aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordjsollen <djsollen@google.com>2014-08-26 11:35:14 -0700
committerBrint E. Kriebel <bekit@cyngn.com>2014-11-18 15:45:03 -0800
commit718ef54f748fd12d9b3672e2ff3840370df3df1e (patch)
tree5204073220a6f20c4b9bac67c04594cb516c433b
parentfa7f4a711e9656bb6f34293c6dd503e40d1b7f86 (diff)
downloadandroid_external_skia-stable/cm-11.0-XNG3C.tar.gz
android_external_skia-stable/cm-11.0-XNG3C.tar.bz2
android_external_skia-stable/cm-11.0-XNG3C.zip
Prevent malformed ICO files from recursively decodingstable/cm-11.0-XNG3Cstable/cm-11.0-XNG2S
R=reed@google.com, scroggo@google.com Author: djsollen@google.com Review URL: https://codereview.chromium.org/511453002 bug:17265466,17262540 Change-Id: I128b54c74d75b7afca20e47e6650c500278c5adc
Diffstat
-rw-r--r--src/images/SkImageDecoder_libico.cpp4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/images/SkImageDecoder_libico.cpp b/src/images/SkImageDecoder_libico.cpp
index 542f53d945..a7a6f14b13 100644
--- a/src/images/SkImageDecoder_libico.cpp
+++ b/src/images/SkImageDecoder_libico.cpp
@@ -160,6 +160,10 @@ bool SkICOImageDecoder::onDecode(SkStream* stream, SkBitmap* bm, Mode mode)
SkMemoryStream subStream(buf + offset, size, false);
SkAutoTDelete<SkImageDecoder> otherDecoder(SkImageDecoder::Factory(&subStream));
if (otherDecoder.get() != NULL) {
+ // Disallow nesting ICO files within one another
+ if (otherDecoder->getFormat() == SkImageDecoder::kICO_Format) {
+ return false;
+ }
// Set fields on the other decoder to be the same as this one.
this->copyFieldsToOther(otherDecoder.get());
if(otherDecoder->decode(&subStream, bm, this->getDefaultPref(), mode)) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 00:56:18 +0000