From ba84af7c229e4c06cda97ee3388a13e23ca4e568 Mon Sep 17 00:00:00 2001
From: Lucas CHOLLET <lucas.chollet@free.fr>
Date: Sat, 30 Dec 2023 00:13:54 -0500
Subject: [PATCH] LibGfx/TIFF: Move check on tag values in its own function

There is only one check for now, but the fuzzer has already found more
checks to add :^)
---
 .../Libraries/LibGfx/ImageFormats/TIFFLoader.cpp     | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/Userland/Libraries/LibGfx/ImageFormats/TIFFLoader.cpp b/Userland/Libraries/LibGfx/ImageFormats/TIFFLoader.cpp
index 432133896b..a32a9a88a2 100644
--- a/Userland/Libraries/LibGfx/ImageFormats/TIFFLoader.cpp
+++ b/Userland/Libraries/LibGfx/ImageFormats/TIFFLoader.cpp
@@ -42,9 +42,18 @@ public:
         return {};
     }
 
+    ErrorOr<void> ensure_baseline_tags_correctness() const
+    {
+        if (m_metadata.strip_offsets()->size() != m_metadata.strip_byte_counts()->size())
+            return Error::from_string_literal("TIFFImageDecoderPlugin: StripsOffset and StripByteCount have different sizes");
+
+        return {};
+    }
+
     ErrorOr<void> decode_frame()
     {
         TRY(ensure_baseline_tags_presence(m_metadata));
+        TRY(ensure_baseline_tags_correctness());
         auto maybe_error = decode_frame_impl();
 
         if (maybe_error.is_error()) {
@@ -195,9 +204,6 @@ private:
         auto const strips_offset = *m_metadata.strip_offsets();
         auto const strip_byte_counts = *m_metadata.strip_byte_counts();
 
-        if (strips_offset.size() != strip_byte_counts.size())
-            return Error::from_string_literal("TIFFImageDecoderPlugin: StripsOffset and StripByteCount have different sizes, aborting...");
-
         for (u32 strip_index = 0; strip_index < strips_offset.size(); ++strip_index) {
             TRY(m_stream->seek(strips_offset[strip_index]));