Merge cherrypicks of [2606653, 2606627, 2606628, 2606654, 2606629, 2606656, 2606890, 2606657, 2606891, 2606658, 2606892, 2606660, 2606661, 2606662, 2606663, 2606893, 2606894, 2606666, 2606667, 2606668, 2606896, 2606898, 2606899, 2606900, 2606901, 2606669, 2606902, 2606904, 2606930, 2606931, 2606906, 2606907, 2606908, 2606970, 2606933, 2606934, 2606935, 2606936, 2606972, 2606973, 2606974, 2606937, 2606976, 2606977] into nyc-mr1-security-a-release
Change-Id: Ide976e3ca4ebcd8ebf307f0f5cc97dadbdea1dc0
diff --git a/resources/invalid_images/b38116746.ico b/resources/invalid_images/b38116746.ico
new file mode 100644
index 0000000..35ee5b5
--- /dev/null
+++ b/resources/invalid_images/b38116746.ico
Binary files differ
diff --git a/src/codec/SkIcoCodec.cpp b/src/codec/SkIcoCodec.cpp
index dc4222a..8b3d26d 100644
--- a/src/codec/SkIcoCodec.cpp
+++ b/src/codec/SkIcoCodec.cpp
@@ -14,6 +14,7 @@
#include "SkStream.h"
#include "SkTDArray.h"
#include "SkTSort.h"
+#include "../private/SkTemplates.h"
/*
* Checks the start of the stream to see if the image is an Ico or Cur
@@ -128,12 +129,18 @@
bytesRead = offset;
// Create a new stream for the embedded codec
- SkAutoTUnref<SkData> data(
- SkData::NewFromStream(inputStream.get(), size));
- if (nullptr == data.get()) {
+ SkAutoFree buffer(sk_malloc_flags(size, 0));
+ if (!buffer.get()) {
+ SkCodecPrintf("Warning: OOM trying to create embedded stream.\n");
+ break;
+ }
+
+ if (inputStream->read(buffer.get(), size) != size) {
SkCodecPrintf("Warning: could not create embedded stream.\n");
break;
}
+
+ SkAutoTUnref<SkData> data(SkData::NewFromMalloc(buffer.detach(), size));
SkAutoTDelete<SkMemoryStream> embeddedStream(new SkMemoryStream(data.get()));
bytesRead += size;
diff --git a/tests/BadIcoTest.cpp b/tests/BadIcoTest.cpp
index c387e15..f6b1c46 100644
--- a/tests/BadIcoTest.cpp
+++ b/tests/BadIcoTest.cpp
@@ -22,6 +22,7 @@
"ico_fuzz1.ico",
"skbug3442.webp",
"skbug3429.webp",
+ "b38116746.ico",
};
const char* badImagesFolder = "invalid_images";
