ICO: Skip checking declared entry bounds when file is completelly received.

third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoder.cpp

Index: third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoder.cpp
diff --git a/third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoder.cpp b/third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoder.cpp
index 96011a494b66d24a3969a23cce41b6059af0f494..5e629e2a0edaf2fa668eafc07f0dae82f6295d0b 100644
--- a/third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoder.cpp
+++ b/third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoder.cpp
@@ -131,11 +131,17 @@ size_t ICOImageDecoder::decodeFrameCount() {
   if (failed())
     return m_frameBufferCache.size();
 
-  // Length of sequence of completely received frames.
-  for (size_t i = 0; i < m_dirEntries.size(); ++i) {
-    const IconDirectoryEntry& dirEntry = m_dirEntries[i];
-    if ((dirEntry.m_imageOffset + dirEntry.m_byteSize) > m_data->size())
-      return i;
+  // If the file is incomplete, return the length of the sequence of completely
+  // received frames.  We don't do this when the file is fully received, since
+  // some ICOs have entries whose claimed offset + size extends past the end of
+  // the file, and we still want to display these if they don't trigger decoding
+  // failures elsewhere.
+  if (!isAllDataReceived()) {
+    for (size_t i = 0; i < m_dirEntries.size(); ++i) {
+      const IconDirectoryEntry& dirEntry = m_dirEntries[i];
+      if ((dirEntry.m_imageOffset + dirEntry.m_byteSize) > m_data->size())
+        return i;
+    }
   }
   return m_dirEntries.size();
 }