image/png: slice bounds out of range
dvyukov opened this issue · comments
Run the following program on the following input:
package main
import (
"bytes"
"image/png"
"io/ioutil"
"os"
)
func main() {
data, _ := ioutil.ReadFile(os.Args[1])
png.Decode(bytes.NewReader(data))
}https://drive.google.com/file/d/0B20Uwp8Hs1oCSDVROEdDVXJTdHM/view?usp=sharing
It crashes as:
panic: runtime error: slice bounds out of range
goroutine 1 [running]:
image/png.(*decoder).readImagePass(0xc208058e00, 0x7f0a79a0a4b0, 0xc208012230, 0x0, 0xc208012200, 0x0, 0x0, 0x0, 0x0)
/ssd/src/go10/src/image/png/reader.go:521 +0x162a
image/png.(*decoder).decode(0xc208058e00, 0x0, 0x0, 0x0, 0x0)
/ssd/src/go10/src/image/png/reader.go:323 +0x1a5
image/png.(*decoder).parseIDAT(0xc208058e00, 0x22, 0x0, 0x0)
/ssd/src/go10/src/image/png/reader.go:648 +0x3d
image/png.(*decoder).parseChunk(0xc208058e00, 0x0, 0x0)
/ssd/src/go10/src/image/png/reader.go:696 +0x42c
image/png.Decode(0x7f0a79a0a2d8, 0xc208014450, 0x0, 0x0, 0x0, 0x0)
/ssd/src/go10/src/image/png/reader.go:752 +0x247
main.main()
/tmp/png.go:12 +0x10b
I am on commit 7c37249
This was fixed by https://go-review.googlesource.com/#/c/8905/ "reject multiple tRNS chunks" aka commit 7e7d55f, which also fixed 'is the image paletted' to recognize 1-, 2- and 4-bit palettes, not just 8-bit palettes.