3 files changed, 12 insertions, 4 deletions

diff --git a/resources/invalid_images/int_overflow.ico b/resources/invalid_images/int_overflow.ico
new file mode 100644
index 0000000000..24a7c701f9
--- /dev/null
+++ b/resources/invalid_images/int_overflow.ico
diff --git a/src/codec/SkIcoCodec.cpp b/src/codec/SkIcoCodec.cpp
index 63b72c4039..d01904dc1b 100644
--- a/src/codec/SkIcoCodec.cpp
+++ b/src/codec/SkIcoCodec.cpp
@@ -157,11 +157,12 @@ SkCodec* SkIcoCodec::NewFromStream(SkStream* stream) {
     }
 
     // Use the largest codec as a "suggestion" for image info
-    uint32_t maxSize = 0;
-    uint32_t maxIndex = 0;
-    for (int32_t i = 0; i < codecs->count(); i++) {
+    size_t maxSize = 0;
+    int maxIndex = 0;
+    for (int i = 0; i < codecs->count(); i++) {
         SkImageInfo info = codecs->operator[](i)->getInfo();
-        uint32_t size = info.width() * info.height();
+        size_t size = info.getSafeSize(info.minRowBytes());
+
         if (size > maxSize) {
             maxSize = size;
             maxIndex = i;
diff --git a/tests/CodecTest.cpp b/tests/CodecTest.cpp
index 4d18c61860..a6058a9c35 100644
--- a/tests/CodecTest.cpp
+++ b/tests/CodecTest.cpp
@@ -1362,3 +1362,10 @@ DEF_TEST(Codec_rowsDecoded, r) {
     REPORTER_ASSERT(r, result == SkCodec::kIncompleteInput);
     REPORTER_ASSERT(r, rowsDecoded == 0);
 }
+
+DEF_TEST(Codec_IcoIntOverflow, r) {
+    // ASAN will complain if there is an issue.
+    SkBitmap bitmap;
+    const bool success = GetResourceAsBitmap("invalid_images/int_overflow.ico", &bitmap);
+    REPORTER_ASSERT(r, !success);
+}