WebContent: Prevent renderer crash on partially invalid image

If an image had a valid header and valid metadata, but decoding the image frame data failed, the renderer used to crash. The crash only happened in SerenityOS, because there ImageCodecPluginSerenity returned nullptr bitmaps. Instead, return {} like ImageCodecPluginLadybird already does if there's a nullptr frame. Fixes #19141. Loading #19141 in the browser satisfyingly also serves as a manual test for the bug. (No automated test since we don't run layout tests within SerenityOS on the bots.)
Author: https://github.com/nico Commit: https://github.com/SerenityOS/serenity/commit/c9b8af70bf Pull-request: https://github.com/SerenityOS/serenity/pull/19216 Issue: https://github.com/SerenityOS/serenity/issues/19141
2023-06-01 21:04:04 -04:00 · 2023-06-01 21:04:04 -04:00 · c9b8af70bf · 2024-07-16 20:51:53 +09:00
commit c9b8af70bf
parent 5617dd1c83
1 changed files with 2 additions and 0 deletions
--- a/Userland/Services/WebContent/ImageCodecPluginSerenity.cpp
+++ b/Userland/Services/WebContent/ImageCodecPluginSerenity.cpp
@ -31,6 +31,8 @@ Optional<Web::Platform::DecodedImage> ImageCodecPluginSerenity::decode_image(Rea
    decoded_image.is_animated = result.is_animated;
    decoded_image.loop_count = result.loop_count;
    for (auto const& frame : result.frames) {
+        if (!frame.bitmap)
+            return {};
        decoded_image.frames.empend(move(frame.bitmap), frame.duration);
    }