Do not store colorproperties until alpha item is found
colorProperties could be pointing to a dangling pointer if
findAlphaItem() resizes the meta.items array.
Manual cherry-pick of PR #1808 into the chromium-m118 branch.
diff --git a/src/read.c b/src/read.c
index e3bad98..cf9f2a7 100644
--- a/src/read.c
+++ b/src/read.c
@@ -3938,7 +3938,6 @@
avifDiagnosticsPrintf(&decoder->diag, "Primary item not found");
return AVIF_RESULT_MISSING_IMAGE_ITEM;
}
- colorProperties = &colorItem->properties;
if (!memcmp(colorItem->type, "grid", 4)) {
avifROData readData;
AVIF_CHECKRES(avifDecoderItemRead(colorItem, decoder->io, &readData, 0, 0, data->diag));
@@ -3995,6 +3994,8 @@
}
}
+ colorProperties = &colorItem->properties;
+
// Find Exif and/or XMP metadata, if any
AVIF_CHECKRES(avifDecoderFindMetadata(decoder, data->meta, decoder->image, colorItem->id));