Bug 987340: Prevent favicon decoder choking on corrupt non-ICO bitmaps with valid magic numbers. r=rnewman
authorChris Kitching <chriskitching@linux.com>
Mon, 24 Mar 2014 21:29:09 +0000
changeset 175127 8704a02247d80a7102667a81ce015b543ff9672b
parent 175126 d8846585295f86315fce38304d9b1ea5d47cb1d2
child 175128 561868618cb4554e049048395f780bd4fe2b373a
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewersrnewman
bugs987340
milestone31.0a1
Bug 987340: Prevent favicon decoder choking on corrupt non-ICO bitmaps with valid magic numbers. r=rnewman
mobile/android/base/favicons/decoders/FaviconDecoder.java
--- a/mobile/android/base/favicons/decoders/FaviconDecoder.java
+++ b/mobile/android/base/favicons/decoders/FaviconDecoder.java
@@ -88,19 +88,25 @@ public class FaviconDecoder {
     public static LoadFaviconResult decodeFavicon(byte[] buffer, int offset, int length) {
         LoadFaviconResult result;
         if (isDecodableByAndroid(buffer, offset)) {
             result = new LoadFaviconResult();
             result.offset = offset;
             result.length = length;
             result.isICO = false;
 
+            Bitmap decodedImage = BitmapUtils.decodeByteArray(buffer, offset, length);
+            if (decodedImage == null) {
+                // What we got wasn't decodable after all. Probably corrupted image, or we got a muffled OOM.
+                return null;
+            }
+
             // We assume here that decodeByteArray doesn't hold on to the entire supplied
             // buffer -- worst case, each of our buffers will be twice the necessary size.
-            result.bitmapsDecoded = new SingleBitmapIterator(BitmapUtils.decodeByteArray(buffer, offset, length));
+            result.bitmapsDecoded = new SingleBitmapIterator(decodedImage);
             result.faviconBytes = buffer;
 
             return result;
         }
 
         // If it's not decodable by Android, it might be an ICO. Let's try.
         ICODecoder decoder = new ICODecoder(buffer, offset, length);