LibGfx: Fail PNG decode if output bitmap can't be allocated

Otherwise we'll assert soon afterwards. Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28838
author: Andreas Kling <kling@serenityos.org> 2020-12-20 15:22:41 +0100
committer: Andreas Kling <kling@serenityos.org> 2020-12-20 15:24:50 +0100
commit: 3e0b913e44c46962147a0b50db29b89108ac9e82 (patch)
tree: cdd1e39399c888c9dce02ed6b8dd18e500ff485a
parent: 6e0976d8589cacb678f95c5fe3508522046cd2f8 (diff)
download: serenity-3e0b913e44c46962147a0b50db29b89108ac9e82.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/Libraries/LibGfx/PNGLoader.cpp b/Libraries/LibGfx/PNGLoader.cpp
index d687ee6b2a..47b03ff391 100644
--- a/Libraries/LibGfx/PNGLoader.cpp
+++ b/Libraries/LibGfx/PNGLoader.cpp
@@ -617,6 +617,11 @@ static bool decode_png_bitmap_simple(PNGLoadingContext& context)
 
     context.bitmap = Bitmap::create_purgeable(context.has_alpha() ? BitmapFormat::RGBA32 : BitmapFormat::RGB32, { context.width, context.height });
 
+    if (!context.bitmap) {
+        context.state = PNGLoadingContext::State::Error;
+        return false;
+    }
+
     unfilter(context);
 
     return true;
author	Andreas Kling <kling@serenityos.org>	2020-12-20 15:22:41 +0100
committer	Andreas Kling <kling@serenityos.org>	2020-12-20 15:24:50 +0100
commit	3e0b913e44c46962147a0b50db29b89108ac9e82 (patch)
tree	cdd1e39399c888c9dce02ed6b8dd18e500ff485a
parent	6e0976d8589cacb678f95c5fe3508522046cd2f8 (diff)
download	serenity-3e0b913e44c46962147a0b50db29b89108ac9e82.zip