From 9e90682def0379baba4e3aec1980bdfe57bebdf5 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Wed, 12 May 2021 21:40:40 +0200
Subject: [PATCH] qpnghandler: Only assume we're past the input size if it
 returns a size

Size 0 is a "valid" answer for QIODevice implementations so we need to
make sure that we only enter the "try to workaround broken files" if we
know there is a size, otherwise the first read of length 4 that libpng
does breaks everything.

Change-Id: I1e396abd206ff90edae4372726f1d82d5d41ccf3
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
---
 src/gui/image/qpnghandler.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/gui/image/qpnghandler.cpp b/src/gui/image/qpnghandler.cpp
index c013a06813c..9ef2af8e21f 100644
--- a/src/gui/image/qpnghandler.cpp
+++ b/src/gui/image/qpnghandler.cpp
@@ -199,7 +199,7 @@ void iod_read_fn(png_structp png_ptr, png_bytep data, png_size_t length)
     QPngHandlerPrivate *d = (QPngHandlerPrivate *)png_get_io_ptr(png_ptr);
     QIODevice *in = d->q->device();
 
-    if (d->state == QPngHandlerPrivate::ReadingEnd && !in->isSequential() && (in->size() - in->pos()) < 4 && length == 4) {
+    if (d->state == QPngHandlerPrivate::ReadingEnd && !in->isSequential() && in->size() > 0 && (in->size() - in->pos()) < 4 && length == 4) {
         // Workaround for certain malformed PNGs that lack the final crc bytes
         uchar endcrc[4] = { 0xae, 0x42, 0x60, 0x82 };
         memcpy(data, endcrc, 4);