search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix crash of content_shell aura due to ime.
[chromium-blink-merge.git] / third_party / libwebp / demux / demux.c
blob9966399f90dbce08dbaa93b2d08e2a70d0e1cc11
1 // Copyright 2012 Google Inc. All Rights Reserved.
2 //
3 // Use of this source code is governed by a BSD-style license
4 // that can be found in the COPYING file in the root of the source
5 // tree. An additional intellectual property rights grant can be found
6 // in the file PATENTS. All contributing project authors may
7 // be found in the AUTHORS file in the root of the source tree.
8 // -----------------------------------------------------------------------------
9 //
10 // WebP container demux.
11 //
12
13 #ifdef HAVE_CONFIG_H
14 #include "config.h"
15 #endif
16
17 #include <assert.h>
18 #include <stdlib.h>
19 #include <string.h>
20
21 #include "../utils/utils.h"
22 #include "../webp/decode.h" // WebPGetFeatures
23 #include "../webp/demux.h"
24 #include "../webp/format_constants.h"
25
26 #if defined(__cplusplus) || defined(c_plusplus)
27 extern "C" {
28 #endif
29
30 #define DMUX_MAJ_VERSION 0
31 #define DMUX_MIN_VERSION 1
32 #define DMUX_REV_VERSION 1
33
34 typedef struct {
35 size_t start_; // start location of the data
36 size_t end_; // end location
37 size_t riff_end_; // riff chunk end location, can be > end_.
38 size_t buf_size_; // size of the buffer
39 const uint8_t* buf_;
40 } MemBuffer;
41
42 typedef struct {
43 size_t offset_;
44 size_t size_;
45 } ChunkData;
46
47 typedef struct Frame {
48 int x_offset_, y_offset_;
49 int width_, height_;
50 int has_alpha_;
51 int duration_;
52 WebPMuxAnimDispose dispose_method_;
53 WebPMuxAnimBlend blend_method_;
54 int is_fragment_; // this is a frame fragment (and not a full frame).
55 int frame_num_; // the referent frame number for use in assembling fragments.
56 int complete_; // img_components_ contains a full image.
57 ChunkData img_components_[2]; // 0=VP8{,L} 1=ALPH
58 struct Frame* next_;
59 } Frame;
60
61 typedef struct Chunk {
62 ChunkData data_;
63 struct Chunk* next_;
64 } Chunk;
65
66 struct WebPDemuxer {
67 MemBuffer mem_;
68 WebPDemuxState state_;
69 int is_ext_format_;
70 uint32_t feature_flags_;
71 int canvas_width_, canvas_height_;
72 int loop_count_;
73 uint32_t bgcolor_;
74 int num_frames_;
75 Frame* frames_;
76 Frame** frames_tail_;
77 Chunk* chunks_; // non-image chunks
78 };
79
80 typedef enum {
81 PARSE_OK,
82 PARSE_NEED_MORE_DATA,
83 PARSE_ERROR
84 } ParseStatus;
85
86 typedef struct ChunkParser {
87 uint8_t id[4];
88 ParseStatus (*parse)(WebPDemuxer* const dmux);
89 int (*valid)(const WebPDemuxer* const dmux);
90 } ChunkParser;
91
92 static ParseStatus ParseSingleImage(WebPDemuxer* const dmux);
93 static ParseStatus ParseVP8X(WebPDemuxer* const dmux);
94 static int IsValidSimpleFormat(const WebPDemuxer* const dmux);
95 static int IsValidExtendedFormat(const WebPDemuxer* const dmux);
96
97 static const ChunkParser kMasterChunks[] = {
98 { { 'V', 'P', '8', ' ' }, ParseSingleImage, IsValidSimpleFormat },
99 { { 'V', 'P', '8', 'L' }, ParseSingleImage, IsValidSimpleFormat },
100 { { 'V', 'P', '8', 'X' }, ParseVP8X, IsValidExtendedFormat },
101 { { '0', '0', '0', '0' }, NULL, NULL },
102 };
103
104 //------------------------------------------------------------------------------
105
106 int WebPGetDemuxVersion(void) {
107 return (DMUX_MAJ_VERSION << 16) | (DMUX_MIN_VERSION << 8) | DMUX_REV_VERSION;
108 }
109
110 // -----------------------------------------------------------------------------
111 // MemBuffer
112
113 static int RemapMemBuffer(MemBuffer* const mem,
114 const uint8_t* data, size_t size) {
115 if (size < mem->buf_size_) return 0; // can't remap to a shorter buffer!
116
117 mem->buf_ = data;
118 mem->end_ = mem->buf_size_ = size;
119 return 1;
120 }
121
122 static int InitMemBuffer(MemBuffer* const mem,
123 const uint8_t* data, size_t size) {
124 memset(mem, 0, sizeof(*mem));
125 return RemapMemBuffer(mem, data, size);
126 }
127
128 // Return the remaining data size available in 'mem'.
129 static WEBP_INLINE size_t MemDataSize(const MemBuffer* const mem) {
130 return (mem->end_ - mem->start_);
131 }
132
133 // Return true if 'size' exceeds the end of the RIFF chunk.
134 static WEBP_INLINE int SizeIsInvalid(const MemBuffer* const mem, size_t size) {
135 return (size > mem->riff_end_ - mem->start_);
136 }
137
138 static WEBP_INLINE void Skip(MemBuffer* const mem, size_t size) {
139 mem->start_ += size;
140 }
141
142 static WEBP_INLINE void Rewind(MemBuffer* const mem, size_t size) {
143 mem->start_ -= size;
144 }
145
146 static WEBP_INLINE const uint8_t* GetBuffer(MemBuffer* const mem) {
147 return mem->buf_ + mem->start_;
148 }
149
150 // Read from 'mem' and skip the read bytes.
151 static WEBP_INLINE uint8_t ReadByte(MemBuffer* const mem) {
152 const uint8_t byte = mem->buf_[mem->start_];
153 Skip(mem, 1);
154 return byte;
155 }
156
157 static WEBP_INLINE int ReadLE16s(MemBuffer* const mem) {
158 const uint8_t* const data = mem->buf_ + mem->start_;
159 const int val = GetLE16(data);
160 Skip(mem, 2);
161 return val;
162 }
163
164 static WEBP_INLINE int ReadLE24s(MemBuffer* const mem) {
165 const uint8_t* const data = mem->buf_ + mem->start_;
166 const int val = GetLE24(data);
167 Skip(mem, 3);
168 return val;
169 }
170
171 static WEBP_INLINE uint32_t ReadLE32(MemBuffer* const mem) {
172 const uint8_t* const data = mem->buf_ + mem->start_;
173 const uint32_t val = GetLE32(data);
174 Skip(mem, 4);
175 return val;
176 }
177
178 // -----------------------------------------------------------------------------
179 // Secondary chunk parsing
180
181 static void AddChunk(WebPDemuxer* const dmux, Chunk* const chunk) {
182 Chunk** c = &dmux->chunks_;
183 while (*c != NULL) c = &(*c)->next_;
184 *c = chunk;
185 chunk->next_ = NULL;
186 }
187
188 // Add a frame to the end of the list, ensuring the last frame is complete.
189 // Returns true on success, false otherwise.
190 static int AddFrame(WebPDemuxer* const dmux, Frame* const frame) {
191 const Frame* const last_frame = *dmux->frames_tail_;
192 if (last_frame != NULL && !last_frame->complete_) return 0;
193
194 *dmux->frames_tail_ = frame;
195 frame->next_ = NULL;
196 dmux->frames_tail_ = &frame->next_;
197 return 1;
198 }
199
200 // Store image bearing chunks to 'frame'.
201 static ParseStatus StoreFrame(int frame_num, uint32_t min_size,
202 MemBuffer* const mem, Frame* const frame) {
203 int alpha_chunks = 0;
204 int image_chunks = 0;
205 int done = (MemDataSize(mem) < min_size);
206 ParseStatus status = PARSE_OK;
207
208 if (done) return PARSE_NEED_MORE_DATA;
209
210 do {
211 const size_t chunk_start_offset = mem->start_;
212 const uint32_t fourcc = ReadLE32(mem);
213 const uint32_t payload_size = ReadLE32(mem);
214 const uint32_t payload_size_padded = payload_size + (payload_size & 1);
215 const size_t payload_available = (payload_size_padded > MemDataSize(mem))
216 ? MemDataSize(mem) : payload_size_padded;
217 const size_t chunk_size = CHUNK_HEADER_SIZE + payload_available;
218
219 if (payload_size > MAX_CHUNK_PAYLOAD) return PARSE_ERROR;
220 if (SizeIsInvalid(mem, payload_size_padded)) return PARSE_ERROR;
221 if (payload_size_padded > MemDataSize(mem)) status = PARSE_NEED_MORE_DATA;
222
223 switch (fourcc) {
224 case MKFOURCC('A', 'L', 'P', 'H'):
225 if (alpha_chunks == 0) {
226 ++alpha_chunks;
227 frame->img_components_[1].offset_ = chunk_start_offset;
228 frame->img_components_[1].size_ = chunk_size;
229 frame->has_alpha_ = 1;
230 frame->frame_num_ = frame_num;
231 Skip(mem, payload_available);
232 } else {
233 goto Done;
234 }
235 break;
236 case MKFOURCC('V', 'P', '8', 'L'):
237 if (alpha_chunks > 0) return PARSE_ERROR; // VP8L has its own alpha
238 // fall through
239 case MKFOURCC('V', 'P', '8', ' '):
240 if (image_chunks == 0) {
241 // Extract the bitstream features, tolerating failures when the data
242 // is incomplete.
243 WebPBitstreamFeatures features;
244 const VP8StatusCode vp8_status =
245 WebPGetFeatures(mem->buf_ + chunk_start_offset, chunk_size,
246 &features);
247 if (status == PARSE_NEED_MORE_DATA &&
248 vp8_status == VP8_STATUS_NOT_ENOUGH_DATA) {
249 return PARSE_NEED_MORE_DATA;
250 } else if (vp8_status != VP8_STATUS_OK) {
251 // We have enough data, and yet WebPGetFeatures() failed.
252 return PARSE_ERROR;
253 }
254 ++image_chunks;
255 frame->img_components_[0].offset_ = chunk_start_offset;
256 frame->img_components_[0].size_ = chunk_size;
257 frame->width_ = features.width;
258 frame->height_ = features.height;
259 frame->has_alpha_ |= features.has_alpha;
260 frame->frame_num_ = frame_num;
261 frame->complete_ = (status == PARSE_OK);
262 Skip(mem, payload_available);
263 } else {
264 goto Done;
265 }
266 break;
267 Done:
268 default:
269 // Restore fourcc/size when moving up one level in parsing.
270 Rewind(mem, CHUNK_HEADER_SIZE);
271 done = 1;
272 break;
273 }
274
275 if (mem->start_ == mem->riff_end_) {
276 done = 1;
277 } else if (MemDataSize(mem) < CHUNK_HEADER_SIZE) {
278 status = PARSE_NEED_MORE_DATA;
279 }
280 } while (!done && status == PARSE_OK);
281
282 return status;
283 }
284
285 // Creates a new Frame if 'actual_size' is within bounds and 'mem' contains
286 // enough data ('min_size') to parse the payload.
287 // Returns PARSE_OK on success with *frame pointing to the new Frame.
288 // Returns PARSE_NEED_MORE_DATA with insufficient data, PARSE_ERROR otherwise.
289 static ParseStatus NewFrame(const MemBuffer* const mem,
290 uint32_t min_size, uint32_t actual_size,
291 Frame** frame) {
292 if (SizeIsInvalid(mem, min_size)) return PARSE_ERROR;
293 if (actual_size < min_size) return PARSE_ERROR;
294 if (MemDataSize(mem) < min_size) return PARSE_NEED_MORE_DATA;
295
296 *frame = (Frame*)calloc(1, sizeof(**frame));
297 return (*frame == NULL) ? PARSE_ERROR : PARSE_OK;
298 }
299
300 // Parse a 'ANMF' chunk and any image bearing chunks that immediately follow.
301 // 'frame_chunk_size' is the previously validated, padded chunk size.
302 static ParseStatus ParseAnimationFrame(
303 WebPDemuxer* const dmux, uint32_t frame_chunk_size) {
304 const int has_frames = !!(dmux->feature_flags_ & ANIMATION_FLAG);
305 const uint32_t anmf_payload_size = frame_chunk_size - ANMF_CHUNK_SIZE;
306 int added_frame = 0;
307 int bits;
308 MemBuffer* const mem = &dmux->mem_;
309 Frame* frame;
310 ParseStatus status =
311 NewFrame(mem, ANMF_CHUNK_SIZE, frame_chunk_size, &frame);
312 if (status != PARSE_OK) return status;
313
314 frame->x_offset_ = 2 * ReadLE24s(mem);
315 frame->y_offset_ = 2 * ReadLE24s(mem);
316 frame->width_ = 1 + ReadLE24s(mem);
317 frame->height_ = 1 + ReadLE24s(mem);
318 frame->duration_ = ReadLE24s(mem);
319 bits = ReadByte(mem);
320 frame->dispose_method_ =
321 (bits & 1) ? WEBP_MUX_DISPOSE_BACKGROUND : WEBP_MUX_DISPOSE_NONE;
322 frame->blend_method_ = (bits & 2) ? WEBP_MUX_NO_BLEND : WEBP_MUX_BLEND;
323 if (frame->width_ * (uint64_t)frame->height_ >= MAX_IMAGE_AREA) {
324 free(frame);
325 return PARSE_ERROR;
326 }
327
328 // Store a frame only if the animation flag is set there is some data for
329 // this frame is available.
330 status = StoreFrame(dmux->num_frames_ + 1, anmf_payload_size, mem, frame);
331 if (status != PARSE_ERROR && has_frames && frame->frame_num_ > 0) {
332 added_frame = AddFrame(dmux, frame);
333 if (added_frame) {
334 ++dmux->num_frames_;
335 } else {
336 status = PARSE_ERROR;
337 }
338 }
339
340 if (!added_frame) free(frame);
341 return status;
342 }
343
344 #ifdef WEBP_EXPERIMENTAL_FEATURES
345 // Parse a 'FRGM' chunk and any image bearing chunks that immediately follow.
346 // 'fragment_chunk_size' is the previously validated, padded chunk size.
347 static ParseStatus ParseFragment(WebPDemuxer* const dmux,
348 uint32_t fragment_chunk_size) {
349 const int frame_num = 1; // All fragments belong to the 1st (and only) frame.
350 const int has_fragments = !!(dmux->feature_flags_ & FRAGMENTS_FLAG);
351 const uint32_t frgm_payload_size = fragment_chunk_size - FRGM_CHUNK_SIZE;
352 int added_fragment = 0;
353 MemBuffer* const mem = &dmux->mem_;
354 Frame* frame;
355 ParseStatus status =
356 NewFrame(mem, FRGM_CHUNK_SIZE, fragment_chunk_size, &frame);
357 if (status != PARSE_OK) return status;
358
359 frame->is_fragment_ = 1;
360 frame->x_offset_ = 2 * ReadLE24s(mem);
361 frame->y_offset_ = 2 * ReadLE24s(mem);
362
363 // Store a fragment only if the fragments flag is set there is some data for
364 // this fragment is available.
365 status = StoreFrame(frame_num, frgm_payload_size, mem, frame);
366 if (status != PARSE_ERROR && has_fragments && frame->frame_num_ > 0) {
367 added_fragment = AddFrame(dmux, frame);
368 if (!added_fragment) {
369 status = PARSE_ERROR;
370 } else {
371 dmux->num_frames_ = 1;
372 }
373 }
374
375 if (!added_fragment) free(frame);
376 return status;
377 }
378 #endif // WEBP_EXPERIMENTAL_FEATURES
379
380 // General chunk storage, starting with the header at 'start_offset', allowing
381 // the user to request the payload via a fourcc string. 'size' includes the
382 // header and the unpadded payload size.
383 // Returns true on success, false otherwise.
384 static int StoreChunk(WebPDemuxer* const dmux,
385 size_t start_offset, uint32_t size) {
386 Chunk* const chunk = (Chunk*)calloc(1, sizeof(*chunk));
387 if (chunk == NULL) return 0;
388
389 chunk->data_.offset_ = start_offset;
390 chunk->data_.size_ = size;
391 AddChunk(dmux, chunk);
392 return 1;
393 }
394
395 // -----------------------------------------------------------------------------
396 // Primary chunk parsing
397
398 static int ReadHeader(MemBuffer* const mem) {
399 const size_t min_size = RIFF_HEADER_SIZE + CHUNK_HEADER_SIZE;
400 uint32_t riff_size;
401
402 // Basic file level validation.
403 if (MemDataSize(mem) < min_size) return 0;
404 if (memcmp(GetBuffer(mem), "RIFF", CHUNK_SIZE_BYTES) ||
405 memcmp(GetBuffer(mem) + CHUNK_HEADER_SIZE, "WEBP", CHUNK_SIZE_BYTES)) {
406 return 0;
407 }
408
409 riff_size = GetLE32(GetBuffer(mem) + TAG_SIZE);
410 if (riff_size < CHUNK_HEADER_SIZE) return 0;
411 if (riff_size > MAX_CHUNK_PAYLOAD) return 0;
412
413 // There's no point in reading past the end of the RIFF chunk
414 mem->riff_end_ = riff_size + CHUNK_HEADER_SIZE;
415 if (mem->buf_size_ > mem->riff_end_) {
416 mem->buf_size_ = mem->end_ = mem->riff_end_;
417 }
418
419 Skip(mem, RIFF_HEADER_SIZE);
420 return 1;
421 }
422
423 static ParseStatus ParseSingleImage(WebPDemuxer* const dmux) {
424 const size_t min_size = CHUNK_HEADER_SIZE;
425 MemBuffer* const mem = &dmux->mem_;
426 Frame* frame;
427 ParseStatus status;
428
429 if (dmux->frames_ != NULL) return PARSE_ERROR;
430 if (SizeIsInvalid(mem, min_size)) return PARSE_ERROR;
431 if (MemDataSize(mem) < min_size) return PARSE_NEED_MORE_DATA;
432
433 frame = (Frame*)calloc(1, sizeof(*frame));
434 if (frame == NULL) return PARSE_ERROR;
435
436 // For the single image case we allow parsing of a partial frame, but we need
437 // at least CHUNK_HEADER_SIZE for parsing.
438 status = StoreFrame(1, CHUNK_HEADER_SIZE, &dmux->mem_, frame);
439 if (status != PARSE_ERROR) {
440 const int has_alpha = !!(dmux->feature_flags_ & ALPHA_FLAG);
441 // Clear any alpha when the alpha flag is missing.
442 if (!has_alpha && frame->img_components_[1].size_ > 0) {
443 frame->img_components_[1].offset_ = 0;
444 frame->img_components_[1].size_ = 0;
445 frame->has_alpha_ = 0;
446 }
447
448 // Use the frame width/height as the canvas values for non-vp8x files.
449 // Also, set ALPHA_FLAG if this is a lossless image with alpha.
450 if (!dmux->is_ext_format_ && frame->width_ > 0 && frame->height_ > 0) {
451 dmux->state_ = WEBP_DEMUX_PARSED_HEADER;
452 dmux->canvas_width_ = frame->width_;
453 dmux->canvas_height_ = frame->height_;
454 dmux->feature_flags_ |= frame->has_alpha_ ? ALPHA_FLAG : 0;
455 }
456 AddFrame(dmux, frame);
457 dmux->num_frames_ = 1;
458 } else {
459 free(frame);
460 }
461
462 return status;
463 }
464
465 static ParseStatus ParseVP8X(WebPDemuxer* const dmux) {
466 MemBuffer* const mem = &dmux->mem_;
467 int anim_chunks = 0;
468 uint32_t vp8x_size;
469 ParseStatus status = PARSE_OK;
470
471 if (MemDataSize(mem) < CHUNK_HEADER_SIZE) return PARSE_NEED_MORE_DATA;
472
473 dmux->is_ext_format_ = 1;
474 Skip(mem, TAG_SIZE); // VP8X
475 vp8x_size = ReadLE32(mem);
476 if (vp8x_size > MAX_CHUNK_PAYLOAD) return PARSE_ERROR;
477 if (vp8x_size < VP8X_CHUNK_SIZE) return PARSE_ERROR;
478 vp8x_size += vp8x_size & 1;
479 if (SizeIsInvalid(mem, vp8x_size)) return PARSE_ERROR;
480 if (MemDataSize(mem) < vp8x_size) return PARSE_NEED_MORE_DATA;
481
482 dmux->feature_flags_ = ReadByte(mem);
483 Skip(mem, 3); // Reserved.
484 dmux->canvas_width_ = 1 + ReadLE24s(mem);
485 dmux->canvas_height_ = 1 + ReadLE24s(mem);
486 if (dmux->canvas_width_ * (uint64_t)dmux->canvas_height_ >= MAX_IMAGE_AREA) {
487 return PARSE_ERROR; // image final dimension is too large
488 }
489 Skip(mem, vp8x_size - VP8X_CHUNK_SIZE); // skip any trailing data.
490 dmux->state_ = WEBP_DEMUX_PARSED_HEADER;
491
492 if (SizeIsInvalid(mem, CHUNK_HEADER_SIZE)) return PARSE_ERROR;
493 if (MemDataSize(mem) < CHUNK_HEADER_SIZE) return PARSE_NEED_MORE_DATA;
494
495 do {
496 int store_chunk = 1;
497 const size_t chunk_start_offset = mem->start_;
498 const uint32_t fourcc = ReadLE32(mem);
499 const uint32_t chunk_size = ReadLE32(mem);
500 const uint32_t chunk_size_padded = chunk_size + (chunk_size & 1);
501
502 if (chunk_size > MAX_CHUNK_PAYLOAD) return PARSE_ERROR;
503 if (SizeIsInvalid(mem, chunk_size_padded)) return PARSE_ERROR;
504
505 switch (fourcc) {
506 case MKFOURCC('V', 'P', '8', 'X'): {
507 return PARSE_ERROR;
508 }
509 case MKFOURCC('A', 'L', 'P', 'H'):
510 case MKFOURCC('V', 'P', '8', ' '):
511 case MKFOURCC('V', 'P', '8', 'L'): {
512 // check that this isn't an animation (all frames should be in an ANMF).
513 if (anim_chunks > 0) return PARSE_ERROR;
514
515 Rewind(mem, CHUNK_HEADER_SIZE);
516 status = ParseSingleImage(dmux);
517 break;
518 }
519 case MKFOURCC('A', 'N', 'I', 'M'): {
520 if (chunk_size_padded < ANIM_CHUNK_SIZE) return PARSE_ERROR;
521
522 if (MemDataSize(mem) < chunk_size_padded) {
523 status = PARSE_NEED_MORE_DATA;
524 } else if (anim_chunks == 0) {
525 ++anim_chunks;
526 dmux->bgcolor_ = ReadLE32(mem);
527 dmux->loop_count_ = ReadLE16s(mem);
528 Skip(mem, chunk_size_padded - ANIM_CHUNK_SIZE);
529 } else {
530 store_chunk = 0;
531 goto Skip;
532 }
533 break;
534 }
535 case MKFOURCC('A', 'N', 'M', 'F'): {
536 if (anim_chunks == 0) return PARSE_ERROR; // 'ANIM' precedes frames.
537 status = ParseAnimationFrame(dmux, chunk_size_padded);
538 break;
539 }
540 #ifdef WEBP_EXPERIMENTAL_FEATURES
541 case MKFOURCC('F', 'R', 'G', 'M'): {
542 status = ParseFragment(dmux, chunk_size_padded);
543 break;
544 }
545 #endif
546 case MKFOURCC('I', 'C', 'C', 'P'): {
547 store_chunk = !!(dmux->feature_flags_ & ICCP_FLAG);
548 goto Skip;
549 }
550 case MKFOURCC('X', 'M', 'P', ' '): {
551 store_chunk = !!(dmux->feature_flags_ & XMP_FLAG);
552 goto Skip;
553 }
554 case MKFOURCC('E', 'X', 'I', 'F'): {
555 store_chunk = !!(dmux->feature_flags_ & EXIF_FLAG);
556 goto Skip;
557 }
558 Skip:
559 default: {
560 if (chunk_size_padded <= MemDataSize(mem)) {
561 if (store_chunk) {
562 // Store only the chunk header and unpadded size as only the payload
563 // will be returned to the user.
564 if (!StoreChunk(dmux, chunk_start_offset,
565 CHUNK_HEADER_SIZE + chunk_size)) {
566 return PARSE_ERROR;
567 }
568 }
569 Skip(mem, chunk_size_padded);
570 } else {
571 status = PARSE_NEED_MORE_DATA;
572 }
573 }
574 }
575
576 if (mem->start_ == mem->riff_end_) {
577 break;
578 } else if (MemDataSize(mem) < CHUNK_HEADER_SIZE) {
579 status = PARSE_NEED_MORE_DATA;
580 }
581 } while (status == PARSE_OK);
582
583 return status;
584 }
585
586 // -----------------------------------------------------------------------------
587 // Format validation
588
589 static int IsValidSimpleFormat(const WebPDemuxer* const dmux) {
590 const Frame* const frame = dmux->frames_;
591 if (dmux->state_ == WEBP_DEMUX_PARSING_HEADER) return 1;
592
593 if (dmux->canvas_width_ <= 0 || dmux->canvas_height_ <= 0) return 0;
594 if (dmux->state_ == WEBP_DEMUX_DONE && frame == NULL) return 0;
595
596 if (frame->width_ <= 0 || frame->height_ <= 0) return 0;
597 return 1;
598 }
599
600 // If 'exact' is true, check that the image resolution matches the canvas.
601 // If 'exact' is false, check that the x/y offsets do not exceed the canvas.
602 static int CheckFrameBounds(const Frame* const frame, int exact,
603 int canvas_width, int canvas_height) {
604 if (exact) {
605 if (frame->x_offset_ != 0 || frame->y_offset_ != 0) {
606 return 0;
607 }
608 if (frame->width_ != canvas_width || frame->height_ != canvas_height) {
609 return 0;
610 }
611 } else {
612 if (frame->x_offset_ < 0 || frame->y_offset_ < 0) return 0;
613 if (frame->width_ + frame->x_offset_ > canvas_width) return 0;
614 if (frame->height_ + frame->y_offset_ > canvas_height) return 0;
615 }
616 return 1;
617 }
618
619 static int IsValidExtendedFormat(const WebPDemuxer* const dmux) {
620 const int has_fragments = !!(dmux->feature_flags_ & FRAGMENTS_FLAG);
621 const int has_frames = !!(dmux->feature_flags_ & ANIMATION_FLAG);
622 const Frame* f = dmux->frames_;
623
624 if (dmux->state_ == WEBP_DEMUX_PARSING_HEADER) return 1;
625
626 if (dmux->canvas_width_ <= 0 || dmux->canvas_height_ <= 0) return 0;
627 if (dmux->loop_count_ < 0) return 0;
628 if (dmux->state_ == WEBP_DEMUX_DONE && dmux->frames_ == NULL) return 0;
629
630 while (f != NULL) {
631 const int cur_frame_set = f->frame_num_;
632 int frame_count = 0, fragment_count = 0;
633
634 // Check frame properties and if the image is composed of fragments that
635 // each fragment came from a fragment.
636 for (; f != NULL && f->frame_num_ == cur_frame_set; f = f->next_) {
637 const ChunkData* const image = f->img_components_;
638 const ChunkData* const alpha = f->img_components_ + 1;
639
640 if (!has_fragments && f->is_fragment_) return 0;
641 if (!has_frames && f->frame_num_ > 1) return 0;
642 if (f->complete_) {
643 if (alpha->size_ == 0 && image->size_ == 0) return 0;
644 // Ensure alpha precedes image bitstream.
645 if (alpha->size_ > 0 && alpha->offset_ > image->offset_) {
646 return 0;
647 }
648
649 if (f->width_ <= 0 || f->height_ <= 0) return 0;
650 } else {
651 // There shouldn't be a partial frame in a complete file.
652 if (dmux->state_ == WEBP_DEMUX_DONE) return 0;
653
654 // Ensure alpha precedes image bitstream.
655 if (alpha->size_ > 0 && image->size_ > 0 &&
656 alpha->offset_ > image->offset_) {
657 return 0;
658 }
659 // There shouldn't be any frames after an incomplete one.
660 if (f->next_ != NULL) return 0;
661 }
662
663 if (f->width_ > 0 && f->height_ > 0 &&
664 !CheckFrameBounds(f, !(has_frames || has_fragments),
665 dmux->canvas_width_, dmux->canvas_height_)) {
666 return 0;
667 }
668
669 fragment_count += f->is_fragment_;
670 ++frame_count;
671 }
672 if (!has_fragments && frame_count > 1) return 0;
673 if (fragment_count > 0 && frame_count != fragment_count) return 0;
674 if (f == NULL) break;
675 }
676 return 1;
677 }
678
679 // -----------------------------------------------------------------------------
680 // WebPDemuxer object
681
682 static void InitDemux(WebPDemuxer* const dmux, const MemBuffer* const mem) {
683 dmux->state_ = WEBP_DEMUX_PARSING_HEADER;
684 dmux->loop_count_ = 1;
685 dmux->bgcolor_ = 0xFFFFFFFF; // White background by default.
686 dmux->canvas_width_ = -1;
687 dmux->canvas_height_ = -1;
688 dmux->frames_tail_ = &dmux->frames_;
689 dmux->mem_ = *mem;
690 }
691
692 WebPDemuxer* WebPDemuxInternal(const WebPData* data, int allow_partial,
693 WebPDemuxState* state, int version) {
694 const ChunkParser* parser;
695 int partial;
696 ParseStatus status = PARSE_ERROR;
697 MemBuffer mem;
698 WebPDemuxer* dmux;
699
700 if (WEBP_ABI_IS_INCOMPATIBLE(version, WEBP_DEMUX_ABI_VERSION)) return NULL;
701 if (data == NULL || data->bytes == NULL || data->size == 0) return NULL;
702
703 if (!InitMemBuffer(&mem, data->bytes, data->size)) return NULL;
704 if (!ReadHeader(&mem)) return NULL;
705
706 partial = (mem.buf_size_ < mem.riff_end_);
707 if (!allow_partial && partial) return NULL;
708
709 dmux = (WebPDemuxer*)calloc(1, sizeof(*dmux));
710 if (dmux == NULL) return NULL;
711 InitDemux(dmux, &mem);
712
713 for (parser = kMasterChunks; parser->parse != NULL; ++parser) {
714 if (!memcmp(parser->id, GetBuffer(&dmux->mem_), TAG_SIZE)) {
715 status = parser->parse(dmux);
716 if (status == PARSE_OK) dmux->state_ = WEBP_DEMUX_DONE;
717 if (status == PARSE_NEED_MORE_DATA && !partial) status = PARSE_ERROR;
718 if (status != PARSE_ERROR && !parser->valid(dmux)) status = PARSE_ERROR;
719 break;
720 }
721 }
722 if (state) *state = dmux->state_;
723
724 if (status == PARSE_ERROR) {
725 WebPDemuxDelete(dmux);
726 return NULL;
727 }
728 return dmux;
729 }
730
731 void WebPDemuxDelete(WebPDemuxer* dmux) {
732 Chunk* c;
733 Frame* f;
734 if (dmux == NULL) return;
735
736 for (f = dmux->frames_; f != NULL;) {
737 Frame* const cur_frame = f;
738 f = f->next_;
739 free(cur_frame);
740 }
741 for (c = dmux->chunks_; c != NULL;) {
742 Chunk* const cur_chunk = c;
743 c = c->next_;
744 free(cur_chunk);
745 }
746 free(dmux);
747 }
748
749 // -----------------------------------------------------------------------------
750
751 uint32_t WebPDemuxGetI(const WebPDemuxer* dmux, WebPFormatFeature feature) {
752 if (dmux == NULL) return 0;
753
754 switch (feature) {
755 case WEBP_FF_FORMAT_FLAGS: return dmux->feature_flags_;
756 case WEBP_FF_CANVAS_WIDTH: return (uint32_t)dmux->canvas_width_;
757 case WEBP_FF_CANVAS_HEIGHT: return (uint32_t)dmux->canvas_height_;
758 case WEBP_FF_LOOP_COUNT: return (uint32_t)dmux->loop_count_;
759 case WEBP_FF_BACKGROUND_COLOR: return dmux->bgcolor_;
760 case WEBP_FF_FRAME_COUNT: return (uint32_t)dmux->num_frames_;
761 }
762 return 0;
763 }
764
765 // -----------------------------------------------------------------------------
766 // Frame iteration
767
768 // Find the first 'frame_num' frame. There may be multiple such frames in a
769 // fragmented frame.
770 static const Frame* GetFrame(const WebPDemuxer* const dmux, int frame_num) {
771 const Frame* f;
772 for (f = dmux->frames_; f != NULL; f = f->next_) {
773 if (frame_num == f->frame_num_) break;
774 }
775 return f;
776 }
777
778 // Returns fragment 'fragment_num' and the total count.
779 static const Frame* GetFragment(
780 const Frame* const frame_set, int fragment_num, int* const count) {
781 const int this_frame = frame_set->frame_num_;
782 const Frame* f = frame_set;
783 const Frame* fragment = NULL;
784 int total;
785
786 for (total = 0; f != NULL && f->frame_num_ == this_frame; f = f->next_) {
787 if (++total == fragment_num) fragment = f;
788 }
789 *count = total;
790 return fragment;
791 }
792
793 static const uint8_t* GetFramePayload(const uint8_t* const mem_buf,
794 const Frame* const frame,
795 size_t* const data_size) {
796 *data_size = 0;
797 if (frame != NULL) {
798 const ChunkData* const image = frame->img_components_;
799 const ChunkData* const alpha = frame->img_components_ + 1;
800 size_t start_offset = image->offset_;
801 *data_size = image->size_;
802
803 // if alpha exists it precedes image, update the size allowing for
804 // intervening chunks.
805 if (alpha->size_ > 0) {
806 const size_t inter_size = (image->offset_ > 0)
807 ? image->offset_ - (alpha->offset_ + alpha->size_)
808 : 0;
809 start_offset = alpha->offset_;
810 *data_size += alpha->size_ + inter_size;
811 }
812 return mem_buf + start_offset;
813 }
814 return NULL;
815 }
816
817 // Create a whole 'frame' from VP8 (+ alpha) or lossless.
818 static int SynthesizeFrame(const WebPDemuxer* const dmux,
819 const Frame* const first_frame,
820 int fragment_num, WebPIterator* const iter) {
821 const uint8_t* const mem_buf = dmux->mem_.buf_;
822 int num_fragments;
823 size_t payload_size = 0;
824 const Frame* const fragment =
825 GetFragment(first_frame, fragment_num, &num_fragments);
826 const uint8_t* const payload =
827 GetFramePayload(mem_buf, fragment, &payload_size);
828 if (payload == NULL) return 0;
829 assert(first_frame != NULL);
830
831 iter->frame_num = first_frame->frame_num_;
832 iter->num_frames = dmux->num_frames_;
833 iter->fragment_num = fragment_num;
834 iter->num_fragments = num_fragments;
835 iter->x_offset = fragment->x_offset_;
836 iter->y_offset = fragment->y_offset_;
837 iter->width = fragment->width_;
838 iter->height = fragment->height_;
839 iter->has_alpha = fragment->has_alpha_;
840 iter->duration = fragment->duration_;
841 iter->dispose_method = fragment->dispose_method_;
842 iter->blend_method = fragment->blend_method_;
843 iter->complete = fragment->complete_;
844 iter->fragment.bytes = payload;
845 iter->fragment.size = payload_size;
846 // TODO(jzern): adjust offsets for 'FRGM's embedded in 'ANMF's
847 return 1;
848 }
849
850 static int SetFrame(int frame_num, WebPIterator* const iter) {
851 const Frame* frame;
852 const WebPDemuxer* const dmux = (WebPDemuxer*)iter->private_;
853 if (dmux == NULL || frame_num < 0) return 0;
854 if (frame_num > dmux->num_frames_) return 0;
855 if (frame_num == 0) frame_num = dmux->num_frames_;
856
857 frame = GetFrame(dmux, frame_num);
858 if (frame == NULL) return 0;
859
860 return SynthesizeFrame(dmux, frame, 1, iter);
861 }
862
863 int WebPDemuxGetFrame(const WebPDemuxer* dmux, int frame, WebPIterator* iter) {
864 if (iter == NULL) return 0;
865
866 memset(iter, 0, sizeof(*iter));
867 iter->private_ = (void*)dmux;
868 return SetFrame(frame, iter);
869 }
870
871 int WebPDemuxNextFrame(WebPIterator* iter) {
872 if (iter == NULL) return 0;
873 return SetFrame(iter->frame_num + 1, iter);
874 }
875
876 int WebPDemuxPrevFrame(WebPIterator* iter) {
877 if (iter == NULL) return 0;
878 if (iter->frame_num <= 1) return 0;
879 return SetFrame(iter->frame_num - 1, iter);
880 }
881
882 int WebPDemuxSelectFragment(WebPIterator* iter, int fragment_num) {
883 if (iter != NULL && iter->private_ != NULL && fragment_num > 0) {
884 const WebPDemuxer* const dmux = (WebPDemuxer*)iter->private_;
885 const Frame* const frame = GetFrame(dmux, iter->frame_num);
886 if (frame == NULL) return 0;
887
888 return SynthesizeFrame(dmux, frame, fragment_num, iter);
889 }
890 return 0;
891 }
892
893 void WebPDemuxReleaseIterator(WebPIterator* iter) {
894 (void)iter;
895 }
896
897 // -----------------------------------------------------------------------------
898 // Chunk iteration
899
900 static int ChunkCount(const WebPDemuxer* const dmux, const char fourcc[4]) {
901 const uint8_t* const mem_buf = dmux->mem_.buf_;
902 const Chunk* c;
903 int count = 0;
904 for (c = dmux->chunks_; c != NULL; c = c->next_) {
905 const uint8_t* const header = mem_buf + c->data_.offset_;
906 if (!memcmp(header, fourcc, TAG_SIZE)) ++count;
907 }
908 return count;
909 }
910
911 static const Chunk* GetChunk(const WebPDemuxer* const dmux,
912 const char fourcc[4], int chunk_num) {
913 const uint8_t* const mem_buf = dmux->mem_.buf_;
914 const Chunk* c;
915 int count = 0;
916 for (c = dmux->chunks_; c != NULL; c = c->next_) {
917 const uint8_t* const header = mem_buf + c->data_.offset_;
918 if (!memcmp(header, fourcc, TAG_SIZE)) ++count;
919 if (count == chunk_num) break;
920 }
921 return c;
922 }
923
924 static int SetChunk(const char fourcc[4], int chunk_num,
925 WebPChunkIterator* const iter) {
926 const WebPDemuxer* const dmux = (WebPDemuxer*)iter->private_;
927 int count;
928
929 if (dmux == NULL || fourcc == NULL || chunk_num < 0) return 0;
930 count = ChunkCount(dmux, fourcc);
931 if (count == 0) return 0;
932 if (chunk_num == 0) chunk_num = count;
933
934 if (chunk_num <= count) {
935 const uint8_t* const mem_buf = dmux->mem_.buf_;
936 const Chunk* const chunk = GetChunk(dmux, fourcc, chunk_num);
937 iter->chunk.bytes = mem_buf + chunk->data_.offset_ + CHUNK_HEADER_SIZE;
938 iter->chunk.size = chunk->data_.size_ - CHUNK_HEADER_SIZE;
939 iter->num_chunks = count;
940 iter->chunk_num = chunk_num;
941 return 1;
942 }
943 return 0;
944 }
945
946 int WebPDemuxGetChunk(const WebPDemuxer* dmux,
947 const char fourcc[4], int chunk_num,
948 WebPChunkIterator* iter) {
949 if (iter == NULL) return 0;
950
951 memset(iter, 0, sizeof(*iter));
952 iter->private_ = (void*)dmux;
953 return SetChunk(fourcc, chunk_num, iter);
954 }
955
956 int WebPDemuxNextChunk(WebPChunkIterator* iter) {
957 if (iter != NULL) {
958 const char* const fourcc =
959 (const char*)iter->chunk.bytes - CHUNK_HEADER_SIZE;
960 return SetChunk(fourcc, iter->chunk_num + 1, iter);
961 }
962 return 0;
963 }
964
965 int WebPDemuxPrevChunk(WebPChunkIterator* iter) {
966 if (iter != NULL && iter->chunk_num > 1) {
967 const char* const fourcc =
968 (const char*)iter->chunk.bytes - CHUNK_HEADER_SIZE;
969 return SetChunk(fourcc, iter->chunk_num - 1, iter);
970 }
971 return 0;
972 }
973
974 void WebPDemuxReleaseChunkIterator(WebPChunkIterator* iter) {
975 (void)iter;
976 }
977
978 #if defined(__cplusplus) || defined(c_plusplus)
979 } // extern "C"
980 #endif