Prevent malformed ICO files from recursively decoding R=reed@google.com, scroggo@google.com Author: djsollen@google.com Review URL: https://codereview.chromium.org/511453002

commit: 6a9c7b1dbdd4cfa36a006a8c7cf2effd3ffe862e [log] [tgz]
author: djsollen <djsollen@google.com> Tue Aug 26 11:35:14 2014 -0700
committer: Commit bot <commit-bot@chromium.org> Tue Aug 26 11:35:14 2014 -0700
tree: 32ba30d0d71a3a4fecf35763ee8b72daba020214
parent: ad726a319613c7fe2d9b3d61205366dee04861d4 [diff] [blame]
diff --git a/src/images/SkImageDecoder_libico.cpp b/src/images/SkImageDecoder_libico.cpp
index f75d804..7855546 100644
--- a/src/images/SkImageDecoder_libico.cpp
+++ b/src/images/SkImageDecoder_libico.cpp

@@ -164,6 +164,10 @@
         SkMemoryStream subStream(buf + offset, size, false);
         SkAutoTDelete<SkImageDecoder> otherDecoder(SkImageDecoder::Factory(&subStream));
         if (otherDecoder.get() != NULL) {
+            // Disallow nesting ICO files within one another
+            if (otherDecoder->getFormat() == SkImageDecoder::kICO_Format) {
+                return false;
+            }
             // Set fields on the other decoder to be the same as this one.
             this->copyFieldsToOther(otherDecoder.get());
             if(otherDecoder->decode(&subStream, bm, this->getDefaultPref(), mode)) {
commit	6a9c7b1dbdd4cfa36a006a8c7cf2effd3ffe862e	[log] [tgz]
author	djsollen <djsollen@google.com>	Tue Aug 26 11:35:14 2014 -0700
committer	Commit bot <commit-bot@chromium.org>	Tue Aug 26 11:35:14 2014 -0700
tree	32ba30d0d71a3a4fecf35763ee8b72daba020214
parent	ad726a319613c7fe2d9b3d61205366dee04861d4 [diff] [blame]