Add tests (and fix!) for known bad ICO files. We previously saw crashes decoding bad ICO files. Add tests for known bad files. While testing, I learned that one of them still crashes. Check for large offset and size separately to fix the crash. BUG=skia:2878 Review URL: https://codereview.chromium.org/712123002

commit: b61e206138607423e83ba34d823c6036f394f655 [log] [tgz]
author: scroggo <scroggo@google.com> Mon Nov 10 13:12:25 2014 -0800
committer: Commit bot <commit-bot@chromium.org> Mon Nov 10 13:12:25 2014 -0800
tree: 643b948ca1751c4268a3a616745995803e45ee58
parent: 428b2a5a4f31334864b2834e8668e7498959580a [diff] [blame]
diff --git a/src/images/SkImageDecoder_libico.cpp b/src/images/SkImageDecoder_libico.cpp
index cd8a292..5240d09 100644
--- a/src/images/SkImageDecoder_libico.cpp
+++ b/src/images/SkImageDecoder_libico.cpp

@@ -159,7 +159,7 @@
     const size_t size = read4Bytes(buf, 14 + choice*16);           //matters?
     const size_t offset = read4Bytes(buf, 18 + choice*16);
     // promote the sum to 64-bits to avoid overflow
-    if (((uint64_t)offset + size) > length) {
+    if (offset > length || size > length || ((uint64_t)offset + size) > length) {
         return kFailure;
     }
commit	b61e206138607423e83ba34d823c6036f394f655	[log] [tgz]
author	scroggo <scroggo@google.com>	Mon Nov 10 13:12:25 2014 -0800
committer	Commit bot <commit-bot@chromium.org>	Mon Nov 10 13:12:25 2014 -0800
tree	643b948ca1751c4268a3a616745995803e45ee58
parent	428b2a5a4f31334864b2834e8668e7498959580a [diff] [blame]