Add tests (and fix!) for known bad ICO files.

We previously saw crashes decoding bad ICO files. Add tests for known bad files. While testing, I learned that one of them still crashes. Check for large offset and size separately to fix the crash. BUG=skia:2878 Review URL: https://codereview.chromium.org/712123002
author: scroggo <scroggo@google.com> 2014-11-10 13:12:25 -0800
committer: Commit bot <commit-bot@chromium.org> 2014-11-10 13:12:25 -0800
commit: b61e206138607423e83ba34d823c6036f394f655 (patch)
tree: 643b948ca1751c4268a3a616745995803e45ee58 /src/images/SkImageDecoder_libico.cpp
parent: 428b2a5a4f31334864b2834e8668e7498959580a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/images/SkImageDecoder_libico.cpp b/src/images/SkImageDecoder_libico.cpp
index cd8a292edc..5240d09b86 100644
--- a/src/images/SkImageDecoder_libico.cpp
+++ b/src/images/SkImageDecoder_libico.cpp
@@ -159,7 +159,7 @@ SkImageDecoder::Result SkICOImageDecoder::onDecode(SkStream* stream, SkBitmap* b
     const size_t size = read4Bytes(buf, 14 + choice*16);           //matters?
     const size_t offset = read4Bytes(buf, 18 + choice*16);
     // promote the sum to 64-bits to avoid overflow
-    if (((uint64_t)offset + size) > length) {
+    if (offset > length || size > length || ((uint64_t)offset + size) > length) {
         return kFailure;
     }
author	scroggo <scroggo@google.com>	2014-11-10 13:12:25 -0800
committer	Commit bot <commit-bot@chromium.org>	2014-11-10 13:12:25 -0800
commit	b61e206138607423e83ba34d823c6036f394f655 (patch)
tree	643b948ca1751c4268a3a616745995803e45ee58 /src/images/SkImageDecoder_libico.cpp
parent	428b2a5a4f31334864b2834e8668e7498959580a (diff)