From 0baab758c7a9b70e3a224c0a98d88ae15ca2b2eb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 26 Jun 2024 22:06:24 +0200
Subject: [chore]: Bump golang.org/x/image from 0.17.0 to 0.18.0 (#3044)

Bumps [golang.org/x/image](https://github.com/golang/image) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/image/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/image
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 vendor/golang.org/x/image/tiff/reader.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'vendor/golang.org/x')

diff --git a/vendor/golang.org/x/image/tiff/reader.go b/vendor/golang.org/x/image/tiff/reader.go
index 0ad155290..1b8fcb859 100644
--- a/vendor/golang.org/x/image/tiff/reader.go
+++ b/vendor/golang.org/x/image/tiff/reader.go
@@ -36,7 +36,10 @@ func (e UnsupportedError) Error() string {
 	return "tiff: unsupported feature: " + string(e)
 }
 
-var errNoPixels = FormatError("not enough pixel data")
+var (
+	errNoPixels          = FormatError("not enough pixel data")
+	errInvalidColorIndex = FormatError("invalid color index")
+)
 
 const maxChunkSize = 10 << 20 // 10M
 
@@ -337,13 +340,18 @@ func (d *decoder) decode(dst image.Image, xmin, ymin, xmax, ymax int) error {
 		}
 	case mPaletted:
 		img := dst.(*image.Paletted)
+		pLen := len(d.palette)
 		for y := ymin; y < rMaxY; y++ {
 			for x := xmin; x < rMaxX; x++ {
 				v, ok := d.readBits(d.bpp)
 				if !ok {
 					return errNoPixels
 				}
-				img.SetColorIndex(x, y, uint8(v))
+				idx := uint8(v)
+				if int(idx) >= pLen {
+					return errInvalidColorIndex
+				}
+				img.SetColorIndex(x, y, idx)
 			}
 			d.flushBits()
 		}
-- 
cgit v1.2.3