Add tests (and fix!) for known bad ICO files.

We previously saw crashes decoding bad ICO files. Add tests for known bad files. While testing, I learned that one of them still crashes. Check for large offset and size separately to fix the crash. BUG=skia:2878 Review URL: https://codereview.chromium.org/712123002
author: scroggo <scroggo@google.com> 2014-11-10 13:12:25 -0800
committer: Commit bot <commit-bot@chromium.org> 2014-11-10 13:12:25 -0800
commit: b61e206138607423e83ba34d823c6036f394f655 (patch)
tree: 643b948ca1751c4268a3a616745995803e45ee58
parent: 428b2a5a4f31334864b2834e8668e7498959580a (diff)
6 files changed, 35 insertions, 1 deletions
diff --git a/gyp/tests.gypi b/gyp/tests.gypi
index 4bdea1e1f0..fccbd1cf64 100644
--- a/gyp/tests.gypi
+++ b/gyp/tests.gypi
@@ -49,6 +49,7 @@
     '../tests/AnnotationTest.cpp',
     '../tests/AsADashTest.cpp',
     '../tests/AtomicTest.cpp',
+    '../tests/BadIcoTest.cpp',
     '../tests/BitSetTest.cpp',
     '../tests/BitmapCopyTest.cpp',
     '../tests/BitmapGetColorTest.cpp',
diff --git a/resources/invalid_images/sigabort_favicon.ico b/resources/invalid_images/sigabort_favicon.ico
new file mode 100644
index 0000000000..527d657814
--- /dev/null
+++ b/resources/invalid_images/sigabort_favicon.ico
diff --git a/resources/invalid_images/sigsegv_favicon.ico b/resources/invalid_images/sigsegv_favicon.ico
new file mode 100644
index 0000000000..f488a24e48
--- /dev/null
+++ b/resources/invalid_images/sigsegv_favicon.ico
diff --git a/resources/invalid_images/sigsegv_favicon_2.ico b/resources/invalid_images/sigsegv_favicon_2.ico
new file mode 100644
index 0000000000..49730dfe20
--- /dev/null
+++ b/resources/invalid_images/sigsegv_favicon_2.ico
diff --git a/src/images/SkImageDecoder_libico.cpp b/src/images/SkImageDecoder_libico.cpp
index cd8a292edc..5240d09b86 100644
--- a/src/images/SkImageDecoder_libico.cpp
+++ b/src/images/SkImageDecoder_libico.cpp
@@ -159,7 +159,7 @@ SkImageDecoder::Result SkICOImageDecoder::onDecode(SkStream* stream, SkBitmap* b
     const size_t size = read4Bytes(buf, 14 + choice*16);           //matters?
     const size_t offset = read4Bytes(buf, 18 + choice*16);
     // promote the sum to 64-bits to avoid overflow
-    if (((uint64_t)offset + size) > length) {
+    if (offset > length || size > length || ((uint64_t)offset + size) > length) {
         return kFailure;
     }
 
diff --git a/tests/BadIcoTest.cpp b/tests/BadIcoTest.cpp
new file mode 100644
index 0000000000..566f3d68a2
--- /dev/null
+++ b/tests/BadIcoTest.cpp
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2014 Google Inc.
+ *
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "Resources.h"
+#include "Test.h"
+#include "SkBitmap.h"
+#include "SkImageDecoder.h"
+#include "SkOSFile.h"
+
+DEF_TEST(BadIco, reporter) {
+    const char* const badIcos [] = {
+        "sigabort_favicon.ico",
+        "sigsegv_favicon.ico",
+        "sigsegv_favicon_2.ico",
+    };
+
+    const char* badIcoFolder = "invalid_images";
+
+    SkString resourcePath = GetResourcePath(badIcoFolder);
+
+    SkBitmap bm;
+    for (size_t i = 0; i < SK_ARRAY_COUNT(badIcos); ++i) {
+        SkString fullPath = SkOSPath::Join(resourcePath.c_str(), badIcos[i]);
+        bool success = SkImageDecoder::DecodeFile(fullPath.c_str(), &bm);
+        // These files are invalid, and should not decode. More importantly,
+        // though, we reached here without crashing.
+        REPORTER_ASSERT(reporter, !success);
+    }
+}
author	scroggo <scroggo@google.com>	2014-11-10 13:12:25 -0800
committer	Commit bot <commit-bot@chromium.org>	2014-11-10 13:12:25 -0800
commit	b61e206138607423e83ba34d823c6036f394f655 (patch)
tree	643b948ca1751c4268a3a616745995803e45ee58
parent	428b2a5a4f31334864b2834e8668e7498959580a (diff)