Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(872)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: media/webm/webm_cluster_parser.cc

Issue 11139008: Change WebM parser to treat IVs from encrypted WebM as raw data. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Addressing comments Created 8 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« media/crypto/aes_decryptor_unittest.cc ('K') | « media/filters/pipeline_integration_test.cc ('k') | media/webm/webm_constants.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: media/webm/webm_cluster_parser.cc
diff --git a/media/webm/webm_cluster_parser.cc b/media/webm/webm_cluster_parser.cc
index fb1c69b874739719169085cbdcf4278862e95a61..8e833c00261e1fa41b825cabb1b60d49fbdea6e2 100644
--- a/media/webm/webm_cluster_parser.cc
+++ b/media/webm/webm_cluster_parser.cc
@@ -7,7 +7,6 @@
#include <vector>
#include "base/logging.h"
-#include "base/sys_byteorder.h"
#include "media/base/data_buffer.h"
#include "media/base/decrypt_config.h"
#include "media/webm/webm_constants.h"
@@ -16,10 +15,11 @@ namespace media {
// Generates a 16 byte CTR counter block. The CTR counter block format is a
// CTR IV appended with a CTR block counter. |iv| is an 8 byte CTR IV.
-// Returns a string of kDecryptionKeySize bytes.
-static std::string GenerateCounterBlock(uint64 iv) {
- std::string counter_block(reinterpret_cast<char*>(&iv), sizeof(iv));
- counter_block.append(DecryptConfig::kDecryptionKeySize - sizeof(iv), 0);
+// |iv_size| is the size of |iv| in btyes. Returns a string of
+// kDecryptionKeySize bytes.
+static std::string GenerateCounterBlock(const uint8* iv, int iv_size) {
+ std::string counter_block(reinterpret_cast<const char*>(iv), iv_size);
+ counter_block.append(DecryptConfig::kDecryptionKeySize - iv_size, 0);
return counter_block;
}
@@ -185,6 +185,7 @@ bool WebMClusterParser::OnBlock(int track_num, int timecode,
int block_duration,
int flags,
const uint8* data, int size) {
+ DCHECK_GE(size, 0);
if (cluster_timecode_ == -1) {
DVLOG(1) << "Got a block before cluster timecode.";
return false;
@@ -228,6 +229,10 @@ bool WebMClusterParser::OnBlock(int track_num, int timecode,
// encrypted WebM request for comments specification is here
// http://wiki.webmproject.org/encryption/webm-encryption-rfc
if (!encryption_key_id.empty()) {
+ if (size < kWebMSignalByteSize) {
+ DVLOG(1) << "Got a block from an encrypted stream with no data.";
+ return false;
+ }
uint8 signal_byte = data[0];
xhwang 2012/10/15 20:09:04 nit: same here.
fgalligan1 2012/10/15 21:07:52 Done.
int data_offset = sizeof(signal_byte);
@@ -237,10 +242,12 @@ bool WebMClusterParser::OnBlock(int track_num, int timecode,
std::string counter_block;
if (signal_byte & kWebMFlagEncryptedFrame) {
- uint64 network_iv;
- memcpy(&network_iv, data + data_offset, sizeof(network_iv));
- data_offset += sizeof(network_iv);
- counter_block = GenerateCounterBlock(base::NetToHost64(network_iv));
+ if (size < kWebMSignalByteSize + kWebMIvSize) {
+ DVLOG(1) << "Got an encrypted block with not enough data " << size;
+ return false;
+ }
+ counter_block = GenerateCounterBlock(data + data_offset, kWebMIvSize);
+ data_offset += kWebMIvSize;
}
// TODO(fgalligan): Revisit if DecryptConfig needs to be set on unencrypted
« media/crypto/aes_decryptor_unittest.cc ('K') | « media/filters/pipeline_integration_test.cc ('k') | media/webm/webm_constants.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698