From ef7ac54a15e3935a46721b9ebe5cb27d6e02bdd2 Mon Sep 17 00:00:00 2001
From: Kornel <kornel@geekhood.net>
Date: Sat, 4 Jan 2025 00:08:34 +0000
Subject: [PATCH] Avoid panic

---
 src/decoder.rs  | 6 +++++-
 src/lossless.rs | 8 ++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/decoder.rs b/src/decoder.rs
index 147e758..e46c9ea 100644
--- a/src/decoder.rs
+++ b/src/decoder.rs
@@ -612,8 +612,12 @@ impl<R: BufRead + Seek> WebPDecoder<R> {
     }
 
     /// Returns the raw bytes of the image. For animated images, this is the first frame.
+    ///
+    /// Fails with `ImageTooLarge` if `buf` has length different than `output_buffer_size()`
     pub fn read_image(&mut self, buf: &mut [u8]) -> Result<(), DecodingError> {
-        assert_eq!(Some(buf.len()), self.output_buffer_size());
+        if Some(buf.len()) != self.output_buffer_size() {
+            return Err(DecodingError::ImageTooLarge);
+        }
 
         if self.is_animated() {
             let saved = std::mem::take(&mut self.animation);
diff --git a/src/lossless.rs b/src/lossless.rs
index ec95f0d..8a63036 100644
--- a/src/lossless.rs
+++ b/src/lossless.rs
@@ -787,10 +787,10 @@ impl<R: BufRead> BitReader<R> {
         let value = self.peek(num) as u32;
         self.consume(num)?;
 
-        match value.try_into() {
-            Ok(value) => Ok(value),
-            Err(_) => unreachable!("Value too large to fit in type"),
-        }
+        value.try_into().map_err(|_| {
+            debug_assert!(false, "Value too large to fit in type");
+            DecodingError::BitStreamError
+        })
     }
 }