diff options
author | Matt Sarett <msarett@google.com> | 2016-10-25 14:24:50 -0400 |
---|---|---|
committer | Skia Commit-Bot <skia-commit-bot@chromium.org> | 2016-10-26 00:43:27 +0000 |
commit | 8a4e9c51f4ef57f9a1d5d128e778657d96f14e53 (patch) | |
tree | ea06fc174c621c8f1c04176b0703ebd46cdafcd1 | |
parent | 8bce117ff770f4778f496911b83f953a53907ed4 (diff) |
SkGifCodec: do not write off the end of memory when repeatCount > 1
BUG=skia:5887
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=3940
Change-Id: I9e3ed6153a73277896ac067ef73918a41a0546b8
Reviewed-on: https://skia-review.googlesource.com/3940
Reviewed-by: Leon Scroggins <scroggo@google.com>
Commit-Queue: Matt Sarett <msarett@google.com>
-rw-r--r-- | resources/invalid_images/skbug5887.gif | bin | 0 -> 280 bytes | |||
-rw-r--r-- | src/codec/SkGifCodec.cpp | 4 | ||||
-rw-r--r-- | tests/CodecTest.cpp | 13 |
3 files changed, 13 insertions, 4 deletions
diff --git a/resources/invalid_images/skbug5887.gif b/resources/invalid_images/skbug5887.gif Binary files differnew file mode 100644 index 0000000000..7d9987d132 --- /dev/null +++ b/resources/invalid_images/skbug5887.gif diff --git a/src/codec/SkGifCodec.cpp b/src/codec/SkGifCodec.cpp index 46a38cd34a..e7d8afdd07 100644 --- a/src/codec/SkGifCodec.cpp +++ b/src/codec/SkGifCodec.cpp @@ -464,6 +464,10 @@ bool SkGifCodec::haveDecodedRow(size_t frameIndex, const unsigned char* rowBegin if (!foundNecessaryRow) { return true; } + } else { + // Make sure the repeatCount does not take us beyond the end of the dst + SkASSERT(this->dstInfo().height() >= yBegin); + repeatCount = SkTMin(repeatCount, (unsigned) (this->dstInfo().height() - yBegin)); } if (!fFilledBackground) { diff --git a/tests/CodecTest.cpp b/tests/CodecTest.cpp index 738e0cc91d..c171a7eac4 100644 --- a/tests/CodecTest.cpp +++ b/tests/CodecTest.cpp @@ -1429,9 +1429,14 @@ DEF_TEST(Codec_rowsDecoded, r) { REPORTER_ASSERT(r, rowsDecoded == 0); } -DEF_TEST(Codec_IcoIntOverflow, r) { - // ASAN will complain if there is an issue. +static void test_invalid_images(skiatest::Reporter* r, const char* path, bool shouldSucceed) { SkBitmap bitmap; - const bool success = GetResourceAsBitmap("invalid_images/int_overflow.ico", &bitmap); - REPORTER_ASSERT(r, !success); + const bool success = GetResourceAsBitmap(path, &bitmap); + REPORTER_ASSERT(r, success == shouldSucceed); +} + +DEF_TEST(Codec_InvalidImages, r) { + // ASAN will complain if there is an issue. + test_invalid_images(r, "invalid_images/int_overflow.ico", false); + test_invalid_images(r, "invalid_images/skbug5887.gif", true); } |