Have media gallery (through native media file util) use MIME sniffer

net/base/mime_sniffer.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // Detecting mime types is a tricky business because we need to balance
 // compatibility concerns with security issues.  Here is a survey of how other
 // browsers behave and then a description of how we intend to behave.
 //
 // HTML payload, no Content-Type header:
 // * IE 7: Render as HTML
@@ skipping 96 matching lines @@
 
 // The number of content bytes we need to use all our magic numbers.  Feel free
 // to increase this number if you add a longer magic number.
 static const size_t kBytesRequiredForMagic = 42;
 
 struct MagicNumber {
   const char* mime_type;
   const char* magic;
   size_t magic_len;
   bool is_string;
+  const char* mask;  // if set, must have same length as |magic|
 };
 
 #define MAGIC_NUMBER(mime_type, magic) \
-  { (mime_type), (magic), sizeof(magic)-1, false },
+  { (mime_type), (magic), sizeof(magic)-1, false, NULL },
+
+#define MAGIC_MASK(mime_type, magic, mask) \
+  { (mime_type), (magic), sizeof(magic)-1, false, (mask) },

[Ryan Sleevi, 2013/05/03 19:03:24]

Is there any sort of compiler trickery you can use here to ensure that
sizeof(magic)-1 == sizeof(mask)--1. Seems a very subtle element that required
careful counting of the bytes, and should be possible to do at the compiler
level since these are fixed strings.

[Kevin Bailey, 2013/05/09 17:16:18]

I verified that it catches mismatches. Let me know what you think.

 
 // Magic strings are case insensitive and must not include '\0' characters
 #define MAGIC_STRING(mime_type, magic) \
-  { (mime_type), (magic), sizeof(magic)-1, true },
+  { (mime_type), (magic), sizeof(magic)-1, true, NULL },
 
 static const MagicNumber kMagicNumbers[] = {
   // Source: HTML 5 specification
   MAGIC_NUMBER("application/pdf", "%PDF-")
   MAGIC_NUMBER("application/postscript", "%!PS-Adobe-")
   MAGIC_NUMBER("image/gif", "GIF87a")
   MAGIC_NUMBER("image/gif", "GIF89a")
   MAGIC_NUMBER("image/png", "\x89" "PNG\x0D\x0A\x1A\x0A")
   MAGIC_NUMBER("image/jpeg", "\xFF\xD8\xFF")
   MAGIC_NUMBER("image/bmp", "BM")
@@ skipping 34 matching lines @@
   //
   // Cons:
   //   * These patterns are fairly weak
   //   * If we mistakenly decide something is Flash, we will execute it
   //     in the origin of an unsuspecting site.  This could be a security
   //     vulnerability if the site allows users to upload content.
   //
   // On balance, we do not include these patterns.
 };
 
+static const MagicNumber kExtraMagicNumbers[] = {
+  MAGIC_NUMBER("image/x-xbitmap", "#define")
+  MAGIC_NUMBER("image/x-icon", "\x00\x00\x01\x00")
+  MAGIC_NUMBER("image/svg+xml", "<?xml_version=")
+  MAGIC_NUMBER("audio/wav", "RIFF....WAVEfmt ")
+  MAGIC_NUMBER("video/avi", "RIFF....AVI LIST")
+  MAGIC_NUMBER("audio/ogg", "OggS")
+  MAGIC_MASK("video/mpeg", "\x00\x00\x01\xB0", "\xFF\xFF\xFF\xF0")
+  MAGIC_MASK("audio/mpeg", "\xFF\xE0", "\xFF\xE0")
+  MAGIC_NUMBER("video/3gpp", "....ftyp3g")
+  MAGIC_NUMBER("video/3gpp", "....ftypavcl")
+  MAGIC_NUMBER("video/mp4", "....ftyp")
+  MAGIC_NUMBER("video/quicktime", "MOVI")
+  MAGIC_NUMBER("application/x-shockwave-flash", "CWS")
+  MAGIC_NUMBER("application/x-shockwave-flash", "FWS")
+  MAGIC_NUMBER("video/x-flv", "FLV")
+};
+
 // Our HTML sniffer differs slightly from Mozilla.  For example, Mozilla will
 // decide that a document that begins "<!DOCTYPE SOAP-ENV:Envelope PUBLIC " is
 // HTML, but we will not.
 
 #define MAGIC_HTML_TAG(tag) \
   MAGIC_STRING("text/html", "<" tag)
 
 static const MagicNumber kSniffableTags[] = {
   // XML processing directive.  Although this is not an HTML mime type, we sniff
   // for this in the HTML phase because text/xml is just as powerful as HTML and
@@ skipping 34 matching lines @@
   while (len) {
     if ((*magic_entry != '.') && (*magic_entry != *content))
       return false;
     ++magic_entry;
     ++content;
     --len;
   }
   return true;
 }
 
+// Like MagicCmp() except that it ANDs each byte with a mask before
+// the comparison, because there are some bits we don't care about.
+static bool MagicMaskCmp(const char* magic_entry, const char* content,
+                         size_t len, const char* mask) {

[Ryan Sleevi, 2013/05/03 19:03:24]

style nit (oh Chromium-dev centi-thread...)

static bool MagicMaskCmp(const char* magic_entry,
                         const char* content,
                         size_t len,
                         const char* mask) {

}

Context: Line 270 is(was) relying on the exception to the "one arg per line,
except when it's something like a buffer+size", but that was replaced with the
generic "all or nothing" in http://dev.chromium.org/developers/coding-style

[Kevin Bailey, 2013/05/09 17:16:18]

Done.

+  while (len) {
+    if ((*magic_entry != '.') && (*magic_entry != (*mask & *content)))
+      return false;
+    ++magic_entry;
+    ++content;
+    ++mask;
+    --len;
+  }
+  return true;
+}
+
 static bool MatchMagicNumber(const char* content, size_t size,
                              const MagicNumber* magic_entry,
                              std::string* result) {
   const size_t len = magic_entry->magic_len;
 
   // Keep kBytesRequiredForMagic honest.
   DCHECK_LE(len, kBytesRequiredForMagic);
 
   // To compare with magic strings, we need to compute strlen(content), but
   // content might not actually have a null terminator.  In that case, we
   // pretend the length is content_size.
   const char* end =
       static_cast<const char*>(memchr(content, '\0', size));
   const size_t content_strlen =
       (end != NULL) ? static_cast<size_t>(end - content) : size;
 
   bool match = false;
   if (magic_entry->is_string) {
     if (content_strlen >= len) {
       // String comparisons are case-insensitive
       match = (base::strncasecmp(magic_entry->magic, content, len) == 0);
     }
   } else {
-    if (size >= len)
-      match = MagicCmp(magic_entry->magic, content, len);
+    if (size >= len) {
+      if (!magic_entry->mask) {
+        match = MagicCmp(magic_entry->magic, content, len);
+      } else {
+        match = MagicMaskCmp(magic_entry->magic, content, len,
+            magic_entry->mask);

[Ryan Sleevi, 2013/05/03 19:03:24]

style nit:
match = MagicMaskCmp(magic_entry->magic, content, len,
                     magic_entry->mask);

As per
http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Functi...
, wrap arguments at the parens

[Kevin Bailey, 2013/05/09 17:16:18]

Done.

+      }
+    }
   }
 
   if (match) {
     result->assign(magic_entry->mime_type);
     return true;
   }
   return false;
 }
 
 static bool CheckForMagicNumbers(const char* content, size_t size,
@@ skipping 411 matching lines @@
 
   // Now we look in our large table of magic numbers to see if we can find
   // anything that matches the content.
   if (SniffForMagicNumbers(content, content_size,
                            &have_enough_content, result))
     return true;  // We've matched a magic number.  No more content needed.
 
   return have_enough_content;
 }
 
+bool IdentifyExtraMimeType(const char* content, size_t size,
+                           std::string* result) {

[Ryan Sleevi, 2013/05/03 19:03:24]

style nit: one arg per line (and I'll throw in a cookie if you can fix 658-660
and 270 while you're here, since they're the only ones violating it in this
file)

[Kevin Bailey, 2013/05/09 17:16:18]

Done, assuming that's what you meant.

+  // First check the extra table.
+  if (CheckForMagicNumbers(content, size, kExtraMagicNumbers,
+                           sizeof(kExtraMagicNumbers) / sizeof(MagicNumber),
+                           NULL, result))
+    return true;
+  // Finally check the original table.
+  return CheckForMagicNumbers(content, size, kMagicNumbers,
+                              sizeof(kMagicNumbers) / sizeof(MagicNumber),

[Ryan Sleevi, 2013/05/03 19:03:24]

Both of these calls should be using arraysize() from base/basictypes.h

[Kevin Bailey, 2013/05/09 17:16:18]

Done.

+                              NULL, result);
+}
+
 }  // namespace net