Google Git
Sign in
aomedia/libavif/refs/heads/chromium-m119^!/.
commit
e79fd7740eb410c5beb176fef014de4052f71fa2
[log] [tgz]
author
Vignesh Venkatasubramanian <vigneshv@google.com>
Tue Nov 28 08:44:22 2023 -0800
committer
Vignesh Venkatasubramanian <vigneshv@google.com>
Tue Nov 28 15:23:45 2023 -0800
tree
2f6830db28985982c1753cab38b0817102db8785
parent
1f2ccf07f7f98e0ceefbe86a8d7e2375bc8f9d16 [diff]
Do not store colorproperties until alpha item is found

colorProperties could be pointing to a dangling pointer if
findAlphaItem() resizes the meta.items array.

Manual cherry-pick of PR #1808 into the chromium-m119 branch.

diff --git a/src/read.c b/src/read.c
index 43e9c87..da73c03 100644
--- a/src/read.c
+++ b/src/read.c

@@ -4606,7 +4606,6 @@
             avifDiagnosticsPrintf(&decoder->diag, "Primary item not found");
             return AVIF_RESULT_MISSING_IMAGE_ITEM;
         }
-        colorProperties = &colorItem->properties;
         if (!memcmp(colorItem->type, "grid", 4)) {
             avifROData readData;
             AVIF_CHECKRES(avifDecoderItemRead(colorItem, decoder->io, &readData, 0, 0, data->diag));
@@ -4694,6 +4693,8 @@
         }
 #endif // AVIF_ENABLE_EXPERIMENTAL_GAIN_MAP
 
+        colorProperties = &colorItem->properties;
+
         // Find Exif and/or XMP metadata, if any
         AVIF_CHECKRES(avifDecoderFindMetadata(decoder, data->meta, decoder->image, colorItem->id));