image: Decode(r io.Reader) return invalid image without error

[hangfanL]

What version of Go are you using (go version)?

$ go version
go version go1.17.1 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output

$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/hangfan/Library/Caches/go-build"
GOENV="/Users/hangfan/Library/Application Support/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/hangfan/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/hangfan/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GOVCS=""
GOVERSION="go1.17.1"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/dev/null"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/l9/y02qslys54qbw_5r_4qsjl9r0000gy/T/go-build4025033244=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

I read a image(.png) using image.Decode(). Attempting to manually obtain color information of particular point in the image
runnable program and origin image:
crash_code.txt

What did you expect to see?

I think image.Decode function should return either a valid image.Image or error. If the origin image has internal error, decoder should at least reject it and throw corresponding error, instead of returning an invalid image.
the no empty image returned from Decode can guarantee it's validity. We can easily get whatever pixel color information in this image.

What did you see instead?

Version:  go1.17.1
(0,0)-(600,600)
panic: runtime error: index out of range [237] with length 80

goroutine 1 [running]:
image.(*Paletted).At(0x10ede00, 0xc00000e018, 0xc00013def0)
        /usr/local/go/src/image/image.go:1157 +0xa9
main.main()
        /Users/hangfan.liu/git.garena.com/shopee/crawler/internal/crawlsvr/tool/crash/crash.go:31 +0x2b5

Process finished with the exit code 2

1. image.Decode return a no nill image.Paletted without error
2. ensure that the point(73,41) is inside of the bounds
3. Attempting to get color:=img.At(73,41)
4. panic occur: index out of range [237] with length 80
5. some thinking: should fix image/png/reader or manually add additional checker function after image.Decode? Obviously the second one is not reasonable.

[mknyszek]

CC @nigeltao via https://dev.golang.org/owners

[mknyszek]

Is this issue new in the latest release, or has it always been there? Also, I noticed you're using image.Paletted, but does your image follow the same format? It's possible that it's impossible for the image package to actually detect this. What happens if you use something like NRGBA?

[mknyszek]

Also, please provide more detailed steps to reproduce, and the image itself, if possible.

[gopherbot]

Change https://golang.org/cl/354709 mentions this issue: image/png: fix interlaced palette out-of-bounds