From dba62348941ff6815ca54ae71577f4b82177cb41 Mon Sep 17 00:00:00 2001
From: Chris Kitching <chriskitching@linux.com>
Date: Mon, 24 Mar 2014 21:29:09 +0000
Subject: [PATCH] Bug 987340: Prevent favicon decoder choking on corrupt
 non-ICO bitmaps with valid magic numbers. r=rnewman

---
 mobile/android/base/favicons/decoders/FaviconDecoder.java | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/mobile/android/base/favicons/decoders/FaviconDecoder.java b/mobile/android/base/favicons/decoders/FaviconDecoder.java
index 38b386934573..6842f04d299c 100644
--- a/mobile/android/base/favicons/decoders/FaviconDecoder.java
+++ b/mobile/android/base/favicons/decoders/FaviconDecoder.java
@@ -93,9 +93,15 @@ public class FaviconDecoder {
             result.length = length;
             result.isICO = false;
 
+            Bitmap decodedImage = BitmapUtils.decodeByteArray(buffer, offset, length);
+            if (decodedImage == null) {
+                // What we got wasn't decodable after all. Probably corrupted image, or we got a muffled OOM.
+                return null;
+            }
+
             // We assume here that decodeByteArray doesn't hold on to the entire supplied
             // buffer -- worst case, each of our buffers will be twice the necessary size.
-            result.bitmapsDecoded = new SingleBitmapIterator(BitmapUtils.decodeByteArray(buffer, offset, length));
+            result.bitmapsDecoded = new SingleBitmapIterator(decodedImage);
             result.faviconBytes = buffer;
 
             return result;