Infinite loop when decoding some files on miniz_oxide branch

[Shnatsel]

Decoding some deliberately crafted files on miniz_oxide branch causes an infinite loop. The issue has been found via cargo-fuzz.

Files triggering the issue: miniz-oxide-hangs.tar.gz They do not contain valid checksums, make sure you disable checksum verification by passing --cfg=fuzzing to rustc.

This seems to be the only issue blocking the merge of miniz_oxide branch into master, which would bring up to 3x performance improvement.

[Shnatsel]

Flame graph:

I've added dbg! around the update call to see what it returns, here it is:

[image-png/src/decoder/mod.rs:146] self.decoder.update(buf, image_data) = Ok(
    (
        0,
        PartialChunk(
            [
                73,
                68,
                65,
                84,
            ],
        ),
    ),
)
[image-png/src/decoder/mod.rs:146] self.decoder.update(buf, image_data) = Ok(
    (
        0,
        ImageData,
    ),
)

This just repeats over and over.

[Mrmaxmeier]

This does not seem to be fully fixed (or regressed at some point?). Here's an input file that shows the same behaviour:

$ echo "iVBORw0KGgr/6wDLSURBVEiJS1cBAAAK9bEsRUxM" | base64 -d > input.bin
$ cargo fuzz run decode input.bin -- -timeout=1
[...]
[image-png/src/decoder/mod.rs:307] self.decoder.update(buf, image_data) = Ok(
    (
        0,
        ImageData,
    ),
)
[...]
SUMMARY: libFuzzer: timeout

[fintelia]

Just tested all the images referenced in this thread and they're all now handled properly.

The files from miniz-oxide-hangs.tar.gz all have height=0, which was addressed in #445 (and perhaps earlier). The input.bin example has a IDAT chunk before any IHDR, which #456 now specifically rejects.