Prevent malformed ICO files from recursively decoding

R=reed@google.com, scroggo@google.com Author: djsollen@google.com Review URL: https://codereview.chromium.org/511453002
author: djsollen <djsollen@google.com> 2014-08-26 11:35:14 -0700
committer: Commit bot <commit-bot@chromium.org> 2014-08-26 11:35:14 -0700
commit: 6a9c7b1dbdd4cfa36a006a8c7cf2effd3ffe862e (patch)
tree: 32ba30d0d71a3a4fecf35763ee8b72daba020214 /src
parent: ad726a319613c7fe2d9b3d61205366dee04861d4 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/images/SkImageDecoder_libico.cpp b/src/images/SkImageDecoder_libico.cpp
index f75d80439f..7855546a2c 100644
--- a/src/images/SkImageDecoder_libico.cpp
+++ b/src/images/SkImageDecoder_libico.cpp
@@ -164,6 +164,10 @@ bool SkICOImageDecoder::onDecode(SkStream* stream, SkBitmap* bm, Mode mode)
         SkMemoryStream subStream(buf + offset, size, false);
         SkAutoTDelete<SkImageDecoder> otherDecoder(SkImageDecoder::Factory(&subStream));
         if (otherDecoder.get() != NULL) {
+            // Disallow nesting ICO files within one another
+            if (otherDecoder->getFormat() == SkImageDecoder::kICO_Format) {
+                return false;
+            }
             // Set fields on the other decoder to be the same as this one.
             this->copyFieldsToOther(otherDecoder.get());
             if(otherDecoder->decode(&subStream, bm, this->getDefaultPref(), mode)) {
author	djsollen <djsollen@google.com>	2014-08-26 11:35:14 -0700
committer	Commit bot <commit-bot@chromium.org>	2014-08-26 11:35:14 -0700
commit	6a9c7b1dbdd4cfa36a006a8c7cf2effd3ffe862e (patch)
tree	32ba30d0d71a3a4fecf35763ee8b72daba020214 /src
parent	ad726a319613c7fe2d9b3d61205366dee04861d4 (diff)