Merge cherrypicks of [2331043, 2330986, 2331024, 2331025, 2330859, 2330970, 2331044, 2330893, 2330950, 2330951, 2330940, 2331045, 2330954, 2330799, 2330987, 2331004, 2331061, 2331005, 2331047, 2330955, 2331030, 2331031, 2331101, 2330972, 2330956, 2331032, 2331006, 2330894, 2331063, 2331064, 2330895, 2331048, 2331102, 2331035, 2331007, 2331083, 2331103, 2331104, 2330897, 2331084, 2331067, 2331009, 2331010, 2330898, 2330989, 2331105, 2330899, 2331011, 2331069, 2330990, 2331121, 2331122, 2331086] into nyc-mr2-security-a-release
Change-Id: I3bfaa598e002641f9bdefd2de8bba04a09d3d203
diff --git a/resources/invalid_images/b34778578.bmp b/resources/invalid_images/b34778578.bmp
new file mode 100644
index 0000000..4a08a61
--- /dev/null
+++ b/resources/invalid_images/b34778578.bmp
Binary files differ
diff --git a/src/codec/SkBmpCodec.cpp b/src/codec/SkBmpCodec.cpp
index 5274ec4..7eb1baf 100644
--- a/src/codec/SkBmpCodec.cpp
+++ b/src/codec/SkBmpCodec.cpp
@@ -269,9 +269,10 @@
if (inIco) {
height /= 2;
}
- if (width <= 0 || height <= 0) {
- // TODO: Decide if we want to disable really large bmps as well.
- // https://code.google.com/p/skia/issues/detail?id=3617
+
+ // Arbitrary maximum. Matches Chromium.
+ constexpr int kMaxDim = 1 << 16;
+ if (width <= 0 || height <= 0 || width >= kMaxDim || height >= kMaxDim) {
SkCodecPrintf("Error: invalid bitmap dimensions.\n");
return false;
}
diff --git a/tests/CodexTest.cpp b/tests/CodexTest.cpp
index ead6795..342c369 100644
--- a/tests/CodexTest.cpp
+++ b/tests/CodexTest.cpp
@@ -13,6 +13,7 @@
#include "SkData.h"
#include "SkFrontBufferedStream.h"
#include "SkMD5.h"
+#include "SkOSFile.h"
#include "SkRandom.h"
#include "SkStream.h"
#include "SkStreamPriv.h"
@@ -20,6 +21,7 @@
#include "Test.h"
#include "png.h"
+#include <initializer_list>
static SkStreamAsset* resource(const char path[]) {
SkString fullPath = GetResourcePath(path);
@@ -1004,6 +1006,21 @@
REPORTER_ASSERT(r, SkCodec::kSuccess == result);
}
+DEF_TEST(Codec_InvalidBmp, r) {
+ // These files report values that have caused problems with SkFILEStreams.
+ // They are invalid, and should not create SkCodecs.
+ for (auto* bmp : { "b34778578.bmp" } ) {
+ SkString path = SkOSPath::Join("invalid_images", bmp);
+ path = GetResourcePath(path.c_str());
+ SkAutoTDelete<SkFILEStream> stream(new SkFILEStream(path.c_str()));
+ if (!stream->isValid()) {
+ return;
+ }
+ SkAutoTDelete<SkCodec> codec(SkCodec::NewFromStream(stream.release()));
+ REPORTER_ASSERT(r, !codec);
+ }
+}
+
DEF_TEST(Codec_InvalidRLEBmp, r) {
auto* stream = GetResourceAsStream("invalid_images/b33251605.bmp");
if (!stream) {