From c47f08657a09aaabda3974b50b8a29e460f9927a Mon Sep 17 00:00:00 2001
From: Nigel Tao <nigeltao@golang.org>
Date: Wed, 16 Apr 2014 12:18:57 +1000
Subject: [PATCH] image/png: fix crash when an alleged PNG has too much pixel
 data, so that the zlib.Reader returns nil error.

Fixes #7762.

LGTM=r
R=r
CC=golang-codereviews
https://golang.org/cl/86750044
---
 src/pkg/image/png/reader.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/pkg/image/png/reader.go b/src/pkg/image/png/reader.go
index a6bf86ede6..dfe2991024 100644
--- a/src/pkg/image/png/reader.go
+++ b/src/pkg/image/png/reader.go
@@ -505,8 +505,14 @@ func (d *decoder) decode() (image.Image, error) {
 	}
 
 	// Check for EOF, to verify the zlib checksum.
-	n, err := r.Read(pr[:1])
-	if err != io.EOF {
+	n := 0
+	for i := 0; n == 0 && err == nil; i++ {
+		if i == 100 {
+			return nil, io.ErrNoProgress
+		}
+		n, err = r.Read(pr[:1])
+	}
+	if err != nil && err != io.EOF {
 		return nil, FormatError(err.Error())
 	}
 	if n != 0 || d.idatLength != 0 {
-- 
2.50.0