From 6a9c7b1dbdd4cfa36a006a8c7cf2effd3ffe862e Mon Sep 17 00:00:00 2001
From: djsollen <djsollen@google.com>
Date: Tue, 26 Aug 2014 11:35:14 -0700
Subject: Prevent malformed ICO files from recursively decoding

R=reed@google.com, scroggo@google.com

Author: djsollen@google.com

Review URL: https://codereview.chromium.org/511453002
---
 src/images/SkImageDecoder_libico.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src')

diff --git a/src/images/SkImageDecoder_libico.cpp b/src/images/SkImageDecoder_libico.cpp
index f75d80439f..7855546a2c 100644
--- a/src/images/SkImageDecoder_libico.cpp
+++ b/src/images/SkImageDecoder_libico.cpp
@@ -164,6 +164,10 @@ bool SkICOImageDecoder::onDecode(SkStream* stream, SkBitmap* bm, Mode mode)
         SkMemoryStream subStream(buf + offset, size, false);
         SkAutoTDelete<SkImageDecoder> otherDecoder(SkImageDecoder::Factory(&subStream));
         if (otherDecoder.get() != NULL) {
+            // Disallow nesting ICO files within one another
+            if (otherDecoder->getFormat() == SkImageDecoder::kICO_Format) {
+                return false;
+            }
             // Set fields on the other decoder to be the same as this one.
             this->copyFieldsToOther(otherDecoder.get());
             if(otherDecoder->decode(&subStream, bm, this->getDefaultPref(), mode)) {
-- 
cgit v1.2.3