Fortify lottie parser

[mymedia2]

Avoid calling the abort() function on invalid input data.

[smohantty]

@mymedia2 ,
Yes we need to find a way to gracefully abort parsing and return a null model if the json format is not what we expect.
As its a look ahead parser , simply returning from the function when the type is not what we expect will not do the job as it will still go ahead and parse the next object and will face the same issue.

One possible solution is to replace RAPIDJSON_ASSERT() with some function which will put the parser in the error state.
and check for error state in all the function like GetString() , NextArrayValue(), NextObjectKey() etc to return appropriately if parser in error state . Then in the end of parsing check if the state is Error then we delete the model and return a null model to notify that the parsing has failed.

if you have some other idea please share.

[smohantty]

@mymedia2 , something similar to this patch #481 .

As at the end of parsing we check for the error_state of the parser and returns null composition if state is in error state.
I hope you are trying to achieve something similar to this.

[mymedia2]

Well, I patched the parser in a few places, and more consistently solution is needed that cares of parser state. Another general approach would be to throw exceptions in case of invalid input, but they are disabled here, and so we have to unwind call stack by hand or do something like that. 🤷

[mymedia2]

@smohantty What do you make of replacing RAPIDJSON_ASSERT() macro with RLOTTIE_ASSERT() and leaving all the rest as is in the current shape? So whoever may receive malformed Lottie will redefine this macro as (void) and their app will not be aborted. The idea is to distinguish prerequisite failures inside RapidJSON and invalid input for rLottie.

[smohantty]

@mymedia2 ,
have removed the Assert() in all places . could you please update the patch to keep the null pointer check on mExtra variable.

[mymedia2]

@smohantty ok, rebased on master