Have media gallery (through native media file util) use MIME sniffer

net/base/mime_sniffer.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // Detecting mime types is a tricky business because we need to balance
 // compatibility concerns with security issues.  Here is a survey of how other
 // browsers behave and then a description of how we intend to behave.
 //
 // HTML payload, no Content-Type header:
 // * IE 7: Render as HTML
@@ skipping 98 matching lines @@
 // to increase this number if you add a longer magic number.
 static const size_t kBytesRequiredForMagic = 42;
 
 struct MagicNumber {
   const char* mime_type;
   const char* magic;
   size_t magic_len;
   bool is_string;
 };
 
+struct MagicMaskNumber {

[vandebo (ex-Chrome), 2013/04/29 19:43:50]

I think it's ok to modify MagicNumber.  It's an improvement to the
infrastructure with very little cost.

[Kevin Bailey, 2013/04/30 20:57:56]

Done.

+  const char* mime_type;
+  const char* magic;
+  size_t magic_len;
+  bool is_string;
+  const char* mask;  // must have same length as |magic|
+};
+
 #define MAGIC_NUMBER(mime_type, magic) \
   { (mime_type), (magic), sizeof(magic)-1, false },
 
+#define MAGIC_MASK(mime_type, magic, mask) \
+  { (mime_type), (magic), sizeof(magic)-1, false, (mask) },
+
 // Magic strings are case insensitive and must not include '\0' characters
 #define MAGIC_STRING(mime_type, magic) \
   { (mime_type), (magic), sizeof(magic)-1, true },
 
 static const MagicNumber kMagicNumbers[] = {
   // Source: HTML 5 specification
   MAGIC_NUMBER("application/pdf", "%PDF-")
   MAGIC_NUMBER("application/postscript", "%!PS-Adobe-")
   MAGIC_NUMBER("image/gif", "GIF87a")
   MAGIC_NUMBER("image/gif", "GIF89a")
@@ skipping 37 matching lines @@
   //
   // Cons:
   //   * These patterns are fairly weak
   //   * If we mistakenly decide something is Flash, we will execute it
   //     in the origin of an unsuspecting site.  This could be a security
   //     vulnerability if the site allows users to upload content.
   //
   // On balance, we do not include these patterns.
 };
 
+static const MagicMaskNumber kMagicMaskNumbers[] = {

[vandebo (ex-Chrome), 2013/04/29 19:43:50]

These aren't all mask'd magic numbers... maybe kExtraMagicNumbers[] ?

[Kevin Bailey, 2013/04/30 20:57:56]

Done.

+  MAGIC_NUMBER("image/x-xbitmap", "#define")
+  MAGIC_NUMBER("image/x-icon", "\x00\x00\x01\x00")
+  MAGIC_NUMBER("image/svg+xml", "<?xml_version=")
+  MAGIC_NUMBER("audio/wav", "RIFF....WAVEfmt ")
+  MAGIC_NUMBER("video/avi", "RIFF....AVI LIST")
+  MAGIC_NUMBER("video/x-ms-wmv", "RIFF....AVI LIST")
+  MAGIC_NUMBER("audio/ogg", "OggS")
+  MAGIC_MASK("video/mpeg", "\x00\x00\x01\xB0", "\xFF\xFF\xFF\xF0")
+  MAGIC_MASK("audio/mpeg", "\xFF\xE0", "\xFF\xE0")
+  MAGIC_NUMBER("video/3gpp", "....ftyp3g")
+  MAGIC_NUMBER("video/3gpp", "....ftypavcl")
+  MAGIC_NUMBER("video/mp4", "....ftyp")
+  MAGIC_NUMBER("video/quicktime", "MOVI")
+  MAGIC_NUMBER("application/x-shockwave-flash", "CWS")
+  MAGIC_NUMBER("application/x-shockwave-flash", "FWS")
+  MAGIC_NUMBER("video/x-flv", "FLV")
+};
+
 // Our HTML sniffer differs slightly from Mozilla.  For example, Mozilla will
 // decide that a document that begins "<!DOCTYPE SOAP-ENV:Envelope PUBLIC " is
 // HTML, but we will not.
 
 #define MAGIC_HTML_TAG(tag) \
   MAGIC_STRING("text/html", "<" tag)
 
 static const MagicNumber kSniffableTags[] = {
   // XML processing directive.  Although this is not an HTML mime type, we sniff
   // for this in the HTML phase because text/xml is just as powerful as HTML and
@@ skipping 68 matching lines @@
       match = MagicCmp(magic_entry->magic, content, len);
   }
 
   if (match) {
     result->assign(magic_entry->mime_type);
     return true;
   }
   return false;
 }
 
+// Like MagicCmp() except that it ANDs each byte with a mask before
+// the comparison, because there are some bits we don't care about.
+static bool MagicMaskCmp(const char* magic_entry, const char* mask,
+                         const char* content, size_t len) {
+  while (len) {
+    if ((*magic_entry != '.') && (*magic_entry != (*mask & *content)))
+      return false;
+    ++magic_entry;
+    ++content;
+    ++mask;
+    --len;
+  }
+  return true;
+}
+
+static bool MatchMagicMaskNumber(const char* content, size_t size,
+                                 const MagicMaskNumber* magic_entry,
+                                 std::string* result) {
+  const size_t len = magic_entry->magic_len;
+
+  // Keep kBytesRequiredForMagic honest.
+  DCHECK_LE(len, kBytesRequiredForMagic);
+
+  // To compare with magic strings, we need to compute strlen(content), but
+  // content might not actually have a null terminator.  In that case, we
+  // pretend the length is content_size.
+  const char* end =
+      static_cast<const char*>(memchr(content, '\0', size));
+  const size_t content_strlen =
+      (end != NULL) ? static_cast<size_t>(end - content) : size;
+
+  bool match = false;
+  if (magic_entry->is_string) {
+    if (content_strlen >= len) {
+      // String comparisons are case-insensitive
+      match = (base::strncasecmp(magic_entry->magic, content, len) == 0);
+    }
+  } else {
+    if (size >= len) {
+      if (magic_entry->mask) {
+        match = MagicMaskCmp(magic_entry->magic, magic_entry->mask, content,
+                             len);
+      } else {
+        match = MagicCmp(magic_entry->magic, content, len);
+      }
+    }
+  }
+
+  if (match) {
+    result->assign(magic_entry->mime_type);
+    return true;
+  }
+  return false;
+}
+
 static bool CheckForMagicNumbers(const char* content, size_t size,
                                  const MagicNumber* magic, size_t magic_len,
                                  base::HistogramBase* counter,
                                  std::string* result) {
   for (size_t i = 0; i < magic_len; ++i) {
     if (MatchMagicNumber(content, size, &(magic[i]), result)) {
       if (counter) counter->Add(static_cast<int>(i));
       return true;
     }
   }
   return false;
 }
 
+static bool CheckForMagicMaskNumbers(const char* content, size_t size,
+                                     const MagicMaskNumber* magic,
+                                     size_t magic_len,
+                                     std::string* result) {
+  for (size_t i = 0; i < magic_len; ++i) {
+    if (MatchMagicMaskNumber(content, size, &(magic[i]), result))
+      return true;
+  }
+  return false;
+}
+
+bool IdentifyExtraMimeType(const char* content, size_t size,
+                           std::string* result) {
+  // First check the extra table.
+  if (CheckForMagicMaskNumbers(content, size, kMagicMaskNumbers,
+                               sizeof(kMagicMaskNumbers) /
+                               sizeof(MagicMaskNumber), result))
+    return true;
+  // Finally check the original table.
+  return CheckForMagicNumbers(content, size, kMagicNumbers,
+                              sizeof(kMagicNumbers) / sizeof(MagicNumber),
+                              NULL, result);
+}
+
 // Truncates |size| to |max_size| and returns true if |size| is at least
 // |max_size|.
 static bool TruncateSize(const size_t max_size, size_t* size) {
   // Keep kMaxBytesToSniff honest.
   DCHECK_LE(static_cast<int>(max_size), kMaxBytesToSniff);
 
   if (*size >= max_size) {
     *size = max_size;
     return true;
   }
@@ skipping 390 matching lines @@
   // Now we look in our large table of magic numbers to see if we can find
   // anything that matches the content.
   if (SniffForMagicNumbers(content, content_size,
                            &have_enough_content, result))
     return true;  // We've matched a magic number.  No more content needed.
 
   return have_enough_content;
 }
 
 }  // namespace net