From 82d40aab18bc245bb01c770ab8c7cf486507d73b Mon Sep 17 00:00:00 2001
From: Lucas CHOLLET <lucas.chollet@free.fr>
Date: Wed, 27 Dec 2023 21:17:45 -0500
Subject: [PATCH] LibGfx/TIFF: Don't try to check non-existent values

We were previously only checking the first value, this is wrong for tags
that accept multiple values (e.g. ExtraSamples) and can lead to crashes
on malformed images containing tags with a count of 0.
---
 Userland/Libraries/LibGfx/TIFFGenerator.py | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/Userland/Libraries/LibGfx/TIFFGenerator.py b/Userland/Libraries/LibGfx/TIFFGenerator.py
index f0bd795d31..774dc1a198 100755
--- a/Userland/Libraries/LibGfx/TIFFGenerator.py
+++ b/Userland/Libraries/LibGfx/TIFFGenerator.py
@@ -407,15 +407,19 @@ def generate_tag_handler(tag: Tag) -> str:
     check_value = ''
     if tag.associated_enum is not None:
         not_in_value_list = f"({' && '.join([f'v != {v.value}' for v in tag.associated_enum])})"
-        check_value = fR"""TRY(value[0].visit(
-            []({tiff_type_to_cpp(tag.types[0])} const& v) -> ErrorOr<void> {{
-                if ({not_in_value_list})
-                    return Error::from_string_literal("TIFFImageDecoderPlugin: Invalid value for tag {tag.name}");
-                return {{}};
-            }},
-            [&](auto const&) -> ErrorOr<void> {{
-                VERIFY_NOT_REACHED();
-            }}));
+        check_value = fR"""
+        for (u32 i = 0; i < value.size(); ++i) {{
+            TRY(value[i].visit(
+                []({tiff_type_to_cpp(tag.types[0])} const& v) -> ErrorOr<void> {{
+                    if ({not_in_value_list})
+                        return Error::from_string_literal("TIFFImageDecoderPlugin: Invalid value for tag {tag.name}");
+                    return {{}};
+                }},
+                [&](auto const&) -> ErrorOr<void> {{
+                    VERIFY_NOT_REACHED();
+                }})
+            );
+        }}
 """
 
     output = fR"""    case {tag.id}: