Panic in gif::Decoder::into_frames on invalid background color

[moulins]

This small program, along with this image: invalid-bg-color.gif -

extern crate image;

use image::ImageDecoder;

fn main() {
   
    let file = std::fs::File::open("invalid-bg-color.gif").unwrap();
    let decoder = image::gif::Decoder::new(std::io::BufReader::new(file));
    let _frames = decoder.into_frames().unwrap();
}

Produces the following crash:

   8: core::slice::slice_index_len_fail
             at libcore/slice/mod.rs:1971
   9: <core::ops::range::Range<usize> as core::slice::SliceIndex<[T]>>::index
             at /checkout/src/libcore/slice/mod.rs:2136
  10: core::slice::<impl core::ops::index::Index<I> for [T]>::index
             at /checkout/src/libcore/slice/mod.rs:1953
  11: <image::gif::Decoder<R> as image::image::ImageDecoder>::into_frames
             at /home/XXX/.cargo/registry/src/github.com-1ecc6299db9ec823/image-0.20.0/./src/gif.rs:139
  12: gif_test::main
             at src/main.rs:10

But opening the image with image::load("invalid-bg-color.gif") works correctly.

---

The input image is a copy of this image, but with the background color set to the invalid value 0xFF, which causes an out-of-bound access in the Global Color Table.

Some GIFs in the wild use such an invalid value when the background color is never used, so these files should be parsed correctly (even if this technically is an invalid GIF).

[fintelia]

Is this now fixed?

[moulins]

This is fixed on image-gif v0.10.1, but image still uses v0.10.0, so we'll have to wait a little more ;)

[Shnatsel]

This testcase no longer causes a crash. I believe this bug is fixed and can be closed.

[bvssvni]

Closing.