From fe999d6281b0f0c2a5b91f0fb7dade45fd25ba0b Mon Sep 17 00:00:00 2001 From: Nico Weber Date: Sun, 29 Nov 2020 14:34:54 -0500 Subject: [PATCH] LibGfx: Make PNGLoader not assert on images with missing chunks Before this, images without IHDR, or palettized images with no or too small PLTE would lead to asserts. Found by running FuzzPNGLoader locally. --- Libraries/LibGfx/PNGLoader.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Libraries/LibGfx/PNGLoader.cpp b/Libraries/LibGfx/PNGLoader.cpp index 073ff13d2c..aa66a20df2 100644 --- a/Libraries/LibGfx/PNGLoader.cpp +++ b/Libraries/LibGfx/PNGLoader.cpp @@ -747,8 +747,11 @@ static bool decode_png_bitmap(PNGLoadingContext& context) if (context.state >= PNGLoadingContext::State::BitmapDecoded) return true; - ASSERT(context.width >= 0); - ASSERT(context.height >= 0); + if (context.width == -1 || context.height == -1) + return false; // Didn't see an IHDR chunk. + + if (context.color_type == 3 && context.palette_data.size() < (1u << context.bit_depth)) + return false; // Didn't see an PLTE chunk for a palettized image, or not enough entries. unsigned long srclen = context.compressed_data.size() - 6; unsigned long destlen = 0;