third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoderTest.cpp - Issue 2754003008: Prevent crash in ICO caused by bad/truncated PNG

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoderTest.cpp

Issue 2754003008: Prevent crash in ICO caused by bad/truncated PNG (Closed)

Patch Set: No conditional with side effect Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoderTest.cpp

diff --git a/third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoderTest.cpp b/third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoderTest.cpp

index d0314edd8dd6c39093a942acebb183b9552f1978..ee02e3133d214bee944b9d1b4757a391c26e2e2b 100644

--- a/third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoderTest.cpp

+++ b/third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoderTest.cpp

@@ -21,8 +21,39 @@ std::unique_ptr<ImageDecoder> createDecoder() {

}

+TEST(ICOImageDecoderTests, errorInPngInIco) {

+ RefPtr<SharedBuffer> data =

+ readFile("/LayoutTests/images/resources/png-in-ico.ico");

+ ASSERT_FALSE(data->isEmpty());

+ // Modify the file to have a broken CRC in IHDR.

+ constexpr size_t crcOffset = 22 + 29;

+ constexpr size_t crcSize = 4;

+ RefPtr<SharedBuffer> modifiedData =

+ SharedBuffer::create(data->data(), crcOffset);

+ Vector<char> badCrc(crcSize, 0);

+ modifiedData->append(badCrc);

+ modifiedData->append(data->data() + crcOffset + crcSize,

+ data->size() - crcOffset - crcSize);

+ auto decoder = createDecoder();

+ decoder->setData(modifiedData.get(), true);

+ // ICOImageDecoder reports the frame count based on whether enough data has

+ // been received according to the icon directory. So even though the

+ // embedded PNG is broken, there is enough data to include it in the frame

+ // count.

+ EXPECT_EQ(1u, decoder->frameCount());

+ decoder->frameBufferAtIndex(0);

+ EXPECT_TRUE(decoder->failed());

TEST(ICOImageDecoderTests, parseAndDecodeByteByByte) {

testByteByByteDecode(&createDecoder,

+ "/LayoutTests/images/resources/png-in-ico.ico", 1u,

+ cAnimationNone);

+ testByteByByteDecode(&createDecoder,

"/LayoutTests/images/resources/2entries.ico", 2u,

cAnimationNone);

testByteByByteDecode(&createDecoder,

« no previous file with comments | « third_party/WebKit/Source/platform/image-decoders/ico/ICOImageDecoder.cpp ('k') | no next file » | no next file with comments »