Have media gallery (through native media file util) use MIME sniffer

net/base/mime_sniffer.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // Detecting mime types is a tricky business because we need to balance
 // compatibility concerns with security issues.  Here is a survey of how other
 // browsers behave and then a description of how we intend to behave.
 //
 // HTML payload, no Content-Type header:
 // * IE 7: Render as HTML
@@ skipping 96 matching lines @@
 
 // The number of content bytes we need to use all our magic numbers.  Feel free
 // to increase this number if you add a longer magic number.
 static const size_t kBytesRequiredForMagic = 42;
 
 struct MagicNumber {
   const char* mime_type;
   const char* magic;
   size_t magic_len;
   bool is_string;
+  const char* mask;  // if set, must have same length as |magic|
 };
 
 #define MAGIC_NUMBER(mime_type, magic) \
-  { (mime_type), (magic), sizeof(magic)-1, false },
+  { (mime_type), (magic), sizeof(magic)-1, false, NULL },
+
+template <int MagicSize, int MaskSize>
+class VerifySizes {
+  COMPILE_ASSERT(MagicSize == MaskSize, sizes_must_be_equal);
+ public:
+  enum { SIZES = MagicSize };
+};
+
+#define verified_sizeof(magic, mask) \
+VerifySizes<sizeof(magic), sizeof(mask)>::SIZES
+
+#define MAGIC_MASK(mime_type, magic, mask) \
+  { (mime_type), (magic), verified_sizeof(magic, mask)-1, false, (mask) },
 
 // Magic strings are case insensitive and must not include '\0' characters
 #define MAGIC_STRING(mime_type, magic) \
-  { (mime_type), (magic), sizeof(magic)-1, true },
+  { (mime_type), (magic), sizeof(magic)-1, true, NULL },
 
 static const MagicNumber kMagicNumbers[] = {
   // Source: HTML 5 specification
   MAGIC_NUMBER("application/pdf", "%PDF-")
   MAGIC_NUMBER("application/postscript", "%!PS-Adobe-")
   MAGIC_NUMBER("image/gif", "GIF87a")
   MAGIC_NUMBER("image/gif", "GIF89a")
   MAGIC_NUMBER("image/png", "\x89" "PNG\x0D\x0A\x1A\x0A")
   MAGIC_NUMBER("image/jpeg", "\xFF\xD8\xFF")
   MAGIC_NUMBER("image/bmp", "BM")
@@ skipping 34 matching lines @@
   //
   // Cons:
   //   * These patterns are fairly weak
   //   * If we mistakenly decide something is Flash, we will execute it
   //     in the origin of an unsuspecting site.  This could be a security
   //     vulnerability if the site allows users to upload content.
   //
   // On balance, we do not include these patterns.
 };
 
+static const MagicNumber kExtraMagicNumbers[] = {
+  MAGIC_NUMBER("image/x-xbitmap", "#define")
+  MAGIC_NUMBER("image/x-icon", "\x00\x00\x01\x00")
+  MAGIC_NUMBER("image/svg+xml", "<?xml_version=")
+  MAGIC_NUMBER("audio/wav", "RIFF....WAVEfmt ")
+  MAGIC_NUMBER("video/avi", "RIFF....AVI LIST")
+  MAGIC_NUMBER("audio/ogg", "OggS")
+  MAGIC_MASK("video/mpeg", "\x00\x00\x01\xB0", "\xFF\xFF\xFF\xF0")
+  MAGIC_MASK("audio/mpeg", "\xFF\xE0", "\xFF\xE0")
+  MAGIC_NUMBER("video/3gpp", "....ftyp3g")
+  MAGIC_NUMBER("video/3gpp", "....ftypavcl")
+  MAGIC_NUMBER("video/mp4", "....ftyp")
+  MAGIC_NUMBER("video/quicktime", "MOVI")
+  MAGIC_NUMBER("application/x-shockwave-flash", "CWS")
+  MAGIC_NUMBER("application/x-shockwave-flash", "FWS")
+  MAGIC_NUMBER("video/x-flv", "FLV")
+};
+
 // Our HTML sniffer differs slightly from Mozilla.  For example, Mozilla will
 // decide that a document that begins "<!DOCTYPE SOAP-ENV:Envelope PUBLIC " is
 // HTML, but we will not.
 
 #define MAGIC_HTML_TAG(tag) \
   MAGIC_STRING("text/html", "<" tag)
 
 static const MagicNumber kSniffableTags[] = {
   // XML processing directive.  Although this is not an HTML mime type, we sniff
   // for this in the HTML phase because text/xml is just as powerful as HTML and
@@ skipping 34 matching lines @@
   while (len) {
     if ((*magic_entry != '.') && (*magic_entry != *content))
       return false;
     ++magic_entry;
     ++content;
     --len;
   }
   return true;
 }
 
-static bool MatchMagicNumber(const char* content, size_t size,
+// Like MagicCmp() except that it ANDs each byte with a mask before
+// the comparison, because there are some bits we don't care about.
+static bool MagicMaskCmp(const char* magic_entry,
+                         const char* content,
+                         size_t len,
+                         const char* mask) {
+  while (len) {
+    if ((*magic_entry != '.') && (*magic_entry != (*mask & *content)))
+      return false;
+    ++magic_entry;
+    ++content;
+    ++mask;
+    --len;
+  }
+  return true;
+}
+
+static bool MatchMagicNumber(const char* content,
+                             size_t size,
                              const MagicNumber* magic_entry,
                              std::string* result) {
   const size_t len = magic_entry->magic_len;
 
   // Keep kBytesRequiredForMagic honest.
   DCHECK_LE(len, kBytesRequiredForMagic);
 
   // To compare with magic strings, we need to compute strlen(content), but
   // content might not actually have a null terminator.  In that case, we
   // pretend the length is content_size.
   const char* end =
       static_cast<const char*>(memchr(content, '\0', size));
   const size_t content_strlen =
       (end != NULL) ? static_cast<size_t>(end - content) : size;
 
   bool match = false;
   if (magic_entry->is_string) {
     if (content_strlen >= len) {
       // String comparisons are case-insensitive
       match = (base::strncasecmp(magic_entry->magic, content, len) == 0);
     }
   } else {
-    if (size >= len)
-      match = MagicCmp(magic_entry->magic, content, len);
+    if (size >= len) {
+      if (!magic_entry->mask) {
+        match = MagicCmp(magic_entry->magic, content, len);
+      } else {
+        match = MagicMaskCmp(magic_entry->magic, content, len,
+                             magic_entry->mask);
+      }
+    }
   }
 
   if (match) {
     result->assign(magic_entry->mime_type);
     return true;
   }
   return false;
 }
 
 static bool CheckForMagicNumbers(const char* content, size_t size,
@@ skipping 337 matching lines @@
     // The web server didn't specify a content type or specified a mime
     // type that we ignore.
     counter->Add(arraysize(kSniffableTypes));
     should_sniff_counter->Add(2);
     return true;
   }
   should_sniff_counter->Add(1);
   return false;
 }
 
-bool SniffMimeType(const char* content, size_t content_size,
-                   const GURL& url, const std::string& type_hint,
+bool SniffMimeType(const char* content,
+                   size_t content_size,
+                   const GURL& url,
+                   const std::string& type_hint,
                    std::string* result) {
   DCHECK_LT(content_size, 1000000U);  // sanity check
   DCHECK(content);
   DCHECK(result);
 
   // By default, we assume we have enough content.
   // Each sniff routine may unset this if it wasn't provided enough content.
   bool have_enough_content = true;
 
   // By default, we'll return the type hint.
@@ skipping 52 matching lines @@
 
   // Now we look in our large table of magic numbers to see if we can find
   // anything that matches the content.
   if (SniffForMagicNumbers(content, content_size,
                            &have_enough_content, result))
     return true;  // We've matched a magic number.  No more content needed.
 
   return have_enough_content;
 }
 
+bool SniffMimeTypeFromLocalData(const char* content,
+                                size_t size,
+                                std::string* result) {
+  // First check the extra table.
+  if (CheckForMagicNumbers(content, size, kExtraMagicNumbers,
+                           arraysize(kExtraMagicNumbers), NULL, result))
+    return true;
+  // Finally check the original table.
+  return CheckForMagicNumbers(content, size, kMagicNumbers,
+                              arraysize(kMagicNumbers), NULL, result);
+}
+
 }  // namespace net