diff options
| -rw-r--r-- | include/core/SkImageInfo.h | 8 | ||||
| -rw-r--r-- | resources/invalid_images/int_overflow.ico | bin | 0 -> 323 bytes | |||
| -rw-r--r-- | src/codec/SkIcoCodec.cpp | 9 | ||||
| -rw-r--r-- | tests/CodecTest.cpp | 7 |
4 files changed, 18 insertions, 6 deletions
diff --git a/include/core/SkImageInfo.h b/include/core/SkImageInfo.h index cf50acacae..8498f583fa 100644 --- a/include/core/SkImageInfo.h +++ b/include/core/SkImageInfo.h @@ -277,7 +277,11 @@ public: } size_t minRowBytes() const { - return (size_t)this->minRowBytes64(); + uint64_t minRowBytes = this->minRowBytes64(); + if (!sk_64_isS32(minRowBytes)) { + return 0; + } + return sk_64_asS32(minRowBytes); } size_t computeOffset(int x, int y, size_t rowBytes) const { @@ -302,7 +306,7 @@ public: if (0 == fHeight) { return 0; } - return sk_64_mul(fHeight - 1, rowBytes) + fWidth * this->bytesPerPixel(); + return sk_64_mul(fHeight - 1, rowBytes) + sk_64_mul(fWidth, this->bytesPerPixel()); } size_t getSafeSize(size_t rowBytes) const { diff --git a/resources/invalid_images/int_overflow.ico b/resources/invalid_images/int_overflow.ico Binary files differnew file mode 100644 index 0000000000..ba675666b6 --- /dev/null +++ b/resources/invalid_images/int_overflow.ico diff --git a/src/codec/SkIcoCodec.cpp b/src/codec/SkIcoCodec.cpp index 63b72c4039..d01904dc1b 100644 --- a/src/codec/SkIcoCodec.cpp +++ b/src/codec/SkIcoCodec.cpp @@ -157,11 +157,12 @@ SkCodec* SkIcoCodec::NewFromStream(SkStream* stream) { } // Use the largest codec as a "suggestion" for image info - uint32_t maxSize = 0; - uint32_t maxIndex = 0; - for (int32_t i = 0; i < codecs->count(); i++) { + size_t maxSize = 0; + int maxIndex = 0; + for (int i = 0; i < codecs->count(); i++) { SkImageInfo info = codecs->operator[](i)->getInfo(); - uint32_t size = info.width() * info.height(); + size_t size = info.getSafeSize(info.minRowBytes()); + if (size > maxSize) { maxSize = size; maxIndex = i; diff --git a/tests/CodecTest.cpp b/tests/CodecTest.cpp index 4d18c61860..a6058a9c35 100644 --- a/tests/CodecTest.cpp +++ b/tests/CodecTest.cpp @@ -1362,3 +1362,10 @@ DEF_TEST(Codec_rowsDecoded, r) { REPORTER_ASSERT(r, result == SkCodec::kIncompleteInput); REPORTER_ASSERT(r, rowsDecoded == 0); } + +DEF_TEST(Codec_IcoIntOverflow, r) { + // ASAN will complain if there is an issue. + SkBitmap bitmap; + const bool success = GetResourceAsBitmap("invalid_images/int_overflow.ico", &bitmap); + REPORTER_ASSERT(r, !success); +} |