From: Nigel Tao <nigeltao@golang.org>
Date: Wed, 16 Apr 2014 02:18:57 +0000 (+1000)
Subject: image/png: fix crash when an alleged PNG has too much pixel data,
X-Git-Tag: go1.3beta1~65
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=c47f08657a09aaabda3974b50b8a29e460f9927a;p=gostls13.git

image/png: fix crash when an alleged PNG has too much pixel data,
so that the zlib.Reader returns nil error.

Fixes #7762.

LGTM=r
R=r
CC=golang-codereviews
https://golang.org/cl/86750044
---

diff --git a/src/pkg/image/png/reader.go b/src/pkg/image/png/reader.go
index a6bf86ede6..dfe2991024 100644
--- a/src/pkg/image/png/reader.go
+++ b/src/pkg/image/png/reader.go
@@ -505,8 +505,14 @@ func (d *decoder) decode() (image.Image, error) {
 	}
 
 	// Check for EOF, to verify the zlib checksum.
-	n, err := r.Read(pr[:1])
-	if err != io.EOF {
+	n := 0
+	for i := 0; n == 0 && err == nil; i++ {
+		if i == 100 {
+			return nil, io.ErrNoProgress
+		}
+		n, err = r.Read(pr[:1])
+	}
+	if err != nil && err != io.EOF {
 		return nil, FormatError(err.Error())
 	}
 	if n != 0 || d.idatLength != 0 {