From c9b8af70bf61a75656945697d3dc173104fba22b Mon Sep 17 00:00:00 2001
From: Nico Weber <thakis@chromium.org>
Date: Thu, 1 Jun 2023 21:04:04 -0400
Subject: WebContent: Prevent renderer crash on partially invalid image

If an image had a valid header and valid metadata, but decoding the
image frame data failed, the renderer used to crash.

The crash only happened in SerenityOS, because there
ImageCodecPluginSerenity returned nullptr bitmaps.  Instead, return
{} like ImageCodecPluginLadybird already does if there's a nullptr
frame.

Fixes #19141.

Loading #19141 in the browser satisfyingly also serves as a manual
test for the bug.  (No automated test since we don't run layout
tests within SerenityOS on the bots.)
---
 Userland/Services/WebContent/ImageCodecPluginSerenity.cpp | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'Userland')

diff --git a/Userland/Services/WebContent/ImageCodecPluginSerenity.cpp b/Userland/Services/WebContent/ImageCodecPluginSerenity.cpp
index 426cf5fb27..3b04f5a2e1 100644
--- a/Userland/Services/WebContent/ImageCodecPluginSerenity.cpp
+++ b/Userland/Services/WebContent/ImageCodecPluginSerenity.cpp
@@ -31,6 +31,8 @@ Optional<Web::Platform::DecodedImage> ImageCodecPluginSerenity::decode_image(Rea
     decoded_image.is_animated = result.is_animated;
     decoded_image.loop_count = result.loop_count;
     for (auto const& frame : result.frames) {
+        if (!frame.bitmap)
+            return {};
         decoded_image.frames.empend(move(frame.bitmap), frame.duration);
     }
 
-- 
cgit v1.2.3