Do not store colorproperties until alpha item is found
colorProperties could be pointing to a dangling pointer if
findAlphaItem() resizes the meta.items array.
Manual cherry-pick of PR #1808 into the chromium-m120 branch.
diff --git a/src/read.c b/src/read.c
index dc99ee6..47a55ea 100644
--- a/src/read.c
+++ b/src/read.c
@@ -4655,7 +4655,6 @@
/*isItemInInput=*/AVIF_TRUE,
&data->tileInfos[AVIF_ITEM_COLOR].grid,
&codecType[AVIF_ITEM_COLOR]));
- colorProperties = &data->meta->items.item[mainItemIndices[AVIF_ITEM_COLOR]].properties;
colorCodecType = codecType[AVIF_ITEM_COLOR];
// Optional alpha auxiliary item
@@ -4713,6 +4712,7 @@
for (int c = 0; c < AVIF_ITEM_CATEGORY_COUNT; ++c) {
mainItems[c] = (mainItemIndices[c] == -1) ? NULL : &data->meta->items.item[mainItemIndices[c]];
}
+ colorProperties = &mainItems[AVIF_ITEM_COLOR]->properties;
// Find Exif and/or XMP metadata, if any
AVIF_CHECKRES(avifDecoderFindMetadata(decoder, data->meta, decoder->image, mainItems[AVIF_ITEM_COLOR]->id));