From 865835570134e9f1121691635e16f082ecf75f93 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Sun, 5 Oct 2025 23:24:45 +0200
Subject: [PATCH] Fix crash on malformed files

oss-fuzz/449485443
---
 src/imageformats/chunks.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/imageformats/chunks.cpp b/src/imageformats/chunks.cpp
index 13a3cc1..200c00b 100644
--- a/src/imageformats/chunks.cpp
+++ b/src/imageformats/chunks.cpp
@@ -545,8 +545,12 @@ bool CMAPChunk::innerReadStructure(QIODevice *d)
 QList<QRgb> CMAPChunk::innerPalette() const
 {
     QList<QRgb> l;
-    auto &&d = data();
-    for (qint32 i = 0, n = count(); i < n; ++i) {
+    const QByteArray &d = data();
+    const qint32 n = count();
+    if (n * 3 > d.size()) {
+        return {};
+    }
+    for (qint32 i = 0; i < n; ++i) {
         auto i3 = i * 3;
         l << qRgb(d.at(i3), d.at(i3 + 1), d.at(i3 + 2));
     }