Closed Bug 789617 Opened 13 years ago Closed 13 years ago

Improve vorbis comment validation

Categories

(Core :: Audio/Video, defect)

Product:
Core
Component:
Audio/Video
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla18

People

(Reporter: rillian, Assigned: rillian)

Details

Attachments

(2 files, 3 obsolete files)

proposed fix
2.58 KB, patch
cpearce
: review+
Details | Diff | Splinter Review
corresponding tests
9.04 KB, patch
rillian
: review+
Details | Diff | Splinter Review
Currently we don't do careful validation of vorbis comments when returning metadata. This bug is about adding checks to be more strict.
Attached patch proposed fix (obsolete) — Splinter Review
Assignee: nobody → giles
Attached patch proposed fix (obsolete) — Splinter Review
Updated patch. Validates tag names using the correct subset of ASCII.
Attachment #659391 - Attachment is obsolete: true
Attached patch corresponding tests (obsolete) — Splinter Review
Corresponding tests to verify the new validation code. Also cleans up the test_metadata.html status messages a bit.
Comment on attachment 659846 [details] [diff] [review] proposed fix Ready for review.
Attachment #659846 - Flags: review?(cpearce)
Attachment #659884 - Flags: review?(cpearce)
Comment on attachment 659884 [details] [diff] [review] corresponding tests Review of attachment 659884 [details] [diff] [review]: ----------------------------------------------------------------- ::: content/media/test/manifest.js @@ +347,5 @@ > } > }, > + { name:"sound.ogg", tags: { } }, > + { name:"badtags.ogg", tags: { > + // We list only the valid tags here, and verify It would be good to include the list of invalid tags that are filtered out here too, for code future reference.
Attachment #659884 - Flags: review?(cpearce) → review+
Comment on attachment 659846 [details] [diff] [review] proposed fix Review of attachment 659846 [details] [diff] [review]: ----------------------------------------------------------------- ::: content/media/ogg/nsOggReader.cpp @@ +162,5 @@ > > +static bool IsValidVorbisTagName(nsCString& name) > +{ > + // Vorbis comment tag names must be ASCII. > + if (!IsASCII(name)) { I don't think you need to call IsASCII(); your loop below does a more restrictive version of the same check that IsASCII() does, so you'll be doing more work than necessary.
Attachment #659846 - Flags: review?(cpearce) → review+
Attached patch proposed fixSplinter Review
You're right. I've removed the IsASCII check, which also let me simplify the logging by several lines.
Attachment #659846 - Attachment is obsolete: true
Attachment #659970 - Flags: review?(cpearce)
Updated tests, adding comments describing the invalid tags we verify the implementation is skipping. Carrying forward :cpearce's earlier r+ after irc discussion.
Attachment #659884 - Attachment is obsolete: true
Attachment #659972 - Flags: review+
Attachment #659970 - Flags: review?(cpearce) → review+
Push is green. Three known orange outside the media suite.
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/7b86416037e1 https://hg.mozilla.org/mozilla-central/rev/72e3b9a6615f
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: