LibGfx: Let the PNG decoder fail if the header is missing or too short

author: Andreas Kling <kling@serenityos.org> 2020-04-19 17:48:43 +0200
committer: Andreas Kling <kling@serenityos.org> 2020-04-19 17:48:43 +0200
commit: 4393a2a96da8efab32a8e659b6aba4e534049b76 (patch)
tree: 3ccf31ab1b15dd2141095b3cffb66ba70c3219d6 /Libraries/LibGfx
parent: 992467cca3e4b0cb26a802b8078bb6575c1682ba (diff)
download: serenity-4393a2a96da8efab32a8e659b6aba4e534049b76.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/Libraries/LibGfx/PNGLoader.cpp b/Libraries/LibGfx/PNGLoader.cpp
index 9ca965c421..5389ae0b47 100644
--- a/Libraries/LibGfx/PNGLoader.cpp
+++ b/Libraries/LibGfx/PNGLoader.cpp
@@ -419,6 +419,12 @@ static bool decode_png_header(PNGLoadingContext& context)
     if (context.state >= PNGLoadingContext::HeaderDecoded)
         return true;
 
+    if (!context.data || context.data_size < sizeof(png_header)) {
+        dbg() << "Missing PNG header";
+        context.state = PNGLoadingContext::State::Error;
+        return false;
+    }
+
     if (memcmp(context.data, png_header, sizeof(png_header)) != 0) {
         dbg() << "Invalid PNG header";
         context.state = PNGLoadingContext::State::Error;
author	Andreas Kling <kling@serenityos.org>	2020-04-19 17:48:43 +0200
committer	Andreas Kling <kling@serenityos.org>	2020-04-19 17:48:43 +0200
commit	4393a2a96da8efab32a8e659b6aba4e534049b76 (patch)
tree	3ccf31ab1b15dd2141095b3cffb66ba70c3219d6 /Libraries/LibGfx
parent	992467cca3e4b0cb26a802b8078bb6575c1682ba (diff)
download	serenity-4393a2a96da8efab32a8e659b6aba4e534049b76.zip