diff options
author | Matt Sarett <msarett@google.com> | 2016-10-17 12:30:39 -0400 |
---|---|---|
committer | Skia Commit-Bot <skia-commit-bot@chromium.org> | 2016-10-17 17:10:40 +0000 |
commit | 20cba06a4bc9bde60b2dc37907d11ca81ba35ce8 (patch) | |
tree | 3cd1d325542f93ab0151bf6a4ecffbd5b3496668 | |
parent | a2c2fdd49b421f92cb2fe3b0b062c682f902bd0a (diff) |
Avoid integer overflow in SkIcoCodec
Definitely good to avoid overflow here.
FWIW, this looks to be harmless for Android's current use.
They will just fail later on when trying to allocate the
bitmap.
BUG=skia:5857
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=3527
Change-Id: Ia1fb7d864d21ecdb127a1dd1a72cab8375cb43fb
Reviewed-on: https://skia-review.googlesource.com/3527
Commit-Queue: Matt Sarett <msarett@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Leon Scroggins <scroggo@google.com>
-rw-r--r-- | resources/invalid_images/int_overflow.ico | bin | 0 -> 323 bytes | |||
-rw-r--r-- | src/codec/SkIcoCodec.cpp | 9 | ||||
-rw-r--r-- | tests/CodecTest.cpp | 7 |
3 files changed, 12 insertions, 4 deletions
diff --git a/resources/invalid_images/int_overflow.ico b/resources/invalid_images/int_overflow.ico Binary files differnew file mode 100644 index 0000000000..24a7c701f9 --- /dev/null +++ b/resources/invalid_images/int_overflow.ico diff --git a/src/codec/SkIcoCodec.cpp b/src/codec/SkIcoCodec.cpp index 63b72c4039..d01904dc1b 100644 --- a/src/codec/SkIcoCodec.cpp +++ b/src/codec/SkIcoCodec.cpp @@ -157,11 +157,12 @@ SkCodec* SkIcoCodec::NewFromStream(SkStream* stream) { } // Use the largest codec as a "suggestion" for image info - uint32_t maxSize = 0; - uint32_t maxIndex = 0; - for (int32_t i = 0; i < codecs->count(); i++) { + size_t maxSize = 0; + int maxIndex = 0; + for (int i = 0; i < codecs->count(); i++) { SkImageInfo info = codecs->operator[](i)->getInfo(); - uint32_t size = info.width() * info.height(); + size_t size = info.getSafeSize(info.minRowBytes()); + if (size > maxSize) { maxSize = size; maxIndex = i; diff --git a/tests/CodecTest.cpp b/tests/CodecTest.cpp index 4d18c61860..a6058a9c35 100644 --- a/tests/CodecTest.cpp +++ b/tests/CodecTest.cpp @@ -1362,3 +1362,10 @@ DEF_TEST(Codec_rowsDecoded, r) { REPORTER_ASSERT(r, result == SkCodec::kIncompleteInput); REPORTER_ASSERT(r, rowsDecoded == 0); } + +DEF_TEST(Codec_IcoIntOverflow, r) { + // ASAN will complain if there is an issue. + SkBitmap bitmap; + const bool success = GetResourceAsBitmap("invalid_images/int_overflow.ico", &bitmap); + REPORTER_ASSERT(r, !success); +} |