From 58382a8ca5ec1fb167624ea4d653aa68f66407ab Mon Sep 17 00:00:00 2001
From: Alastor Wu <alwu@mozilla.com>
Date: Mon, 30 Oct 2017 15:27:27 +0800
Subject: [PATCH] Bug 1362440 - part1 : add timecode checking for parser
 r=kinetik

The spec [1] defines that
"Timecode (e7) MUST appear before Block (a1) or SimpleBlock (a3)".

[1] https://www.matroska.org/technical/specs/index.html

MozReview-Commit-ID: 7g8lgckuNif

--HG--
extra : rebase_source : 4945dc4b0ab4b7480bf9c6416f9776fd6313c1e1
---
 dom/media/webm/WebMBufferedParser.cpp | 9 +++++++++
 dom/media/webm/WebMBufferedParser.h   | 4 ++++
 2 files changed, 13 insertions(+)

diff --git a/dom/media/webm/WebMBufferedParser.cpp b/dom/media/webm/WebMBufferedParser.cpp
index f6cea14cd6df..ccc42f754ad2 100644
--- a/dom/media/webm/WebMBufferedParser.cpp
+++ b/dom/media/webm/WebMBufferedParser.cpp
@@ -113,6 +113,7 @@ bool WebMBufferedParser::Append(const unsigned char* aBuffer, uint32_t aLength,
         } else {
           mClusterEndOffset = -1;
         }
+        mGotClusterTimecode = false;
         mState = READ_ELEMENT_ID;
         break;
       case BLOCKGROUP_ID:
@@ -121,6 +122,11 @@ bool WebMBufferedParser::Append(const unsigned char* aBuffer, uint32_t aLength,
       case SIMPLEBLOCK_ID:
         /* FALLTHROUGH */
       case BLOCK_ID:
+        if (!mGotClusterTimecode) {
+          WEBM_DEBUG("The Timecode element must appear before any Block or "
+                     "SimpleBlock elements in a Cluster");
+          return false;
+        }
         mBlockSize = mElement.mSize.mValue;
         mBlockTimecode = 0;
         mBlockTimecodeLength = BLOCK_TIMECODE_LENGTH;
@@ -164,6 +170,7 @@ bool WebMBufferedParser::Append(const unsigned char* aBuffer, uint32_t aLength,
       break;
     case READ_TIMECODESCALE:
       if (!mGotTimecodeScale) {
+        WEBM_DEBUG("Should get the SegmentInfo first");
         return false;
       }
       mTimecodeScale = mVInt.mValue;
@@ -171,6 +178,7 @@ bool WebMBufferedParser::Append(const unsigned char* aBuffer, uint32_t aLength,
       break;
     case READ_CLUSTER_TIMECODE:
       mClusterTimecode = mVInt.mValue;
+      mGotClusterTimecode = true;
       mState = READ_ELEMENT_ID;
       break;
     case READ_BLOCK_TIMECODE:
@@ -190,6 +198,7 @@ bool WebMBufferedParser::Append(const unsigned char* aBuffer, uint32_t aLength,
             // Don't insert invalid negative timecodes.
             if (mBlockTimecode >= 0 || mClusterTimecode >= uint16_t(abs(mBlockTimecode))) {
               if (!mGotTimecodeScale) {
+                WEBM_DEBUG("Should get the TimecodeScale first");
                 return false;
               }
               uint64_t absTimecode = mClusterTimecode + mBlockTimecode;
diff --git a/dom/media/webm/WebMBufferedParser.h b/dom/media/webm/WebMBufferedParser.h
index bc3de4ba073f..858653fc172e 100644
--- a/dom/media/webm/WebMBufferedParser.h
+++ b/dom/media/webm/WebMBufferedParser.h
@@ -75,6 +75,7 @@ struct WebMBufferedParser
     , mSkipBytes(0)
     , mTimecodeScale(1000000)
     , mGotTimecodeScale(false)
+    , mGotClusterTimecode(false)
   {
     if (mStartOffset != 0) {
       mState = FIND_CLUSTER_SYNC;
@@ -260,6 +261,9 @@ private:
   // True if we read the timecode scale from the segment info or have
   // confirmed that the default value is to be used.
   bool mGotTimecodeScale;
+
+  // True if we've read the cluster time code.
+  bool mGotClusterTimecode;
 };
 
 class WebMBufferedState final