Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(293)

Issue 996173005: Ico security issues fix (Closed)

Created:
5 years, 9 months ago by msarett
Modified:
5 years, 9 months ago
Reviewers:
scroggo, hcm
CC:
reviews_skia.org
Base URL:
https://skia.googlesource.com/skia.git@master
Target Ref:
refs/heads/master
Project:
skia
Visibility:
Public.

Description

Patch Set 1 #

Patch Set 2 : Security fix for Ico #

Patch Set 3 : Security fix for Ico #

Total comments: 7

Patch Set 4 : Added new tests and improved checks #

Total comments: 14

Patch Set 5 : Fixed debug block #

Patch Set 6 : Fixed casting #

Patch Set 7 : actually fixed it this time #

Unified diffs Side-by-side diffs Delta from patch set Stats (+74 lines, -2 lines) Patch
A resources/invalid_images/ico_fuzz0.ico View 1 2 3 Binary file 0 comments Download
A resources/invalid_images/ico_fuzz1.ico View 1 2 3 Binary file 0 comments Download
A resources/invalid_images/ico_leak01.ico View 1 2 3 Binary file 0 comments Download
M src/images/SkImageDecoder_libico.cpp View 1 2 3 4 5 6 7 chunks +71 lines, -2 lines 0 comments Download
M tests/BadIcoTest.cpp View 1 2 3 1 chunk +3 lines, -0 lines 0 comments Download

Messages

Total messages: 23 (9 generated)
msarett
This fixes existing Ico security issues and seems to cover all cases. I can't claim ...
5 years, 9 months ago (2015-03-11 21:55:25 UTC) #2
scroggo
On 2015/03/11 21:55:25, msarett wrote: > This fixes existing Ico security issues and seems to ...
5 years, 9 months ago (2015-03-12 13:25:55 UTC) #3
msarett
I have been unable to reproduce to the seg faults, but I think the fact ...
5 years, 9 months ago (2015-03-12 15:58:52 UTC) #5
scroggo
On 2015/03/12 15:58:52, msarett wrote: > I have been unable to reproduce to the seg ...
5 years, 9 months ago (2015-03-12 21:19:29 UTC) #6
msarett
Yes I'm 99% sure that the non-deterministic seg faults and the leak occur when reading ...
5 years, 9 months ago (2015-03-12 22:18:23 UTC) #7
msarett
Sorry, I thought this uploaded with the comments from yesterday.
5 years, 9 months ago (2015-03-13 12:18:07 UTC) #8
msarett
The address sanitizer fails on each of the three new test images. ================================================================= ==28498== ERROR: ...
5 years, 9 months ago (2015-03-13 13:19:49 UTC) #9
scroggo
On 2015/03/13 13:19:49, msarett wrote: > The address sanitizer fails on each of the three ...
5 years, 9 months ago (2015-03-13 13:43:12 UTC) #10
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/996173005/80001
5 years, 9 months ago (2015-03-13 13:50:25 UTC) #12
commit-bot: I haz the power
Try jobs failed on following builders: Build-Win-VS2013-x86-Debug-Trybot on client.skia.compile (JOB_FAILED, http://build.chromium.org/p/client.skia.compile/builders/Build-Win-VS2013-x86-Debug-Trybot/builds/2925)
5 years, 9 months ago (2015-03-13 14:10:18 UTC) #14
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/996173005/100001
5 years, 9 months ago (2015-03-13 14:30:11 UTC) #17
commit-bot: I haz the power
Try jobs failed on following builders: Build-Win-VS2013-x86-Debug-Trybot on client.skia.compile (JOB_FAILED, http://build.chromium.org/p/client.skia.compile/builders/Build-Win-VS2013-x86-Debug-Trybot/builds/2928)
5 years, 9 months ago (2015-03-13 14:47:35 UTC) #19
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/996173005/120001
5 years, 9 months ago (2015-03-13 15:00:18 UTC) #22
commit-bot: I haz the power
5 years, 9 months ago (2015-03-13 15:07:05 UTC) #23
Message was sent while issue was closed.
Committed patchset #7 (id:120001) as
https://skia.googlesource.com/skia/+/6e8f9033bb8d4f27a0dae6bc10bfb629f8e3ba0b

Powered by Google App Engine
This is Rietveld 408576698