third_party/WebKit/Source/platform/image-decoders/bmp/BMPImageDecoderTest.cpp - Issue 2248383002: Fix integer overflow (-INT_MIN) in blink::BMPImageReader::readInfoHeader

Side by Side Diff: third_party/WebKit/Source/platform/image-decoders/bmp/BMPImageDecoderTest.cpp

Issue 2248383002: Fix integer overflow (-INT_MIN) in blink::BMPImageReader::readInfoHeader (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: #5 fix Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "platform/image-decoders/bmp/BMPImageDecoder.h"	5 #include "platform/image-decoders/bmp/BMPImageDecoder.h"

6	6

7 #include "platform/SharedBuffer.h"	7 #include "platform/SharedBuffer.h"

8 #include "platform/image-decoders/ImageDecoderTestHelpers.h"	8 #include "platform/image-decoders/ImageDecoderTestHelpers.h"

9 #include "testing/gtest/include/gtest/gtest.h"	9 #include "testing/gtest/include/gtest/gtest.h"

10 #include "wtf/PtrUtil.h"	10 #include "wtf/PtrUtil.h"

(...skipping 49 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
60	60

61 std::unique_ptr<ImageDecoder> decoder = createDecoder();	61 std::unique_ptr<ImageDecoder> decoder = createDecoder();

62 decoder->setData(data.get(), true);	62 decoder->setData(data.get(), true);

63	63

64 ImageFrame* frame = decoder->frameBufferAtIndex(0);	64 ImageFrame* frame = decoder->frameBufferAtIndex(0);

65 ASSERT_TRUE(frame);	65 ASSERT_TRUE(frame);

66 EXPECT_EQ(ImageFrame::FrameEmpty, frame->getStatus());	66 EXPECT_EQ(ImageFrame::FrameEmpty, frame->getStatus());

67 EXPECT_TRUE(decoder->failed());	67 EXPECT_TRUE(decoder->failed());

68 }	68 }

69	69

	70 TEST(BMPImageDecoderTest, negativeHeight)

	71 {

	72 // Raw data for a BMP file with 1x1 white pixels and negative height.

	73 const unsigned char whiteBMP[] = {
	Peter Kasting 2016/08/19 08:42:51 Why not just check these in as actual files in Lay Why not just check these in as actual files in LayoutTests/fast/images/resources/? Also why do we need to run the whiteBMP test at all? I'm not worried about testing that a BMP with a negative height decodes correctly (as that's the normal case and we already have test files that do that), and it's easier to read a testcase that's focused on testing just one thing: the int32_min handling. aleksandar.stojiljkovic 2016/08/19 09:33:04 No problem. I saw the approach used in DeferredIma Show quoted text On 2016/08/19 08:42:51, Peter Kasting wrote: > Why not just check these in as actual files in > LayoutTests/fast/images/resources/? > > Also why do we need to run the whiteBMP test at all? I'm not worried about > testing that a BMP with a negative height decodes correctly (as that's the > normal case and we already have test files that do that), and it's easier to > read a testcase that's focused on testing just one thing: the int32_min > handling. No problem. I saw the approach used in DeferredImageDecoderTest and assumed it is fine. Done. I'm testing 0x-1 because I didn't find a bmp with negative height in LayoutTests/fast/images/resources/ neither I saw such test contributed to code when bmp decoder was added. Probably there is a test for it, I just didn't find it - if you know there is one, I will just remove the test. Thanks.
	74 0x42, 0x4d, 0x7e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	75 0x7a, 0x00, 0x00, 0x00, 0x6c, 0x00, 0x00, 0x00, 0x01, 0x00,

	76 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0x01, 0x00, 0x18, 0x00,

	77 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x13, 0x0b,

	78 0x00, 0x00, 0x13, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	79 0x00, 0x00, 0x00, 0x00, 0x42, 0x47, 0x52, 0x73, 0x00, 0x00,

	80 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	81 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	82 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	83 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	84 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,

	85 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	86 0x00, 0x00, 0xff, 0xff, 0xff, 0xa0,

	87 };

	88

	89 // Raw data for an invalid BMP file with 1xINT32_MIN size.

	90 const unsigned char whiteBMPWithInt32MinHeight[] = {

	91 0x42, 0x4d, 0x7e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	92 0x7a, 0x00, 0x00, 0x00, 0x6c, 0x00, 0x00, 0x00, 0x01, 0x00,

	93 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x01, 0x00, 0x18, 0x00,

	94 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x13, 0x0b,

	95 0x00, 0x00, 0x13, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	96 0x00, 0x00, 0x00, 0x00, 0x42, 0x47, 0x52, 0x73, 0x00, 0x00,

	97 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	98 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	99 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	100 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	101 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,

	102 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

	103 0x00, 0x00, 0xff, 0xff, 0xff, 0xa0,

	104 };

	105

	106 // Test when not all data is received.

	107 RefPtr<SharedBuffer> data = SharedBuffer::create(whiteBMP, sizeof(whiteBMP) - 1);

	108 std::unique_ptr<ImageDecoder> decoder = createDecoder();

	109 decoder->setData(data.get(), false);

	110 EXPECT_TRUE(decoder->isSizeAvailable());

	111 EXPECT_EQ(1, decoder->size().width());

	112 EXPECT_EQ(1, decoder->size().height());

	113 EXPECT_FALSE(decoder->failed());

	114

	115 // Test if INT32_MIN causes error.

	116 data = SharedBuffer::create(whiteBMPWithInt32MinHeight, sizeof(whiteBMPWithI nt32MinHeight) - 1);

	117 decoder = createDecoder();

	118 decoder->setData(data.get(), false);

	119 EXPECT_FALSE(decoder->isSizeAvailable());

	120 EXPECT_TRUE(decoder->failed());

	121 }

	122

70 // This test verifies that calling SharedBuffer::mergeSegmentsIntoBuffer() does	123 // This test verifies that calling SharedBuffer::mergeSegmentsIntoBuffer() does

71 // not break BMP decoding at a critical point: in between a call to decode the	124 // not break BMP decoding at a critical point: in between a call to decode the

72 // size (when BMPImageDecoder stops while it may still have input data to	125 // size (when BMPImageDecoder stops while it may still have input data to

73 // read) and a call to do a full decode.	126 // read) and a call to do a full decode.

74 TEST(BMPImageDecoderTest, mergeBuffer)	127 TEST(BMPImageDecoderTest, mergeBuffer)

75 {	128 {

76 const char* bmpFile = "/LayoutTests/fast/images/resources/lenna.bmp";	129 const char* bmpFile = "/LayoutTests/fast/images/resources/lenna.bmp";

77 testMergeBuffer(&createDecoder, bmpFile);	130 testMergeBuffer(&createDecoder, bmpFile);

78 }	131 }

79	132

80 } // namespace blink	133 } // namespace blink

OLD	NEW

« no previous file with comments | « no previous file | third_party/WebKit/Source/platform/image-decoders/bmp/BMPImageReader.cpp » ('j') | no next file with comments »