1/*
2 * Copyright (c) 2008, 2009, Google Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
6 * met:
7 *
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following disclaimer
12 * in the documentation and/or other materials provided with the
13 * distribution.
14 * * Neither the name of Google Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31#include "config.h"
32#include "ICOImageDecoder.h"
33
34#include <algorithm>
35
36#include "BMPImageReader.h"
37#include "PNGImageDecoder.h"
38
39namespace WebCore {
40
41// Number of bits in .ICO/.CUR used to store the directory and its entries,
42// respectively (doesn't match sizeof values for member structs since we omit
43// some fields).
44static const size_t sizeOfDirectory = 6;
45static const size_t sizeOfDirEntry = 16;
46
47ICOImageDecoder::ICOImageDecoder(AlphaOption alphaOption, GammaAndColorProfileOption gammaAndColorProfileOption)
48 : ScalableImageDecoder(alphaOption, gammaAndColorProfileOption)
49 , m_decodedOffset(0)
50{
51}
52
53ICOImageDecoder::~ICOImageDecoder() = default;
54
55void ICOImageDecoder::setData(SharedBuffer& data, bool allDataReceived)
56{
57 if (failed())
58 return;
59
60 ScalableImageDecoder::setData(data, allDataReceived);
61
62 for (BMPReaders::iterator i(m_bmpReaders.begin()); i != m_bmpReaders.end(); ++i) {
63 if (*i)
64 (*i)->setData(&data);
65 }
66 for (size_t i = 0; i < m_pngDecoders.size(); ++i)
67 setDataForPNGDecoderAtIndex(i);
68}
69
70IntSize ICOImageDecoder::size() const
71{
72 return m_frameSize.isEmpty() ? ScalableImageDecoder::size() : m_frameSize;
73}
74
75IntSize ICOImageDecoder::frameSizeAtIndex(size_t index, SubsamplingLevel) const
76{
77 return (index && (index < m_dirEntries.size())) ? m_dirEntries[index].m_size : size();
78}
79
80bool ICOImageDecoder::setSize(const IntSize& size)
81{
82 // The size calculated inside the BMPImageReader had better match the one in
83 // the icon directory.
84 return m_frameSize.isEmpty() ? ScalableImageDecoder::setSize(size) : ((size == m_frameSize) || setFailed());
85}
86
87size_t ICOImageDecoder::frameCount() const
88{
89 const_cast<ICOImageDecoder*>(this)->decode(0, true, isAllDataReceived());
90 return m_frameBufferCache.size();
91}
92
93ScalableImageDecoderFrame* ICOImageDecoder::frameBufferAtIndex(size_t index)
94{
95 // Ensure |index| is valid.
96 if (index >= frameCount())
97 return 0;
98
99 auto* buffer = &m_frameBufferCache[index];
100 if (!buffer->isComplete())
101 decode(index, false, isAllDataReceived());
102 return buffer;
103}
104
105bool ICOImageDecoder::setFailed()
106{
107 m_bmpReaders.clear();
108 m_pngDecoders.clear();
109 return ScalableImageDecoder::setFailed();
110}
111
112Optional<IntPoint> ICOImageDecoder::hotSpot() const
113{
114 // When unspecified, the default frame is always frame 0. This is consistent with
115 // BitmapImage where currentFrame() starts at 0 and only increases when animation is
116 // requested.
117 return hotSpotAtIndex(0);
118}
119
120Optional<IntPoint> ICOImageDecoder::hotSpotAtIndex(size_t index) const
121{
122 if (index >= m_dirEntries.size() || m_fileType != CURSOR)
123 return WTF::nullopt;
124
125 return m_dirEntries[index].m_hotSpot;
126}
127
128
129// static
130bool ICOImageDecoder::compareEntries(const IconDirectoryEntry& a, const IconDirectoryEntry& b)
131{
132 // Larger icons are better. After that, higher bit-depth icons are better.
133 const int aEntryArea = a.m_size.width() * a.m_size.height();
134 const int bEntryArea = b.m_size.width() * b.m_size.height();
135 return (aEntryArea == bEntryArea) ? (a.m_bitCount > b.m_bitCount) : (aEntryArea > bEntryArea);
136}
137
138void ICOImageDecoder::setDataForPNGDecoderAtIndex(size_t index)
139{
140 if (!m_pngDecoders[index])
141 return;
142
143 const IconDirectoryEntry& dirEntry = m_dirEntries[index];
144 // Copy out PNG data to a separate vector and send to the PNG decoder.
145 // FIXME: Save this copy by making the PNG decoder able to take an
146 // optional offset.
147 auto pngData = SharedBuffer::create(&m_data->data()[dirEntry.m_imageOffset], m_data->size() - dirEntry.m_imageOffset);
148 m_pngDecoders[index]->setData(pngData.get(), isAllDataReceived());
149}
150
151void ICOImageDecoder::decode(size_t index, bool onlySize, bool allDataReceived)
152{
153 if (failed())
154 return;
155
156 // If we couldn't decode the image but we've received all the data, decoding
157 // has failed.
158 if ((!decodeDirectory() || (!onlySize && !decodeAtIndex(index))) && allDataReceived)
159 setFailed();
160 // If we're done decoding this frame, we don't need the BMPImageReader or
161 // PNGImageDecoder anymore. (If we failed, these have already been
162 // cleared.)
163 else if ((m_frameBufferCache.size() > index) && m_frameBufferCache[index].isComplete()) {
164 m_bmpReaders[index] = nullptr;
165 m_pngDecoders[index] = nullptr;
166 }
167
168 if (m_frameBufferCache.isEmpty())
169 m_frameBufferCache.grow(m_dirEntries.size());
170 // CAUTION: We must not resize m_frameBufferCache again after this, as
171 // decodeAtIndex() may give a BMPImageReader a pointer to one of the
172 // entries.
173}
174
175bool ICOImageDecoder::decodeDirectory()
176{
177 // Read and process directory.
178 if ((m_decodedOffset < sizeOfDirectory) && !processDirectory())
179 return false;
180
181 // Read and process directory entries.
182 return (m_decodedOffset >= (sizeOfDirectory + (m_dirEntries.size() * sizeOfDirEntry))) || processDirectoryEntries();
183}
184
185bool ICOImageDecoder::decodeAtIndex(size_t index)
186{
187 ASSERT_WITH_SECURITY_IMPLICATION(index < m_dirEntries.size());
188 const IconDirectoryEntry& dirEntry = m_dirEntries[index];
189 const ImageType imageType = imageTypeAtIndex(index);
190 if (imageType == Unknown)
191 return false; // Not enough data to determine image type yet.
192
193 if (imageType == BMP) {
194 if (!m_bmpReaders[index]) {
195 // We need to have already sized m_frameBufferCache before this, and
196 // we must not resize it again later (see caution in frameCount()).
197 ASSERT(m_frameBufferCache.size() == m_dirEntries.size());
198 m_bmpReaders[index] = std::make_unique<BMPImageReader>(this, dirEntry.m_imageOffset, 0, true);
199 m_bmpReaders[index]->setData(m_data.get());
200 m_bmpReaders[index]->setBuffer(&m_frameBufferCache[index]);
201 }
202 m_frameSize = dirEntry.m_size;
203 bool result = m_bmpReaders[index]->decodeBMP(false);
204 m_frameSize = IntSize();
205 return result;
206 }
207
208 if (!m_pngDecoders[index]) {
209 m_pngDecoders[index] = PNGImageDecoder::create(m_premultiplyAlpha ? AlphaOption::Premultiplied : AlphaOption::NotPremultiplied, m_ignoreGammaAndColorProfile ? GammaAndColorProfileOption::Ignored : GammaAndColorProfileOption::Applied);
210 setDataForPNGDecoderAtIndex(index);
211 }
212 // Fail if the size the PNGImageDecoder calculated does not match the size
213 // in the directory.
214 if (m_pngDecoders[index]->encodedDataStatus() >= EncodedDataStatus::SizeAvailable && (m_pngDecoders[index]->size() != dirEntry.m_size))
215 return setFailed();
216 m_frameBufferCache[index] = *m_pngDecoders[index]->frameBufferAtIndex(0);
217 return !m_pngDecoders[index]->failed() || setFailed();
218}
219
220bool ICOImageDecoder::processDirectory()
221{
222 // Read directory.
223 ASSERT(!m_decodedOffset);
224 if (m_data->size() < sizeOfDirectory)
225 return false;
226 const uint16_t fileType = readUint16(2);
227 const uint16_t idCount = readUint16(4);
228 m_decodedOffset = sizeOfDirectory;
229
230 // See if this is an icon filetype we understand, and make sure we have at
231 // least one entry in the directory.
232 if (((fileType != ICON) && (fileType != CURSOR)) || (!idCount))
233 return setFailed();
234
235 m_fileType = static_cast<FileType>(fileType);
236
237 // Enlarge member vectors to hold all the entries.
238 m_dirEntries.resize(idCount);
239 m_bmpReaders.resize(idCount);
240 m_pngDecoders.resize(idCount);
241 return true;
242}
243
244bool ICOImageDecoder::processDirectoryEntries()
245{
246 // Read directory entries.
247 ASSERT(m_decodedOffset == sizeOfDirectory);
248 if ((m_decodedOffset > m_data->size()) || ((m_data->size() - m_decodedOffset) < (m_dirEntries.size() * sizeOfDirEntry)))
249 return false;
250 for (IconDirectoryEntries::iterator i(m_dirEntries.begin()); i != m_dirEntries.end(); ++i)
251 *i = readDirectoryEntry(); // Updates m_decodedOffset.
252
253 // Make sure the specified image offsets are past the end of the directory
254 // entries.
255 for (IconDirectoryEntries::iterator i(m_dirEntries.begin()); i != m_dirEntries.end(); ++i) {
256 if (i->m_imageOffset < m_decodedOffset)
257 return setFailed();
258 }
259
260 // Arrange frames in decreasing quality order.
261 std::sort(m_dirEntries.begin(), m_dirEntries.end(), compareEntries);
262
263 // The image size is the size of the largest entry.
264 const IconDirectoryEntry& dirEntry = m_dirEntries.first();
265 // Technically, this next call shouldn't be able to fail, since the width
266 // and height here are each <= 256, and |m_frameSize| is empty.
267 return setSize(dirEntry.m_size);
268}
269
270ICOImageDecoder::IconDirectoryEntry ICOImageDecoder::readDirectoryEntry()
271{
272 // Read icon data.
273 // The casts to uint8_t in the next few lines are because that's the on-disk
274 // type of the width and height values. Storing them in ints (instead of
275 // matching uint8_ts) is so we can record dimensions of size 256 (which is
276 // what a zero byte really means).
277 int width = static_cast<uint8_t>(m_data->data()[m_decodedOffset]);
278 if (!width)
279 width = 256;
280 int height = static_cast<uint8_t>(m_data->data()[m_decodedOffset + 1]);
281 if (!height)
282 height = 256;
283 IconDirectoryEntry entry;
284 entry.m_size = IntSize(width, height);
285 if (m_fileType == CURSOR) {
286 entry.m_bitCount = 0;
287 entry.m_hotSpot = IntPoint(readUint16(4), readUint16(6));
288 } else {
289 entry.m_bitCount = readUint16(6);
290 entry.m_hotSpot = IntPoint();
291 }
292 entry.m_imageOffset = readUint32(12);
293
294 // Some icons don't have a bit depth, only a color count. Convert the
295 // color count to the minimum necessary bit depth. It doesn't matter if
296 // this isn't quite what the bitmap info header says later, as we only use
297 // this value to determine which icon entry is best.
298 if (!entry.m_bitCount) {
299 int colorCount = static_cast<uint8_t>(m_data->data()[m_decodedOffset + 2]);
300 if (!colorCount)
301 colorCount = 256; // Vague in the spec, needed by real-world icons.
302 for (--colorCount; colorCount; colorCount >>= 1)
303 ++entry.m_bitCount;
304 }
305
306 m_decodedOffset += sizeOfDirEntry;
307 return entry;
308}
309
310ICOImageDecoder::ImageType ICOImageDecoder::imageTypeAtIndex(size_t index)
311{
312 // Check if this entry is a BMP or a PNG; we need 4 bytes to check the magic
313 // number.
314 ASSERT_WITH_SECURITY_IMPLICATION(index < m_dirEntries.size());
315 const uint32_t imageOffset = m_dirEntries[index].m_imageOffset;
316 if ((imageOffset > m_data->size()) || ((m_data->size() - imageOffset) < 4))
317 return Unknown;
318 return strncmp(&m_data->data()[imageOffset], "\x89PNG", 4) ? BMP : PNG;
319}
320
321}
322