| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
| |
Bug: oss-fuzz:6347
Change-Id: Iacf8c7a1677f2651e5c211cffb09eecb388a5f8a
Reviewed-on: https://skia-review.googlesource.com/109400
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Leon Scroggins <scroggo@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug: oss-fuzz:6274
Even if a frame does not have enough LZW blocks to decode all rows,
(which is unknown until we actually decode them), it is marked complete
once there are no more LZW blocks.
When decoding, even if we've decoded all LZW blocks, check fRowsDecoded
to determine whether we've actually all the rows. Report the number of
rows decoded so that SkCodec can fill in the remaining ones.
Change-Id: I1d6e0c29e3c37649725836cf24a4a239e3266b76
Reviewed-on: https://skia-review.googlesource.com/106964
Commit-Queue: Leon Scroggins <scroggo@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug: os-fuzz:6288
Negating it is undefined, so don't try.
Change-Id: I055520b8036dd8b355e744114717e08d76206bc1
Reviewed-on: https://skia-review.googlesource.com/107062
Reviewed-by: Mike Klein <mtklein@chromium.org>
Commit-Queue: Leon Scroggins <scroggo@google.com>
|
| |
|
|
|
|
|
|
| |
Bug: os-fuzz:6295
Change-Id: I0ea9a3c54d61d41f21f2e9b945ab83fa2beb00d8
Reviewed-on: https://skia-review.googlesource.com/107025
Reviewed-by: Mike Klein <mtklein@chromium.org>
Commit-Queue: Leon Scroggins <scroggo@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, if ReadHeader returned false, it deleted the input stream.
But there are a couple of cases where ReadHeader creates an SkCodec and
then returns false. The SkCodec deletes the stream, and then so does
NewFromStream.
Make sure that we do not double delete by only deleting if no SkCodec
was created.
Add a test, so such a double delete will be caught by the bots.
Bug: b/37623797
Change-Id: I787422c9af58f0b92ad9e9ef9ad87c54a12f5e31
Reviewed-on: https://skia-review.googlesource.com/23620
Reviewed-by: Derek Sollenberger <djsollen@google.com>
Commit-Queue: Leon Scroggins <scroggo@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
If the ICO reports that it has a large BMP file embedded, do not
crash if we attempt to allocate too much memory.
Bug: b/38116746
Change-Id: I70eb66f5e4ffc15587007b398bbe843665eae500
Reviewed-on: https://skia-review.googlesource.com/18447
Reviewed-by: Matt Sarett <msarett@google.com>
Commit-Queue: Leon Scroggins <scroggo@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
In this case, the fuzzer thinks there is a bug because we are
returning kInvalidConversion for a corrupt png file.
Bug: skia:6550
Change-Id: I33f588442f5eaa8a4d642e9328750779f9a9ef5d
Reviewed-on: https://skia-review.googlesource.com/14324
Commit-Queue: Matt Sarett <msarett@google.com>
Reviewed-by: Leon Scroggins <scroggo@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This limit matches the limit used by Chromium. I am not aware of any
real world BMPs that are larger than this (or even close to it), but
there are some invalid BMPs that are larger than this, leading to
crashes when we try to read a row.
BUG:34778578
BUG=skia:3617
Change-Id: I0f662e8d0d7bc0b084e86d0c9288b831e1b296d7
Reviewed-on: https://skia-review.googlesource.com/8966
Reviewed-by: Matt Sarett <msarett@google.com>
Commit-Queue: Leon Scroggins <scroggo@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Original Change Reviewed At:
https://skia-review.googlesource.com/c/7800
CQ_INCLUDE_TRYBOTS=skia.primary:Test-Ubuntu-Clang-GCE-CPU-AVX2-x86_64-Debug-MSAN
BUG=skia:6185
Change-Id: I1a7732832d37920545c1775d7c7c65b43ed810f9
Reviewed-on: https://skia-review.googlesource.com/8157
Reviewed-by: Matt Sarett <msarett@google.com>
Commit-Queue: Matt Sarett <msarett@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 604971e39a20392fd4c74a56bcdc187311cf86dc.
Reason for revert: Strange vk failures
Original change's description:
> Reland "Respect canvas size and frame offset in webp decoder"
>
> Original Change Reviewed At:
> https://skia-review.googlesource.com/c/7800
>
> CQ_INCLUDE_TRYBOTS=skia.primary:Test-Ubuntu-Clang-GCE-CPU-AVX2-x86_64-Debug-MSAN
>
> BUG=skia:6185
>
> Change-Id: I92baa9070e15ef3c62dd347c08c906c2715dda10
> Reviewed-on: https://skia-review.googlesource.com/8050
> Reviewed-by: Matt Sarett <msarett@google.com>
> Commit-Queue: Matt Sarett <msarett@google.com>
>
TBR=msarett@google.com,reviews@skia.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=skia:6185
CQ_INCLUDE_TRYBOTS=skia.primary:Test-Ubuntu-Clang-GCE-CPU-AVX2-x86_64-Debug-MSAN
Change-Id: Ice93b62c55ea13fce83140567be16225ff0e2fdb
Reviewed-on: https://skia-review.googlesource.com/8123
Commit-Queue: Matt Sarett <msarett@google.com>
Reviewed-by: Matt Sarett <msarett@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Original Change Reviewed At:
https://skia-review.googlesource.com/c/7800
CQ_INCLUDE_TRYBOTS=skia.primary:Test-Ubuntu-Clang-GCE-CPU-AVX2-x86_64-Debug-MSAN
BUG=skia:6185
Change-Id: I92baa9070e15ef3c62dd347c08c906c2715dda10
Reviewed-on: https://skia-review.googlesource.com/8050
Reviewed-by: Matt Sarett <msarett@google.com>
Commit-Queue: Matt Sarett <msarett@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 0f33970c8d950a68b7d83cc626ac0500953d6b15.
Reason for revert: msan complaint
Original change's description:
> Respect canvas size and frame offset in webp decoder
>
> BUG=skia:6185
>
> Change-Id: Id543cb689a5e33b800ebbc18f4a234e78a4c4298
> Reviewed-on: https://skia-review.googlesource.com/7800
> Commit-Queue: Matt Sarett <msarett@google.com>
> Reviewed-by: Leon Scroggins <scroggo@google.com>
>
TBR=borenet@google.com,msarett@google.com,scroggo@google.com,reviews@skia.org
# Not skipping CQ checks because original CL landed > 1 day ago.
BUG=skia:6185
Change-Id: Ie01dc7d7ebfebe36a235335d0d8cb28bccb2ecff
Reviewed-on: https://skia-review.googlesource.com/8046
Commit-Queue: Robert Phillips <robertphillips@google.com>
Reviewed-by: Robert Phillips <robertphillips@google.com>
|
| |
|
|
|
|
|
|
|
| |
BUG=skia:6185
Change-Id: Id543cb689a5e33b800ebbc18f4a234e78a4c4298
Reviewed-on: https://skia-review.googlesource.com/7800
Commit-Queue: Matt Sarett <msarett@google.com>
Reviewed-by: Leon Scroggins <scroggo@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An RLE bmp reports how many bytes it should contain. This number may be
incorrect, or it may be a very large number. Previously, we buffered
all bytes in a single allocation. Instead, use a fixed size buffer and
only read what fits into the buffer. We already have code to refill the
buffer if there is more data, so rely on that to keep reading.
Choose an arbitrary size for the buffer. It is larger than the maximum
possible number of bytes we need to read at once.
Add a test with a test image that reports a very large number for
the number of bytes it should contain. With the old method, we would
allocate 4 gigs of memory to decode this image, which is unnecessary
and may result in OOM.
BUG=b/33251605
Change-Id: I6d66eace626002725f62237617140cab99ce42f3
Reviewed-on: https://skia-review.googlesource.com/7028
Commit-Queue: Leon Scroggins <scroggo@google.com>
Reviewed-by: Matt Sarett <msarett@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In SkBmpCodec, if the header size does not match a known header,
stop trying to create an SkCodec. We do not know of any BMPs with
arbitrarily sized headers, so this should not cause any real
regressions.
In addition, this fixes a bug where we attempt to read too much data
from a file. Since we attempt to read the header size in one read,
and a size reported by the "BMP" may be larger than SSIZE_MAX, this
will crash when reading from a file.
Add a test.
BUG:b/33651913
Change-Id: I0f3292db3124dc5ac5cbdbc07196bda130a49ba7
Reviewed-on: https://skia-review.googlesource.com/6150
Commit-Queue: Leon Scroggins <scroggo@google.com>
Reviewed-by: Matt Sarett <msarett@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When clearing due to SkCodecAnimation::RestoreBGColor_DisposalMethod,
intersect the frameRect with the image size to prevent clearing outside
the bounds of the allocated memory.
Add a test image, created by the fuzzer.
BUG=skia:6046
Change-Id: I43676d28f82abf093ef801752f3a9e881580924c
Reviewed-on: https://skia-review.googlesource.com/5860
Commit-Queue: Leon Scroggins <scroggo@google.com>
Reviewed-by: Matt Sarett <msarett@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG:642462
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=4560
Change-Id: I22891ce1e0b3a1bedefc34dadd5cf34dfc301b79
Reviewed-on: https://skia-review.googlesource.com/4560
Reviewed-by: Leon Scroggins <scroggo@google.com>
Commit-Queue: Matt Sarett <msarett@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=skia:5887
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=3940
Change-Id: I9e3ed6153a73277896ac067ef73918a41a0546b8
Reviewed-on: https://skia-review.googlesource.com/3940
Reviewed-by: Leon Scroggins <scroggo@google.com>
Commit-Queue: Matt Sarett <msarett@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Original Commit Message:
"""
Avoid integer overflow in SkIcoCodec
Definitely good to avoid overflow here.
FWIW, this looks to be harmless for Android's current use.
They will just fail later on when trying to allocate the
bitmap.
BUG=skia:5857
"""
With the new test, ASAN also caught an integer overflow
bug in SkImageInfo. Fix this as well.
CQ_INCLUDE_TRYBOTS=master.client.skia:Test-Ubuntu-Clang-GCE-CPU-AVX2-x86_64-Debug-ASAN;master.client.skia.android:Test-Android-Clang-AndroidOne-CPU-MT6582-arm-Debug-GN_Android
BUG=skia:5857
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=3568
Change-Id: I0d777a547850474ea6cea87e36efa05434e33635
Reviewed-on: https://skia-review.googlesource.com/3568
Reviewed-by: Kevin Lubick <kjlubick@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 20cba06a4bc9bde60b2dc37907d11ca81ba35ce8.
Reason for revert: <INSERT REASONING HERE>
TBR=msarett@google.com,scroggo@google.com,kjlubick@google.com,reviews@skia.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Change-Id: Id8f48a90a7dc620f9c0ee2f419d14bae2b0c1e7e
Reviewed-on: https://skia-review.googlesource.com/3564
Commit-Queue: Matt Sarett <msarett@google.com>
Reviewed-by: Matt Sarett <msarett@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Definitely good to avoid overflow here.
FWIW, this looks to be harmless for Android's current use.
They will just fail later on when trying to allocate the
bitmap.
BUG=skia:5857
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=3527
Change-Id: Ia1fb7d864d21ecdb127a1dd1a72cab8375cb43fb
Reviewed-on: https://skia-review.googlesource.com/3527
Commit-Queue: Matt Sarett <msarett@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Leon Scroggins <scroggo@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://codereview.chromium.org/2243143002/ )
Reason for revert:
Nexus 9 and Nexus Player failures.
Original issue's description:
> Add regression test
>
> Original bug fix was in:
> https://codereview.chromium.org/2230163002
>
> BUG:636268
> GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2243143002
>
> Committed: https://skia.googlesource.com/skia/+/bcae9d3d15d34a59d279c34e187e6101975500c0
TBR=reed@google.com,gogil@stealien.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review-Url: https://codereview.chromium.org/2243403003
|
| |
|
|
|
|
|
|
|
|
| |
Original bug fix was in:
https://codereview.chromium.org/2230163002
BUG:636268
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2243143002
Review-Url: https://codereview.chromium.org/2243143002
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Chromium's test suite contains an RLE image that reports a certain
file size in the header, but then contains additional encoded data.
Our bmp decoder would only decode half of the image, before stopping.
With this fix, we check for additional data before returning
kIncompleteInput.
If this lands, I will upload the test image to the bots.
Also adding an invalid image test to CodexTest.
BUG=skia:
Review URL: https://codereview.chromium.org/1273853004
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DEPS:
Update to pull v0.4.3 of libwebp from upstream
gyp/libwebp.gyp:
Add new files, as referenced by the gyp file used by Chromium.
resource/tests:
Add regression tests for particular images.
BUG=skia:3442
BUG=skia:3315
BUG=skia:3429
Committed: https://skia.googlesource.com/skia/+/3aa0fb4d80c76b559ff4b82d5e569993aea06da1
Review URL: https://codereview.chromium.org/1178013008
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of https://codereview.chromium.org/1178013008/)
Reason for revert:
Breaking the build e.g. http://build.chromium.org/p/client.skia/builders/Perf-Mac10.8-Clang-MacMini4.1-GPU-GeForce320M-x86_64-Release/builds/1082/steps/build%20nanobench/logs/stdio
../../../third_party/externals/libwebp/src/utils/./endian_inl.h:51:10: error: use of unknown builtin '__builtin_bswap16' [-Wimplicit-function-declaration]
return __builtin_bswap16(x);
^
1 error generated.
Original issue's description:
> Use the upstream version of libwebp, v0.4.3.
>
> DEPS:
> Update to pull v0.4.3 of libwebp from upstream
>
> gyp/libwebp.gyp:
> Add new files, as referenced by the gyp file used by Chromium.
>
> resource/tests:
> Add regression tests for particular images.
>
> BUG=skia:3442
> BUG=skia:3315
> BUG=skia:3429
>
> Committed: https://skia.googlesource.com/skia/+/3aa0fb4d80c76b559ff4b82d5e569993aea06da1
TBR=djsollen@google.com,jzern@chromium.org,msarett@google.com,emmaleer@google.com,scroggo@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=skia:3442
Review URL: https://codereview.chromium.org/1223583004
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DEPS:
Update to pull v0.4.3 of libwebp from upstream
gyp/libwebp.gyp:
Add new files, as referenced by the gyp file used by Chromium.
resource/tests:
Add regression tests for particular images.
BUG=skia:3442
BUG=skia:3315
BUG=skia:3429
Review URL: https://codereview.chromium.org/1178013008
|
| |
|
|
|
|
|
|
| |
BUG=skia:3401
BUG=skia:3426
BUG=skia:3441
Review URL: https://codereview.chromium.org/996173005
|
|
|
We previously saw crashes decoding bad ICO files. Add tests for
known bad files.
While testing, I learned that one of them still crashes. Check for
large offset and size separately to fix the crash.
BUG=skia:2878
Review URL: https://codereview.chromium.org/712123002
|
Leon Scroggins III
Matt Sarett
Robert Phillips
scroggo