Set a limit on the size for BMP images

This limit matches the limit used by Chromium. I am not aware of any
real world BMPs that are larger than this (or even close to it), but
there are some invalid BMPs that are larger than this, leading to
crashes when we try to read a row.

BUG:34778578
BUG=skia:3617

Change-Id: I0f662e8d0d7bc0b084e86d0c9288b831e1b296d7
Reviewed-on: https://skia-review.googlesource.com/8966
Reviewed-by: Matt Sarett <msarett@google.com>
Commit-Queue: Leon Scroggins <scroggo@google.com>

3 files changed, 17 insertions, 15 deletions

diff --git a/resources/invalid_images/b34778578.bmp b/resources/invalid_images/b34778578.bmp
new file mode 100644
index 0000000000..4a08a61e01
--- /dev/null
+++ b/resources/invalid_images/b34778578.bmp
diff --git a/src/codec/SkBmpCodec.cpp b/src/codec/SkBmpCodec.cpp
index cd46a5495c..354bee6f74 100644
--- a/src/codec/SkBmpCodec.cpp
+++ b/src/codec/SkBmpCodec.cpp
@@ -280,9 +280,10 @@ bool SkBmpCodec::ReadHeader(SkStream* stream, bool inIco, SkCodec** codecOut) {
     if (inIco) {
         height /= 2;
     }
-    if (width <= 0 || height <= 0) {
-        // TODO: Decide if we want to disable really large bmps as well.
-        // https://code.google.com/p/skia/issues/detail?id=3617
+
+    // Arbitrary maximum. Matches Chromium.
+    constexpr int kMaxDim = 1 << 16;
+    if (width <= 0 || height <= 0 || width >= kMaxDim || height >= kMaxDim) {
         SkCodecPrintf("Error: invalid bitmap dimensions.\n");
         return false;
     }
diff --git a/tests/CodecTest.cpp b/tests/CodecTest.cpp
index 64232712d7..265b51e886 100644
--- a/tests/CodecTest.cpp
+++ b/tests/CodecTest.cpp
@@ -17,6 +17,7 @@
 #include "SkFrontBufferedStream.h"
 #include "SkImageEncoder.h"
 #include "SkMD5.h"
+#include "SkOSPath.h"
 #include "SkPngChunkReader.h"
 #include "SkRandom.h"
 #include "SkStream.h"
@@ -1466,19 +1467,19 @@ DEF_TEST(Codec_InvalidImages, r) {
 }
 
 DEF_TEST(Codec_InvalidBmp, r) {
-    // This file reports a header size that crashes when we try to read this
-    // much directly from a file using SkFILEStream.
-    SkString path = GetResourcePath("invalid_images/b33651913.bmp");
-    std::unique_ptr<SkFILEStream> stream(new SkFILEStream(path.c_str()));
-    if (!stream->isValid()) {
-        ERRORF(r, "no stream");
-        return;
-    }
+    // These files report values that have caused problems with SkFILEStreams.
+    // They are invalid, and should not create SkCodecs.
+    for (auto* bmp : { "b33651913.bmp", "b34778578.bmp" } ) {
+        SkString path = SkOSPath::Join("invalid_images", bmp);
+        path = GetResourcePath(path.c_str());
+        std::unique_ptr<SkFILEStream> stream(new SkFILEStream(path.c_str()));
+        if (!stream->isValid()) {
+            return;
+        }
 
-    std::unique_ptr<SkCodec> codec(SkCodec::NewFromStream(stream.release()));
-    // This file is invalid, but more importantly, we did not crash before
-    // reaching here.
-    REPORTER_ASSERT(r, !codec);
+        std::unique_ptr<SkCodec> codec(SkCodec::NewFromStream(stream.release()));
+        REPORTER_ASSERT(r, !codec);
+    }
 }
 
 DEF_TEST(Codec_InvalidRLEBmp, r) {