PNG decoding relies on `output_buffer_size()` function that may overflow
This happens in image 0.24.8
Expected
Images with buffer sizes too large for usize rejected early
Actual behaviour
I see PNG decoding code using output_buffer_size() from the PNG crate in multiple places. Looking at its implementation, the computation may silently overflow.
This was recently fixed in GIF in #2103, but PNG seems to be affected too.
I haven't actually tested this - there might be some early check that catches this, but even so the code is fragile.
Doesn't seem to impact the main read_image method, but should still be fixed.
If anyone wants to look at resolving this, the total_bytes() method on PngDecoder (via the ImageDecoder trait) returns the same value, but as a u64 and computed with saturating multiplies so it doesn't overflow.