| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Detecting mime types is a tricky business because we need to balance | 5 // Detecting mime types is a tricky business because we need to balance |
| 6 // compatibility concerns with security issues. Here is a survey of how other | 6 // compatibility concerns with security issues. Here is a survey of how other |
| 7 // browsers behave and then a description of how we intend to behave. | 7 // browsers behave and then a description of how we intend to behave. |
| 8 // | 8 // |
| 9 // HTML payload, no Content-Type header: | 9 // HTML payload, no Content-Type header: |
| 10 // * IE 7: Render as HTML | 10 // * IE 7: Render as HTML |
| (...skipping 594 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 605 if (!counter) { | 605 if (!counter) { |
| 606 counter = UMASnifferHistogramGet("mime_sniffer.kMagicXML2", | 606 counter = UMASnifferHistogramGet("mime_sniffer.kMagicXML2", |
| 607 arraysize(kMagicXML)); | 607 arraysize(kMagicXML)); |
| 608 } | 608 } |
| 609 const int kMaxTagIterations = 5; | 609 const int kMaxTagIterations = 5; |
| 610 for (int i = 0; i < kMaxTagIterations && pos < end; ++i) { | 610 for (int i = 0; i < kMaxTagIterations && pos < end; ++i) { |
| 611 pos = reinterpret_cast<const char*>(memchr(pos, '<', end - pos)); | 611 pos = reinterpret_cast<const char*>(memchr(pos, '<', end - pos)); |
| 612 if (!pos) | 612 if (!pos) |
| 613 return false; | 613 return false; |
| 614 | 614 |
| 615 if (base::strncasecmp(pos, "<?xml", sizeof("<?xml") - 1) == 0) { | 615 if ((pos + sizeof("<?xml") - 1 <= end) && |
| 616 (base::strncasecmp(pos, "<?xml", sizeof("<?xml") - 1) == 0)) { |
| 616 // Skip XML declarations. | 617 // Skip XML declarations. |
| 617 ++pos; | 618 ++pos; |
| 618 continue; | 619 continue; |
| 619 } else if (base::strncasecmp(pos, "<!DOCTYPE", | 620 } else if ((pos + sizeof("<!DOCTYPE") - 1 <= end) && |
| 620 sizeof("<!DOCTYPE") - 1) == 0) { | 621 (base::strncasecmp(pos, "<!DOCTYPE", sizeof("<!DOCTYPE") - 1) == |
| 622 0)) { |
| 621 // Skip DOCTYPE declarations. | 623 // Skip DOCTYPE declarations. |
| 622 ++pos; | 624 ++pos; |
| 623 continue; | 625 continue; |
| 624 } | 626 } |
| 625 | 627 |
| 626 if (CheckForMagicNumbers(pos, end - pos, | 628 if (CheckForMagicNumbers(pos, end - pos, |
| 627 kMagicXML, arraysize(kMagicXML), | 629 kMagicXML, arraysize(kMagicXML), |
| 628 counter, result)) | 630 counter, result)) |
| 629 return true; | 631 return true; |
| 630 | 632 |
| (...skipping 330 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 961 // First check the extra table. | 963 // First check the extra table. |
| 962 if (CheckForMagicNumbers(content, size, kExtraMagicNumbers, | 964 if (CheckForMagicNumbers(content, size, kExtraMagicNumbers, |
| 963 arraysize(kExtraMagicNumbers), NULL, result)) | 965 arraysize(kExtraMagicNumbers), NULL, result)) |
| 964 return true; | 966 return true; |
| 965 // Finally check the original table. | 967 // Finally check the original table. |
| 966 return CheckForMagicNumbers(content, size, kMagicNumbers, | 968 return CheckForMagicNumbers(content, size, kMagicNumbers, |
| 967 arraysize(kMagicNumbers), NULL, result); | 969 arraysize(kMagicNumbers), NULL, result); |
| 968 } | 970 } |
| 969 | 971 |
| 970 } // namespace net | 972 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 612413002:
Do not read past the end of the string in net::SniffXML(). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master