Index: media/filters/jpeg_parser.cc |
diff --git a/media/filters/jpeg_parser.cc b/media/filters/jpeg_parser.cc |
index bb07bd710aa54f8d6444e4c9af31fd7dad320f59..5a93ec6923760196f3d14a605afdc4e460d18a74 100644 |
--- a/media/filters/jpeg_parser.cc |
+++ b/media/filters/jpeg_parser.cc |
@@ -269,6 +269,65 @@ static bool ParseSOS(const char* buffer, |
return true; |
} |
+static bool ParseEOI(const char* buffer, |
kcwu
2015/08/14 09:01:37
s/ParseEOI/SearchEOI/ ?
henryhsu
2015/08/14 11:22:26
Done.
|
+ size_t length, |
+ const char** eoi_ptr) { |
+ DCHECK(buffer); |
+ DCHECK(eoi_ptr); |
+ BigEndianReader reader(buffer, length); |
+ uint8_t marker1; |
+ uint8_t marker2; |
+ |
+ while (reader.remaining() > 0) { |
+ READ_U8_OR_RETURN_FALSE(&marker1); |
+ if (marker1 != JPEG_MARKER_PREFIX) |
+ continue; |
+ |
+ do { |
+ READ_U8_OR_RETURN_FALSE(&marker2); |
+ } while (marker2 == JPEG_MARKER_PREFIX); // skip fill bytes |
+ |
+ switch (marker2) { |
+ // Compressed data escape. |
+ case 0x00: |
kcwu
2015/08/14 09:01:37
add break;
henryhsu
2015/08/14 11:22:26
Done.
|
+ // Restart |
+ case JPEG_RST0: |
+ case JPEG_RST1: |
+ case JPEG_RST2: |
+ case JPEG_RST3: |
+ case JPEG_RST4: |
+ case JPEG_RST5: |
+ case JPEG_RST6: |
+ case JPEG_RST7: |
+ break; |
+ case JPEG_EOI: |
+ *eoi_ptr = reader.ptr(); |
+ return true; |
+ default: |
+ // Skip for other markers. |
+ uint16_t size; |
+ READ_U16_OR_RETURN_FALSE(&size); |
+ if (size < sizeof(size)) { |
+ DLOG(ERROR) << "Ill-formed JPEG. Segment size (" << size |
+ << ") is smaller than size field (" << sizeof(size) |
+ << ")"; |
+ return false; |
+ } |
+ size -= sizeof(size); |
+ |
+ if (reader.remaining() < size) { |
kcwu
2015/08/14 09:01:37
if (!reader.Skip(size)) {
...
}
henryhsu
2015/08/14 11:22:26
Done.
|
+ DLOG(ERROR) << "Ill-formed JPEG. Remaining size (" |
+ << reader.remaining() |
+ << ") is smaller than header specified (" << size << ")"; |
+ return false; |
+ } |
+ reader.Skip(size); |
+ break; |
+ } |
+ } |
+ return false; |
+} |
+ |
// |result| is already initialized to 0 in ParseJpegPicture. |
static bool ParseSOI(const char* buffer, |
size_t length, |
@@ -371,7 +430,13 @@ static bool ParseSOI(const char* buffer, |
// Scan data follows scan header immediately. |
result->data = reader.ptr(); |
- result->data_size = reader.remaining(); |
+ const char* eoi_ptr = nullptr; |
+ if (!ParseEOI(reader.ptr(), reader.remaining(), &eoi_ptr)) { |
+ DLOG(ERROR) << "ParseEOI failed"; |
+ return false; |
+ } |
+ result->data_size = eoi_ptr - result->data; |
+ result->image_size = eoi_ptr - buffer + 2; |
kcwu
2015/08/14 09:01:37
const int kEoiSize = 2; ?
henryhsu
2015/08/14 11:22:26
no. This 2 is SOI size which is read in beginning.
|
return true; |
} |