From cd046fae44fc6b1fcf324896ccc2c6126974ff33 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Wed, 23 Dec 2020 19:22:15 +0100
Subject: [PATCH] LibGfx: Fail JPEG decode instead of asserting on bogus
 start-of-scan

Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28628
---
 Libraries/LibGfx/JPGLoader.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Libraries/LibGfx/JPGLoader.cpp b/Libraries/LibGfx/JPGLoader.cpp
index dd97c80074..846fc674a5 100644
--- a/Libraries/LibGfx/JPGLoader.cpp
+++ b/Libraries/LibGfx/JPGLoader.cpp
@@ -552,7 +552,10 @@ static bool read_start_of_scan(InputMemoryStream& stream, JPGLoadingContext& con
         auto it = context.components.find(component_id);
         if (it != context.components.end()) {
             component = &it->value;
-            ASSERT(i == component->serial_id);
+            if (i != component->serial_id) {
+                dbgln("JPEG decode failed (i != component->serial_id)");
+                return false;
+            }
         } else {
 #ifdef JPG_DEBUG
             dbg() << stream.offset() << String::format(": Unsupported component id: %i!", component_id);