feat: WebM output, corruption-tolerant reader, and parser hardening#1
Merged
Conversation
WebM: - mkv.ValidateWebM / IsWebMCodec / WebMDocTypeVersion + writer.WriteWebM and writer.NewWebMStreamWriter (webm DocType, codec allowlist, codec init-data checks) - ops.RemuxToWebM: remux a source into a complete .webm, dropping non-WebM elements - surfaced through the matroska facade Reader robustness: - recover from zeroed/corrupted body regions by resyncing to the next valid, validated cluster instead of erroring out - bound chapter/tag/lacing recursion and cap every element allocation so crafted input cannot OOM or stack-overflow; guard divide-by-zero on TimecodeScale=0 - FuzzRead + FuzzBlockReader and corruption/lacing regression tests (incl. saved crasher) - align the streaming parser with the seekable one: ContentEncodings/HeaderStripping, nested SimpleTags + TagBinary, sub-chapters (with parity tests) Streaming / performance: - stream Mux/Merge/AddTrack via a bounded k-way timecode merge (constant memory) - stack-buffer ReadVINT, buffered Demux and RemuxToWebM output, incremental large-element reads Also: facade forwards ...Options on all ops, doc example fixes, dead-code moved out of prod.
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. ℹ️ You can also turn on project coverage checks and project coverage reporting on Pull Request comment Thanks for integrating Codecov - We've got you covered ☂️ |
…ce risk - ReadElementID rejects VINTs wider than 4 octets instead of truncating into uint32 — a 5+ octet ID was silently corrupted (EBML conformance) - reader caps the total in-memory metadata per parse (attachments, codec-private, binary tags); the 512 MiB per-element cap did not bound a file with many large metadata elements - EditInPlace documents that it is not crash-safe (use EditMetadata for atomic writes) and fsyncs after the in-place write
The CI lint failure was an unused vorbisInit var, not a config issue. - webm_test.go: use vorbisInit (adds a Vorbis validation case) - blocks.go: lift loop condition into the for statement (staticcheck) - pin golangci-lint to v1.64.8 (golangci-lint-action@v6 resolves "latest" to the latest v1.x; pinning keeps lint reproducible)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
WebM:
Reader robustness:
Streaming / performance:
Also: facade forwards ...Options on all ops, doc example fixes, dead-code moved out of prod.