third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoderTest.cpp - Issue 2754003008: Prevent crash in ICO caused by bad/truncated PNG

Side by Side Diff: third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoderTest.cpp

Issue 2754003008: Prevent crash in ICO caused by bad/truncated PNG (Closed)

Patch Set: Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoder.cpp ('K') | « third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoder.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "platform/image-decoders/ico/ICOImageDecoder.h"	5 #include "platform/image-decoders/ico/ICOImageDecoder.h"

6	6

7 #include "platform/image-decoders/ImageDecoderTestHelpers.h"	7 #include "platform/image-decoders/ImageDecoderTestHelpers.h"

8 #include "testing/gtest/include/gtest/gtest.h"	8 #include "testing/gtest/include/gtest/gtest.h"

9 #include "wtf/PtrUtil.h"	9 #include "wtf/PtrUtil.h"

10 #include <memory>	10 #include <memory>

11	11

12 namespace blink {	12 namespace blink {

13	13

14 namespace {	14 namespace {

15	15

16 std::unique_ptr<ImageDecoder> createDecoder() {	16 std::unique_ptr<ImageDecoder> createDecoder() {

17 return WTF::wrapUnique(	17 return WTF::wrapUnique(

18 new ICOImageDecoder(ImageDecoder::AlphaNotPremultiplied,	18 new ICOImageDecoder(ImageDecoder::AlphaNotPremultiplied,

19 ColorBehavior::transformToTargetForTesting(),	19 ColorBehavior::transformToTargetForTesting(),

20 ImageDecoder::noDecodedImageByteLimit));	20 ImageDecoder::noDecodedImageByteLimit));

21 }	21 }

22 }	22 }

23	23

	24 TEST(ICOImageDecoderTests, errorInPngInIco) {

	25 auto data = readFile("/LayoutTests/images/resources/png-in-ico.ico");
	Peter Kasting 2017/03/17 21:37:05 I don't think auto is right here, since readFile() I don't think auto is right here, since readFile() returns a PassRefPtr, which we need to store in a RefPtr explicitly? Also, in this case (not the one below), "auto" is just unclear, since readFile()'s name does not clearly indicate what kind of a type it's returning. scroggo_chromium 2017/03/20 13:26:42 Done. Show quoted text On 2017/03/17 21:37:05, Peter Kasting wrote: > I don't think auto is right here, since readFile() returns a PassRefPtr, which > we need to store in a RefPtr explicitly? > > Also, in this case (not the one below), "auto" is just unclear, since > readFile()'s name does not clearly indicate what kind of a type it's returning. Done.
	26 ASSERT_FALSE(data->isEmpty());

	27

	28 // Modify the file to have a broken CRC in IHDR.

	29 constexpr size_t crcOffset = 22u + 29u;
	Peter Kasting 2017/03/17 21:37:05 Nit: 'u' unnecessary on next two lines (only neede Nit: 'u' unnecessary on next two lines (only needed in ASSERT/EXPECT due to template matching confusion) scroggo_chromium 2017/03/20 13:26:42 Done. Show quoted text On 2017/03/17 21:37:05, Peter Kasting wrote: > Nit: 'u' unnecessary on next two lines (only needed in ASSERT/EXPECT due to > template matching confusion) Done.
	30 constexpr size_t crcSize = 4u;

	31 auto modifiedData = SharedBuffer::create(data->data(), crcOffset);
	Peter Kasting 2017/03/17 21:37:05 Similar concern with auto. Similar concern with auto. scroggo_chromium 2017/03/20 13:26:42 Done. Show quoted text On 2017/03/17 21:37:05, Peter Kasting wrote: > Similar concern with auto. Done.
	32 char badCrc[crcSize];

	33 memset(badCrc, 0, crcSize);
	Peter Kasting 2017/03/17 21:37:05 Nit: Or just replace these two lines with a Vector Nit: Or just replace these two lines with a Vector<char> and pass that scroggo_chromium 2017/03/20 13:26:42 Done. Show quoted text On 2017/03/17 21:37:05, Peter Kasting wrote: > Nit: Or just replace these two lines with a Vector<char> and pass that Done.
	34 modifiedData->append(badCrc, crcSize);

	35 modifiedData->append(data->data() + crcOffset + crcSize,

	36 data->size() - crcOffset - crcSize);

	37 ASSERT_EQ(data->size(), modifiedData->size());
	Peter Kasting 2017/03/17 21:37:05 Nit: Seems like all these ASSERTs can be EXPECTs Nit: Seems like all these ASSERTs can be EXPECTs scroggo_chromium 2017/03/20 13:26:43 This one is just to verify that I've created a Sha Show quoted text On 2017/03/17 21:37:05, Peter Kasting wrote: > Nit: Seems like all these ASSERTs can be EXPECTs This one is just to verify that I've created a SharedBuffer of the right size. If I didn't, that would be a clue that I created it incorrectly, so no need to continue. OTOH, this shouldn't change, and maybe there's no need for this ASSERT. I have changed the others.
	38

	39 auto decoder = createDecoder();

	40 decoder->setData(modifiedData.get(), true);

	41

	42 // ICOImageDecoder reports the frame count based on whether enough data has

	43 // been received according to the icon directory. So even though the

	44 // embedded PNG is broken, there is enough data to include it in the frame

	45 // count.

	46 const size_t frameCount = decoder->frameCount();
	Peter Kasting 2017/03/17 21:37:06 Nit: Can just inline this Nit: Can just inline this scroggo_chromium 2017/03/20 13:26:42 Done. Show quoted text On 2017/03/17 21:37:06, Peter Kasting wrote: > Nit: Can just inline this Done.
	47 ASSERT_EQ(1u, frameCount);

	48

	49 decoder->frameBufferAtIndex(0);

	50 ASSERT_TRUE(decoder->failed());

	51 }

	52

24 TEST(ICOImageDecoderTests, parseAndDecodeByteByByte) {	53 TEST(ICOImageDecoderTests, parseAndDecodeByteByByte) {

25 testByteByByteDecode(&createDecoder,	54 testByteByByteDecode(&createDecoder,

	55 "/LayoutTests/images/resources/png-in-ico.ico", 1u,

	56 cAnimationNone);

	57 testByteByByteDecode(&createDecoder,

26 "/LayoutTests/images/resources/2entries.ico", 2u,	58 "/LayoutTests/images/resources/2entries.ico", 2u,

27 cAnimationNone);	59 cAnimationNone);

28 testByteByByteDecode(&createDecoder,	60 testByteByByteDecode(&createDecoder,

29 "/LayoutTests/images/resources/greenbox-3frames.cur", 3u,	61 "/LayoutTests/images/resources/greenbox-3frames.cur", 3u,

30 cAnimationNone);	62 cAnimationNone);

31 testByteByByteDecode(	63 testByteByByteDecode(

32 &createDecoder,	64 &createDecoder,

33 "/LayoutTests/images/resources/icon-without-and-bitmap.ico", 1u,	65 "/LayoutTests/images/resources/icon-without-and-bitmap.ico", 1u,

34 cAnimationNone);	66 cAnimationNone);

35 testByteByByteDecode(&createDecoder, "/LayoutTests/images/resources/1bit.ico",	67 testByteByByteDecode(&createDecoder, "/LayoutTests/images/resources/1bit.ico",

36 1u, cAnimationNone);	68 1u, cAnimationNone);

37 testByteByByteDecode(&createDecoder,	69 testByteByByteDecode(&createDecoder,

38 "/LayoutTests/images/resources/bug653075.ico", 2u,	70 "/LayoutTests/images/resources/bug653075.ico", 2u,

39 cAnimationNone);	71 cAnimationNone);

40 }	72 }

41	73

42 } // namespace blink	74 } // namespace blink

OLD	NEW