From 825606641b11f3f1f5c5efb0f95501b2c2d34d50 Mon Sep 17 00:00:00 2001
From: Leo Izen <leo.izen@gmail.com>
Date: Fri, 19 Jul 2024 12:04:19 -0400
Subject: [PATCH] avcodec/pngdec: use 8-bit sBIT cap for indexed PNGs per spec

The PNG specification[1] says that sBIT entries must be at most the bit
depth specified in IHDR, unless the PNG is indexed-color, in which case
sBIT must be between 1 and 8. We should not reject valid sBITs on PNGs
with indexed color.

[1]: https://www.w3.org/TR/png-3/#11sBIT

Regression since 84b454935fae2633a8a5dd075e22393f3e8f932f.

Signed-off-by: Leo Izen <leo.izen@gmail.com>
Reported-by: Ramiro Polla <ramiro.polla@gmail.com>
---
 libavcodec/pngdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index cb861e5f60..c5b32c166d 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -1097,7 +1097,7 @@ static int decode_sbit_chunk(AVCodecContext *avctx, PNGDecContext *s,
         bits = FFMAX(b, bits);
     }
 
-    if (bits < 0 || bits > s->bit_depth) {
+    if (bits <= 0 || bits > (s->color_type & PNG_COLOR_MASK_PALETTE ? 8 : s->bit_depth)) {
         av_log(avctx, AV_LOG_ERROR, "Invalid significant bits: %d\n", bits);
         return AVERROR_INVALIDDATA;
     }