From 0d0f6d4710bd60e052fcb2ccad0e48b101a81ae4 Mon Sep 17 00:00:00 2001
From: Jinny You <jinny@lottiefiles.com>
Date: Wed, 27 Mar 2024 18:02:32 +0900
Subject: [PATCH] lottie: Fix crash when an invalid gradient is provided

When lottie is broken and provides invalid gradient, the program crashes in segmentation fault.

At that time, in the `populate` function, `ColorStop& color` doesn't have `input` but tries to use it.

Added checking nullptr logic. The function `populate` will not proceed and return 0 in that case.

related issue: #2072
---
 src/loaders/lottie/tvgLottieModel.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/loaders/lottie/tvgLottieModel.h b/src/loaders/lottie/tvgLottieModel.h
index 67de8eb5..1226d916 100644
--- a/src/loaders/lottie/tvgLottieModel.h
+++ b/src/loaders/lottie/tvgLottieModel.h
@@ -381,6 +381,9 @@ struct LottieGradient : LottieObject
 {
     uint32_t populate(ColorStop& color)
     {
+        colorStops.populated = true;
+        if (!color.input) return 0;
+
         uint32_t alphaCnt = (color.input->count - (colorStops.count * 4)) / 2;
         Array<Fill::ColorStop> output(colorStops.count + alphaCnt);
         uint32_t cidx = 0;               //color count
@@ -455,7 +458,6 @@ struct LottieGradient : LottieObject
         color.input->reset();
         delete(color.input);
 
-        colorStops.populated = true;
         return output.count;
     }