third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoder.cpp - Issue 2391073003: ICO: Skip checking declared entry bounds when file is completelly received.

Side by Side Diff: third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoder.cpp

Issue 2391073003: ICO: Skip checking declared entry bounds when file is completelly received. (Closed)

Patch Set: Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « third_party/WebKit/LayoutTests/fast/images/resources/bug653075.ico ('k') | third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoderTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (c) 2008, 2009, Google Inc. All rights reserved.	2 * Copyright (c) 2008, 2009, Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 113 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
124	124

125 size_t ICOImageDecoder::decodeFrameCount() {	125 size_t ICOImageDecoder::decodeFrameCount() {

126 decodeSize();	126 decodeSize();

127	127

128 // If decodeSize() fails, return the existing number of frames. This way	128 // If decodeSize() fails, return the existing number of frames. This way

129 // if we get halfway through the image before decoding fails, we won't	129 // if we get halfway through the image before decoding fails, we won't

130 // suddenly start reporting that the image has zero frames.	130 // suddenly start reporting that the image has zero frames.

131 if (failed())	131 if (failed())

132 return m_frameBufferCache.size();	132 return m_frameBufferCache.size();

133	133

	134 // Skip checking entries offset and byte size when file is fully received.

	135 // See crbug.com/653075.
	Peter Kasting 2016/10/05 19:03:27 Nit: I'd like this comment to say more about why w Nit: I'd like this comment to say more about why we're doing this rather than kicking to an external bug, so it's clear to a reader (it wasn't clear to me without looking around more). How about refactoring like this: // If the file is incomplete, return the length of the sequence of completely // received frames. We don't do this when the file is fully received, since // some ICOs have entries whose claimed offset + size extends past the end of // the file, and we still want to display these if they don't trigger decoding // failures elsewhere. if (!isAllDataReceived()) { for (size_t i = 0; i < m_dirEntries.size(); ++i) { const IconDirectoryEntry& dirEntry = m_dirEntries[i]; if ((dirEntry.m_imageOffset + dirEntry.m_byteSize) > m_data->size()) return i; } } return m_dirEntries.size();
	136 if (isAllDataReceived())

	137 return m_dirEntries.size();

	138

134 // Length of sequence of completely received frames.	139 // Length of sequence of completely received frames.

135 for (size_t i = 0; i < m_dirEntries.size(); ++i) {	140 for (size_t i = 0; i < m_dirEntries.size(); ++i) {

136 const IconDirectoryEntry& dirEntry = m_dirEntries[i];	141 const IconDirectoryEntry& dirEntry = m_dirEntries[i];

137 if ((dirEntry.m_imageOffset + dirEntry.m_byteSize) > m_data->size())	142 if ((dirEntry.m_imageOffset + dirEntry.m_byteSize) > m_data->size())

138 return i;	143 return i;

139 }	144 }

140 return m_dirEntries.size();	145 return m_dirEntries.size();

141 }	146 }

142	147

143 void ICOImageDecoder::setDataForPNGDecoderAtIndex(size_t index) {	148 void ICOImageDecoder::setDataForPNGDecoderAtIndex(size_t index) {

(...skipping 183 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
327 ASSERT_WITH_SECURITY_IMPLICATION(index < m_dirEntries.size());	332 ASSERT_WITH_SECURITY_IMPLICATION(index < m_dirEntries.size());

328 const uint32_t imageOffset = m_dirEntries[index].m_imageOffset;	333 const uint32_t imageOffset = m_dirEntries[index].m_imageOffset;

329 if ((imageOffset > m_data->size()) \|\| ((m_data->size() - imageOffset) < 4))	334 if ((imageOffset > m_data->size()) \|\| ((m_data->size() - imageOffset) < 4))

330 return Unknown;	335 return Unknown;

331 char buffer[4];	336 char buffer[4];

332 const char* data = m_fastReader.getConsecutiveData(imageOffset, 4, buffer);	337 const char* data = m_fastReader.getConsecutiveData(imageOffset, 4, buffer);

333 return strncmp(data, "\x89PNG", 4) ? BMP : PNG;	338 return strncmp(data, "\x89PNG", 4) ? BMP : PNG;

334 }	339 }

335	340

336 } // namespace blink	341 } // namespace blink

OLD	NEW