Fix(rla): Invalid read from an empty vector during RLA load (AcademyS…

…oftwareFoundation#3960)

The incoming length of the RLE data could be 0. In this case we would
attempt to take the address of the 1st element of an empty vector.

Added a new 1004-byte file to the local test suite.

Fixes AcademySoftwareFoundation#3951

---------

Signed-off-by: Jesse Yurkovich <jesse.y@gmail.com>

src/rla.imageio/rlainput.cpp

@@ -550,8 +550,8 @@ RLAInput::decode_channel_group(int first_channel, short num_channels,
         size_t length = lenu16;
         // Read the encoded RLE record
         encoded.resize(length);
-        if (!read(&encoded[0], length)) {
-            errorf("Read error: couldn't read RLE data span");
+        if (!length || !read(&encoded[0], length)) {
+            errorfmt("Read error: couldn't read RLE data span");
             return false;
         }
 

testsuite/rla/ref/out.txt

@@ -316,5 +316,8 @@ Full command line was:
 oiiotool ERROR: read : "src/crash-1629.rla": Read error: malformed RLE record
 Full command line was:
 > oiiotool src/crash-1629.rla -o crash3.exr
+oiiotool ERROR: read : "src/crash-3951.rla": Read error: couldn't read RLE data span
+Full command line was:
+> oiiotool src/crash-3951.rla -o crash4.exr
 Comparing "rlacrop.rla" and "ref/rlacrop.rla"
 PASS

testsuite/rla/run.py

@@ -21,5 +21,6 @@
 command += oiiotool(OIIO_TESTSUITE_IMAGEDIR + "/rla/crash1.rla -o crash1.exr", failureok = True)
 command += oiiotool(OIIO_TESTSUITE_IMAGEDIR + "/rla/crash2.rla -o crash2.exr", failureok = True)
 command += oiiotool("src/crash-1629.rla -o crash3.exr", failureok = True)
+command += oiiotool("src/crash-3951.rla -o crash4.exr", failureok = True)
 
 outputs = [ "rlacrop.rla", 'out.txt' ]