From bb50bf42b0a39bc378401a2d5d8eaa678813a92f Mon Sep 17 00:00:00 2001
From: James Zern <jzern@google.com>
Date: Wed, 22 Jun 2016 23:09:30 -0700
Subject: [PATCH] pngdec,ReadFunc: throw an error on invalid read

convert the assert() to an error check to avoid crashing when reading
malformed files.

BUG=webp:302

Change-Id: I25eed9cab5c0a439bd3411beacc83f3a27af2bbf
---
 examples/pngdec.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/examples/pngdec.c b/examples/pngdec.c
index 85183621..c75a6dec 100644
--- a/examples/pngdec.c
+++ b/examples/pngdec.c
@@ -18,7 +18,6 @@
 #include <stdio.h>
 
 #ifdef WEBP_HAVE_PNG
-#include <assert.h>
 #include <png.h>
 #include <setjmp.h>   // note: this must be included *after* png.h
 #include <stdlib.h>
@@ -198,7 +197,9 @@ typedef struct {
 
 static void ReadFunc(png_structp png_ptr, png_bytep data, png_size_t length) {
   PNGReadContext* const ctx = (PNGReadContext*)png_get_io_ptr(png_ptr);
-  assert(ctx->offset + length <= ctx->data_size);
+  if (ctx->data_size - ctx->offset < length) {
+    png_error(png_ptr, "ReadFunc: invalid read length (overflow)!");
+  }
   memcpy(data, ctx->data + ctx->offset, length);
   ctx->offset += length;
 }