Fix handling of sniffed data

Closes #334
author: Patrick Griffis <pgriffis@igalia.com> 2023-02-15 10:44:11 -0600
committer: Patrick Griffis <pgriffis@igalia.com> 2023-02-15 11:02:37 -0600
commit: 60f3b75ad129ab7653133b571d6d7059b9fb7718 (patch)
tree: f2cc28b0ee6e12b5d1a5c3c107ed72ab7a9f0626 /libsoup
parent: 25f682db8295a062d6f622a250daa20fc6137031 (diff)
download: libsoup-60f3b75ad129ab7653133b571d6d7059b9fb7718.tar.gz
1 files changed, 22 insertions, 13 deletions
diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
index 4eb27bc5..de0985ea 100644
--- a/libsoup/content-sniffer/soup-content-sniffer.c
+++ b/libsoup/content-sniffer/soup-content-sniffer.c
@@ -229,6 +229,15 @@ static SoupContentSnifferMediaPattern audio_video_types_table[] = {
 };
 
 static gboolean
+data_has_prefix (const char *data, const char *prefix, gsize max_length)
+{
+        if (strlen (prefix) > max_length)
+                return FALSE;
+
+        return memcmp (data, prefix, strlen (prefix)) == 0;
+}
+
+static gboolean
 sniff_mp4 (SoupContentSniffer *sniffer, GBytes *buffer)
 {
 	gsize resource_length;
@@ -247,14 +256,14 @@ sniff_mp4 (SoupContentSniffer *sniffer, GBytes *buffer)
 	if (resource_length < 12 || resource_length < box_size || box_size % 4 != 0)
 		return FALSE;
 
-	if (!g_str_has_prefix (resource + 4, "ftyp"))
+	if (!data_has_prefix (resource + 4, "ftyp", resource_length - 4))
 		return FALSE;
 
-	if (!g_str_has_prefix (resource + 8, "mp4"))
+	if (!data_has_prefix (resource + 8, "mp4", resource_length - 8))
 		return FALSE;
 
 	for (i = 16; i < box_size && i < resource_length; i = i + 4) {
-		if (g_str_has_prefix (resource + i, "mp4"))
+		if (data_has_prefix (resource + i, "mp4", resource_length - i))
 			return TRUE;
 	}
 
@@ -670,13 +679,13 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
 		goto text_html;
 
 	/* Skip comments. */
-	if (g_str_has_prefix (resource + pos, "!--")) {
+	if (data_has_prefix (resource + pos, "!--", resource_length - pos)) {
 		pos = pos + 3;
 
 		if ((pos + 2) > resource_length)
 			goto text_html;
 
-		while (!g_str_has_prefix (resource + pos, "-->")) {
+		while (!data_has_prefix (resource + pos, "-->", resource_length - pos)) {
 			pos++;
 
 			if ((pos + 2) > resource_length)
@@ -708,7 +717,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
 
 			if ((pos + 1) > resource_length)
 				goto text_html;
-		} while (!g_str_has_prefix (resource + pos, "?>"));
+		} while (!data_has_prefix (resource + pos, "?>", resource_length - pos));
 
 		pos = pos + 2;
 
@@ -718,19 +727,19 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
 	if ((pos + 3) > resource_length)
 		goto text_html;
 
-	if (g_str_has_prefix (resource + pos, "rss"))
+	if (data_has_prefix (resource + pos, "rss", resource_length - pos))
 		return g_strdup ("application/rss+xml");
 
 	if ((pos + 4) > resource_length)
 		goto text_html;
 
-	if (g_str_has_prefix (resource + pos, "feed"))
+	if (data_has_prefix (resource + pos, "feed", resource_length - pos))
 		return g_strdup ("application/atom+xml");
 
 	if ((pos + 7) > resource_length)
 		goto text_html;
 
-	if (g_str_has_prefix (resource + pos, "rdf:RDF")) {
+	if (data_has_prefix (resource + pos, "rdf:RDF", resource_length - pos)) {
 		pos = pos + 7;
 
 		if (skip_insignificant_space (resource, &pos, resource_length))
@@ -739,7 +748,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
 		if ((pos + 32) > resource_length)
 			goto text_html;
 
-		if (g_str_has_prefix (resource + pos, "xmlns=\"http://purl.org/rss/1.0/\"")) {
+		if (data_has_prefix (resource + pos, "xmlns=\"http://purl.org/rss/1.0/\"", resource_length - pos)) {
 			pos = pos + 32;
 
 			if (skip_insignificant_space (resource, &pos, resource_length))
@@ -748,14 +757,14 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
 			if ((pos + 55) > resource_length)
 				goto text_html;
 
-			if (g_str_has_prefix (resource + pos, "xmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\""))
+			if (data_has_prefix (resource + pos, "xmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\"", resource_length - pos))
 				return g_strdup ("application/rss+xml");
 		}
 
 		if ((pos + 55) > resource_length)
 			goto text_html;
 
-		if (g_str_has_prefix (resource + pos, "xmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\"")) {
+		if (data_has_prefix (resource + pos, "xmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\"", resource_length - pos)) {
 			pos = pos + 55;
 
 			if (skip_insignificant_space (resource, &pos, resource_length))
@@ -764,7 +773,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
 			if ((pos + 32) > resource_length)
 				goto text_html;
 
-			if (g_str_has_prefix (resource + pos, "xmlns=\"http://purl.org/rss/1.0/\""))
+			if (data_has_prefix (resource + pos, "xmlns=\"http://purl.org/rss/1.0/\"", resource_length - pos))
 				return g_strdup ("application/rss+xml");
 		}
 	}
author	Patrick Griffis <pgriffis@igalia.com>	2023-02-15 10:44:11 -0600
committer	Patrick Griffis <pgriffis@igalia.com>	2023-02-15 11:02:37 -0600
commit	60f3b75ad129ab7653133b571d6d7059b9fb7718 (patch)
tree	f2cc28b0ee6e12b5d1a5c3c107ed72ab7a9f0626 /libsoup
parent	25f682db8295a062d6f622a250daa20fc6137031 (diff)
download	libsoup-60f3b75ad129ab7653133b571d6d7059b9fb7718.tar.gz