diff options
| -rw-r--r-- | resources/invalid_images/b34778578.bmp | bin | 0 -> 132 bytes | |||
| -rw-r--r-- | src/codec/SkBmpCodec.cpp | 7 | ||||
| -rw-r--r-- | tests/CodecTest.cpp | 25 |
3 files changed, 17 insertions, 15 deletions
diff --git a/resources/invalid_images/b34778578.bmp b/resources/invalid_images/b34778578.bmp Binary files differnew file mode 100644 index 0000000000..4a08a61e01 --- /dev/null +++ b/resources/invalid_images/b34778578.bmp diff --git a/src/codec/SkBmpCodec.cpp b/src/codec/SkBmpCodec.cpp index cd46a5495c..354bee6f74 100644 --- a/src/codec/SkBmpCodec.cpp +++ b/src/codec/SkBmpCodec.cpp @@ -280,9 +280,10 @@ bool SkBmpCodec::ReadHeader(SkStream* stream, bool inIco, SkCodec** codecOut) { if (inIco) { height /= 2; } - if (width <= 0 || height <= 0) { - // TODO: Decide if we want to disable really large bmps as well. - // https://code.google.com/p/skia/issues/detail?id=3617 + + // Arbitrary maximum. Matches Chromium. + constexpr int kMaxDim = 1 << 16; + if (width <= 0 || height <= 0 || width >= kMaxDim || height >= kMaxDim) { SkCodecPrintf("Error: invalid bitmap dimensions.\n"); return false; } diff --git a/tests/CodecTest.cpp b/tests/CodecTest.cpp index 64232712d7..265b51e886 100644 --- a/tests/CodecTest.cpp +++ b/tests/CodecTest.cpp @@ -17,6 +17,7 @@ #include "SkFrontBufferedStream.h" #include "SkImageEncoder.h" #include "SkMD5.h" +#include "SkOSPath.h" #include "SkPngChunkReader.h" #include "SkRandom.h" #include "SkStream.h" @@ -1466,19 +1467,19 @@ DEF_TEST(Codec_InvalidImages, r) { } DEF_TEST(Codec_InvalidBmp, r) { - // This file reports a header size that crashes when we try to read this - // much directly from a file using SkFILEStream. - SkString path = GetResourcePath("invalid_images/b33651913.bmp"); - std::unique_ptr<SkFILEStream> stream(new SkFILEStream(path.c_str())); - if (!stream->isValid()) { - ERRORF(r, "no stream"); - return; - } + // These files report values that have caused problems with SkFILEStreams. + // They are invalid, and should not create SkCodecs. + for (auto* bmp : { "b33651913.bmp", "b34778578.bmp" } ) { + SkString path = SkOSPath::Join("invalid_images", bmp); + path = GetResourcePath(path.c_str()); + std::unique_ptr<SkFILEStream> stream(new SkFILEStream(path.c_str())); + if (!stream->isValid()) { + return; + } - std::unique_ptr<SkCodec> codec(SkCodec::NewFromStream(stream.release())); - // This file is invalid, but more importantly, we did not crash before - // reaching here. - REPORTER_ASSERT(r, !codec); + std::unique_ptr<SkCodec> codec(SkCodec::NewFromStream(stream.release())); + REPORTER_ASSERT(r, !codec); + } } DEF_TEST(Codec_InvalidRLEBmp, r) { |
