diff options
author | Leon Scroggins III <scroggo@google.com> | 2018-02-15 09:25:11 -0500 |
---|---|---|
committer | Skia Commit-Bot <skia-commit-bot@chromium.org> | 2018-02-15 15:36:19 +0000 |
commit | ce6d93a815dfe61e721745d5a44c0984dbfba304 (patch) | |
tree | b8f122822a088765de0a0dd9f9ec0e35b3078431 | |
parent | da83c28245d460d89be9fd1c8bb1b972274e28ff (diff) |
Check for min int in BMP header
Bug: os-fuzz:6288
Negating it is undefined, so don't try.
Change-Id: I055520b8036dd8b355e744114717e08d76206bc1
Reviewed-on: https://skia-review.googlesource.com/107062
Reviewed-by: Mike Klein <mtklein@chromium.org>
Commit-Queue: Leon Scroggins <scroggo@google.com>
-rw-r--r-- | resources/invalid_images/osfuzz6288.bmp | bin | 0 -> 30 bytes | |||
-rw-r--r-- | src/codec/SkBmpCodec.cpp | 5 | ||||
-rw-r--r-- | tests/CodecTest.cpp | 3 |
3 files changed, 7 insertions, 1 deletions
diff --git a/resources/invalid_images/osfuzz6288.bmp b/resources/invalid_images/osfuzz6288.bmp Binary files differnew file mode 100644 index 0000000000..fd6e0b8aa7 --- /dev/null +++ b/resources/invalid_images/osfuzz6288.bmp diff --git a/src/codec/SkBmpCodec.cpp b/src/codec/SkBmpCodec.cpp index d97dff0971..7dd49a51e3 100644 --- a/src/codec/SkBmpCodec.cpp +++ b/src/codec/SkBmpCodec.cpp @@ -268,6 +268,11 @@ SkCodec::Result SkBmpCodec::ReadHeader(SkStream* stream, bool inIco, // Check for valid dimensions from header SkCodec::SkScanlineOrder rowOrder = SkCodec::kBottomUp_SkScanlineOrder; if (height < 0) { + // We can't negate INT32_MIN. + if (height == INT32_MIN) { + return kInvalidInput; + } + height = -height; rowOrder = SkCodec::kTopDown_SkScanlineOrder; } diff --git a/tests/CodecTest.cpp b/tests/CodecTest.cpp index 8172751cf6..290686fa37 100644 --- a/tests/CodecTest.cpp +++ b/tests/CodecTest.cpp @@ -623,7 +623,7 @@ DEF_TEST(Codec_Dimensions, r) { static void test_invalid(skiatest::Reporter* r, const char path[]) { auto data = GetResourceAsData(path); if (!data) { - ERRORF(r, "Failed to get resources %s", path); + ERRORF(r, "Failed to get resource %s", path); return; } @@ -655,6 +655,7 @@ DEF_TEST(Codec_Empty, r) { #endif test_invalid(r, "invalid_images/b37623797.ico"); test_invalid(r, "invalid_images/osfuzz6295.webp"); + test_invalid(r, "invalid_images/osfuzz6288.bmp"); } #ifdef PNG_READ_UNKNOWN_CHUNKS_SUPPORTED |