From aae60e986bdc19495f1b1bbbf556db0f86668cb7 Mon Sep 17 00:00:00 2001
From: RunDevelopment <mitchi5000.ms@googlemail.com>
Date: Sun, 30 Nov 2025 15:51:48 +0100
Subject: [PATCH] Prevent OOM in ICO due to PNG

---
 src/codecs/ico/decoder.rs                         |   7 ++++++-
 ...m-0d0085eb7f66ea55d9119206235cd29e089b9140.ico | Bin 0 -> 659 bytes
 ...m-ff076e7064c13ec1f8e2c5bbbfb7a77a08db2361.ico | Bin 0 -> 348 bytes
 3 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 tests/regression/ico/oom-0d0085eb7f66ea55d9119206235cd29e089b9140.ico
 create mode 100644 tests/regression/ico/oom-ff076e7064c13ec1f8e2c5bbbfb7a77a08db2361.ico

diff --git a/src/codecs/ico/decoder.rs b/src/codecs/ico/decoder.rs
index f04edc63e0..45113ac316 100644
--- a/src/codecs/ico/decoder.rs
+++ b/src/codecs/ico/decoder.rs
@@ -249,7 +249,12 @@ impl DirEntry {
         self.seek_to_start(&mut r)?;
 
         if is_png {
-            Ok(Png(Box::new(PngDecoder::new(r)?)))
+            let limits = crate::Limits {
+                max_image_width: Some(self.real_width().into()),
+                max_image_height: Some(self.real_height().into()),
+                max_alloc: Some(256 * 256 * 4 * 2), // width * height * 4 bytes per pixel * safety factor of 2
+            };
+            Ok(Png(Box::new(PngDecoder::with_limits(r, limits)?)))
         } else {
             Ok(Bmp(BmpDecoder::new_with_ico_format(r)?))
         }
diff --git a/tests/regression/ico/oom-0d0085eb7f66ea55d9119206235cd29e089b9140.ico b/tests/regression/ico/oom-0d0085eb7f66ea55d9119206235cd29e089b9140.ico
new file mode 100644
index 0000000000000000000000000000000000000000..4163129b93c4e3bbbfdb0e3baf8f8472ede34fba
GIT binary patch
literal 659
zcmZQzU<5)11qKkwP{YK)AjZJJ&>7(8&dVjm1!VGidbkA1FaRZin1c;S7FSh$VPIf#
z_H=O!iD*4K{r1Mk3OsF3=jJ--UTBJ1(7MHeJ5zD%5!D+YZUE<-!)|ek&5F-czGWQa
zXX~-^+`m(2smKq{-(MHsV|?&E+&<-*l9GTEgG<am?uL#jbBy2o=2I%NQEYK?5lC(k
zI23Jg+JpI($#b4FYjO{qQBb-X;nE_&bVQ=DqoJeCz?VT#^GuD!){9Zgm6$p>Ix2dc
zk1#)DE#wSld@|>B&XQa2@9Q4%mcME(7;3r8WJ0mt>s`NmLe7;Mx!5?~tm9sEj*-D+
zwF`@;>I#NG3HFU{mrph6clY06dJ&T)>Yy!k|6cd6Q#wmJ7z9lj#TYcaRtmQZtm?mS
z`2NP3YK~1i`F^Zev#It}^|3R@nLn&=G5aNaKx3-dI`&0xEuXKNKU1+K;HvzB&Ege-
zKUatx;kx{9ll8Il4`0_aeW-WTHtIcBpFH=*n;-Tk^{)mqeA_Q~^}gGB&FeWoU$isW
zeyv`cu|L-F>PFq}_5V#8)@Po#St0%?T5`k7d7gXEhGp-WmdH|YYhzm0{aeO+1Otni
z1oMnnS09TywVXlMnsLjeC$d{^xh*g}X4&xj@4goavs-6|UUIt0`ub;08NbR|p*wlo
zUBAE9R=53pF1hFK;>d7jmn}AO{fVA`R+8&AE4bJ0e_v$1h-t|by`$d(8>T<rv`*W=
yc*&GydW!O_3_qeLT|f8z>F$Ty8SE148N&3w{c4=D2$;SY7(8A5T-G@yGywp6Xe#Ca

literal 0
HcmV?d00001

diff --git a/tests/regression/ico/oom-ff076e7064c13ec1f8e2c5bbbfb7a77a08db2361.ico b/tests/regression/ico/oom-ff076e7064c13ec1f8e2c5bbbfb7a77a08db2361.ico
new file mode 100644
index 0000000000000000000000000000000000000000..7b0ec50ad7e27b280a172baadc7e1276264c97bd
GIT binary patch
literal 348
zcmZQzU<5)11qKkwP{YK)AjZJJ&>7(8&dVjm1!VGidbkAXGXN!ln1c<du9)FVRTTr1
zv!{z=NJQ(=>9;pNR^VxS`WFLu{{Fi79^-@W;`S-el#~RV7+hlhaW`~KnPdFsH=k0G
zjbe+Fi$L;B41It95~=fhI8KwdTsrst>F$Ty8SE148N&3w{c4=T@C@C_b8{VZFEm9h
zXx-w#ovFC>i0TaxH-PiaVYfKNX2s_z-!hKzv*p`)?%%1iROAO1haw9B9lb~f7)lJ^
M<gVUd=akR{06E*P$N&HU

literal 0
HcmV?d00001