From 4393a2a96da8efab32a8e659b6aba4e534049b76 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Sun, 19 Apr 2020 17:48:43 +0200
Subject: [PATCH] LibGfx: Let the PNG decoder fail if the header is missing or
 too short

---
 Libraries/LibGfx/PNGLoader.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Libraries/LibGfx/PNGLoader.cpp b/Libraries/LibGfx/PNGLoader.cpp
index 9ca965c421..5389ae0b47 100644
--- a/Libraries/LibGfx/PNGLoader.cpp
+++ b/Libraries/LibGfx/PNGLoader.cpp
@@ -419,6 +419,12 @@ static bool decode_png_header(PNGLoadingContext& context)
     if (context.state >= PNGLoadingContext::HeaderDecoded)
         return true;
 
+    if (!context.data || context.data_size < sizeof(png_header)) {
+        dbg() << "Missing PNG header";
+        context.state = PNGLoadingContext::State::Error;
+        return false;
+    }
+
     if (memcmp(context.data, png_header, sizeof(png_header)) != 0) {
         dbg() << "Invalid PNG header";
         context.state = PNGLoadingContext::State::Error;