | return nullptr; |
| 85 | |
| 86 | // Check that the file size in the header matches the encoded data's size. |
| 87 | if (base::strict_cast<size_t>(file_size) != |
| 88 | encoded_data.size() - kWebPFileBeginBytePosition) { |
| 89 | return nullptr; |
| 90 | } |
| 91 | |
| 92 | // Try to acquire the VP8 key frame size and validate that it fits within the |
| 93 | // encoded data's size. |
| 94 | DCHECK_GE(encoded_data.size(), kVp8FrameSizePosition + kSizeOfUint32t); |
| 95 | |
| 96 | const uint32_t vp8_frame_size = *reinterpret_cast<const uint32_t*>( |
| 97 | encoded_data.data() + kVp8FrameSizePosition); |
| 98 | |
| 99 | // Check that the VP8 frame size is bounded by the WebP size. |
| 100 | if (base::strict_cast<size_t>(file_size) - kWebPFileHeaderByteSize < |
| 101 | base::strict_cast<size_t>(vp8_frame_size)) { |
| 102 | return nullptr; |
| 103 | } |
| 104 | |
| 105 | // Check that the size of the encoded data is consistent. |
| 106 | const size_t vp8_padded_frame_size = |
| 107 | base::bits::Align(base::strict_cast<size_t>(vp8_frame_size), 2u); |
| 108 | if (encoded_data.size() - kWebPFileAndVp8ChunkHeaderSizeInBytes != |
| 109 | vp8_padded_frame_size) { |
| 110 | return nullptr; |
| 111 | } |
| 112 | |
| 113 | // Check that the last byte is 0 if |vp8_frame_size| is odd per WebP specs: |
| 114 | // https://developers.google.com/speed/webp/docs/riff_container#riff_file_format |
| 115 | if (vp8_frame_size % 2 && |
| 116 | encoded_data.data()[encoded_data.size() - 1] != 0u) { |
| 117 | return nullptr; |
| 118 | } |
| 119 | |
| 120 | // Attempt to parse the VP8 frame. |
| 121 | Vp8Parser vp8_parser; |
| 122 | auto result = std::make_unique<Vp8FrameHeader>(); |
| 123 | if (vp8_parser.ParseFrame( |
| 124 | encoded_data.data() + kWebPFileAndVp8ChunkHeaderSizeInBytes, |
| 125 | base::strict_cast<size_t>(vp8_frame_size), result.get())) { |
| 126 | return result; |
| 127 | } |
| 128 | return nullptr; |
| 129 | } |
| 130 | |
| 131 | } // namespace media |
