Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(147)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoder.cpp

Issue 2391073003: ICO: Skip checking declared entry bounds when file is completelly received. (Closed)
Patch Set: ico used in test was valid, replacing. Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/fast/images/resources/bug653075.ico ('k') | third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoderTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (c) 2008, 2009, Google Inc. All rights reserved. 2 * Copyright (c) 2008, 2009, Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after
124 124
125 size_t ICOImageDecoder::decodeFrameCount() { 125 size_t ICOImageDecoder::decodeFrameCount() {
126 decodeSize(); 126 decodeSize();
127 127
128 // If decodeSize() fails, return the existing number of frames. This way 128 // If decodeSize() fails, return the existing number of frames. This way
129 // if we get halfway through the image before decoding fails, we won't 129 // if we get halfway through the image before decoding fails, we won't
130 // suddenly start reporting that the image has zero frames. 130 // suddenly start reporting that the image has zero frames.
131 if (failed()) 131 if (failed())
132 return m_frameBufferCache.size(); 132 return m_frameBufferCache.size();
133 133
134 // Length of sequence of completely received frames. 134 // If the file is incomplete, return the length of the sequence of completely
135 for (size_t i = 0; i < m_dirEntries.size(); ++i) { 135 // received frames. We don't do this when the file is fully received, since
136 const IconDirectoryEntry& dirEntry = m_dirEntries[i]; 136 // some ICOs have entries whose claimed offset + size extends past the end of
137 if ((dirEntry.m_imageOffset + dirEntry.m_byteSize) > m_data->size()) 137 // the file, and we still want to display these if they don't trigger decoding
138 return i; 138 // failures elsewhere.
139 if (!isAllDataReceived()) {
140 for (size_t i = 0; i < m_dirEntries.size(); ++i) {
141 const IconDirectoryEntry& dirEntry = m_dirEntries[i];
142 if ((dirEntry.m_imageOffset + dirEntry.m_byteSize) > m_data->size())
143 return i;
144 }
139 } 145 }
140 return m_dirEntries.size(); 146 return m_dirEntries.size();
141 } 147 }
142 148
143 void ICOImageDecoder::setDataForPNGDecoderAtIndex(size_t index) { 149 void ICOImageDecoder::setDataForPNGDecoderAtIndex(size_t index) {
144 if (!m_pngDecoders[index]) 150 if (!m_pngDecoders[index])
145 return; 151 return;
146 152
147 m_pngDecoders[index]->setData(m_data.get(), isAllDataReceived()); 153 m_pngDecoders[index]->setData(m_data.get(), isAllDataReceived());
148 } 154 }
(...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after
327 ASSERT_WITH_SECURITY_IMPLICATION(index < m_dirEntries.size()); 333 ASSERT_WITH_SECURITY_IMPLICATION(index < m_dirEntries.size());
328 const uint32_t imageOffset = m_dirEntries[index].m_imageOffset; 334 const uint32_t imageOffset = m_dirEntries[index].m_imageOffset;
329 if ((imageOffset > m_data->size()) || ((m_data->size() - imageOffset) < 4)) 335 if ((imageOffset > m_data->size()) || ((m_data->size() - imageOffset) < 4))
330 return Unknown; 336 return Unknown;
331 char buffer[4]; 337 char buffer[4];
332 const char* data = m_fastReader.getConsecutiveData(imageOffset, 4, buffer); 338 const char* data = m_fastReader.getConsecutiveData(imageOffset, 4, buffer);
333 return strncmp(data, "\x89PNG", 4) ? BMP : PNG; 339 return strncmp(data, "\x89PNG", 4) ? BMP : PNG;
334 } 340 }
335 341
336 } // namespace blink 342 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/fast/images/resources/bug653075.ico ('k') | third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoderTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698