LibGfx: Teach all image decoders to fail on bitmap allocation failure

We don't need to wait for oss-fuzz to find this for us. :^)
This commit is contained in:
Andreas Kling 2020-12-20 16:04:29 +01:00
parent 71d92cef17
commit c7d0c2ee7a
7 changed files with 27 additions and 2 deletions

View file

@ -297,7 +297,11 @@ static bool decode_frame(GIFLoadingContext& context, size_t frame_index)
if (context.state < GIFLoadingContext::State::FrameComplete) {
start_frame = 0;
context.frame_buffer = Bitmap::create_purgeable(BitmapFormat::RGBA32, { context.logical_screen.width, context.logical_screen.height });
if (!context.frame_buffer)
return false;
context.prev_frame_buffer = Bitmap::create_purgeable(BitmapFormat::RGBA32, { context.logical_screen.width, context.logical_screen.height });
if (!context.prev_frame_buffer)
return false;
} else if (frame_index < context.current_frame) {
start_frame = 0;
}

View file

@ -292,6 +292,8 @@ static bool load_ico_bmp(ICOLoadingContext& context, ImageDescriptor& desc)
}
desc.bitmap = Bitmap::create_purgeable(BitmapFormat::RGBA32, { desc.width, desc.height });
if (!desc.bitmap)
return false;
Bitmap& bitmap = *desc.bitmap;
const u8* image_base = context.data + desc.offset + sizeof(info);
const BMP_ARGB* data_base = (const BMP_ARGB*)image_base;

View file

@ -1126,9 +1126,11 @@ static void ycbcr_to_rgb(const JPGLoadingContext& context, Vector<Macroblock>& m
}
}
static void compose_bitmap(JPGLoadingContext& context, const Vector<Macroblock>& macroblocks)
static bool compose_bitmap(JPGLoadingContext& context, const Vector<Macroblock>& macroblocks)
{
context.bitmap = Bitmap::create_purgeable(BitmapFormat::RGB32, { context.frame.width, context.frame.height });
if (!context.bitmap)
return false;
for (u32 y = context.frame.height - 1; y < context.frame.height; y--) {
const u32 block_row = y / 8;
@ -1142,6 +1144,8 @@ static void compose_bitmap(JPGLoadingContext& context, const Vector<Macroblock>&
context.bitmap->set_pixel(x, y, color);
}
}
return true;
}
static bool parse_header(InputMemoryStream& stream, JPGLoadingContext& context)
@ -1288,7 +1292,8 @@ static bool decode_jpg(JPGLoadingContext& context)
dequantize(context, macroblocks);
inverse_dct(context, macroblocks);
ycbcr_to_rgb(context, macroblocks);
compose_bitmap(context, macroblocks);
if (!compose_bitmap(context, macroblocks))
return false;
return true;
}

View file

@ -266,6 +266,10 @@ static bool read_image_data(PBMLoadingContext& context, Streamer& streamer)
}
context.bitmap = Bitmap::create_purgeable(BitmapFormat::RGB32, { context.width, context.height });
if (!context.bitmap) {
context.state = PBMLoadingContext::State::Error;
return false;
}
size_t index = 0;
for (int y = 0; y < context.height; ++y) {

View file

@ -287,6 +287,10 @@ static bool read_image_data(PGMLoadingContext& context, Streamer& streamer)
}
context.bitmap = Bitmap::create_purgeable(BitmapFormat::RGB32, { context.width, context.height });
if (!context.bitmap) {
context.state = PGMLoadingContext::State::Error;
return false;
}
size_t index = 0;
for (int y = 0; y < context.height; ++y) {

View file

@ -734,6 +734,8 @@ static bool decode_png_adam7(PNGLoadingContext& context)
{
Streamer streamer(context.decompression_buffer, context.decompression_buffer_size);
context.bitmap = Bitmap::create_purgeable(context.has_alpha() ? BitmapFormat::RGBA32 : BitmapFormat::RGB32, { context.width, context.height });
if (!context.bitmap)
return false;
for (int pass = 1; pass <= 7; ++pass) {
if (!decode_adam7_pass(context, streamer, pass))

View file

@ -319,6 +319,10 @@ static bool read_image_data(PPMLoadingContext& context, Streamer& streamer)
return false;
context.bitmap = Bitmap::create_purgeable(BitmapFormat::RGB32, { context.width, context.height });
if (!context.bitmap) {
context.state = PPMLoadingContext::State::Error;
return false;
}
size_t index = 0;
for (int y = 0; y < context.height; ++y) {