From 06665cba9cb470684fb9d93d921e9b61a8815dd4 Mon Sep 17 00:00:00 2001
From: Lucas CHOLLET <lucas.chollet@free.fr>
Date: Fri, 8 Mar 2024 14:46:09 -0500
Subject: [PATCH] LibGfx/TIFF: Reject images with an incoherent number of
 BitsPerSample

Fixes oss-fuzz issue 66588:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66588
---
 Userland/Libraries/LibGfx/ImageFormats/TIFFLoader.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Userland/Libraries/LibGfx/ImageFormats/TIFFLoader.cpp b/Userland/Libraries/LibGfx/ImageFormats/TIFFLoader.cpp
index c0761416ab..0e6ddc667a 100644
--- a/Userland/Libraries/LibGfx/ImageFormats/TIFFLoader.cpp
+++ b/Userland/Libraries/LibGfx/ImageFormats/TIFFLoader.cpp
@@ -106,6 +106,12 @@ public:
         if (any_of(*m_metadata.bits_per_sample(), [](auto bit_depth) { return bit_depth == 0 || bit_depth > 32; }))
             return Error::from_string_literal("TIFFImageDecoderPlugin: Invalid value in BitsPerSample");
 
+        if (m_metadata.bits_per_sample()->size() != m_metadata.samples_per_pixel())
+            return Error::from_string_literal("TIFFImageDecoderPlugin: Invalid number of values in BitsPerSample");
+
+        if (*m_metadata.samples_per_pixel() < samples_for_photometric_interpretation())
+            return Error::from_string_literal("TIFFImageDecoderPlugin: Not enough values in BitsPerSample for given PhotometricInterpretation");
+
         return {};
     }