Executing Image.convert function crashes Godot

[qarmin]

Godot version

4.2.beta.custom_build. e38686f

System information

Ubuntu 22.04 CI

Issue description

When executing (this code was automatically minimized, so it is possible, that an even more "minimal" project can be created)

extends Node
func _process(delta):
	for i in get_children():
		i.queue_free()
	var temp_variable8899 = Image.new()
	temp_variable8899.crop(79, 42)
	temp_variable8899.convert(10)
	temp_variable8899.generate_mipmaps(false)
	temp_variable8899.convert(-19)

Godot crashes:

Godot Engine v4.2.beta.custom_build.e38686f85 - https://godotengine.org
Time set to: 0 seconds.
Loaded settings:
modules/gdscript/gdscript_vm.cpp:698:13: runtime error: store to misaligned address 0x62100012df5c for type '<unknown> *', which requires 8 byte alignment
0x62100012df5c: note: pointer points here
  04 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  15 00 00 00 10 00 00 01  14 00 00 00 06 00 00 00
              ^ 
'add_arguments_to_tree' with value 'true'
modules/gdscript/gdscript_vm.cpp:705:42: runtime error: load of misaligned address 0x62100012df5c for type '<unknown> *', which requires 8 byte alignment
0x62100012df5c: note: pointer points here
  04 00 00 00 05 03 fc 1a  71 55 00 00 00 00 00 00  15 00 00 00 10 00 00 01  14 00 00 00 06 00 00 00
              ^ 
'delay_removing_added_arguments_to_next_frame' with value 'true'
######################## Ending test ########################
ERROR: The Image format specified (4294967277) is out of range. See Image's Format enum.
   at: initialize_data (core/io/image.cpp:2175)
core/io/image.cpp:3633:9: runtime error: null pointer passed as argument 1, which is declared to never be null
core/io/image.cpp:3633:9: runtime error: null pointer passed as argument 2, which is declared to never be null
ERROR: Index p_x = 0 is out of bounds (width = 0).
   at: set_pixel (core/io/image.cpp:3293)
ERROR: Index p_x = 1 is out of bounds (width = 0).
   at: set_pixel (core/io/image.cpp:3293)
....
ERROR: Index p_x = 72 is out of bounds (width = 0).
   at: set_pixel (core/io/image.cpp:3293)
ERROR: Index p_x = 73 is out of bounds (width = 0).
   at: set_pixel (core/io/image.cpp:3293)
ERROR: Index p_x = 74 is out of bounds (width = 0).
   at: set_pixel (core/io/image.cpp:3293)
ERROR: Index p_x = 75 is out of bounds (width = 0).
   at: set_pixel (core/io/image.cpp:3293)
ERROR: Index p_x = 76 is out of bounds (width = 0).
   at: set_pixel (core/io/image.cpp:3293)
ERROR: Index p_x = 77 is out of bounds (width = 0).
   at: set_pixel (core/io/image.cpp:3293)
ERROR: Index p_x = 78 is out of bounds (width = 0).
   at: set_pixel (core/io/image.cpp:3293)
core/io/image.cpp:544:10: runtime error: null pointer passed as argument 1, which is declared to never be null
core/io/image.cpp:544:10: runtime error: null pointer passed as argument 2, which is declared to never be null
================================================================
handle_crash: Program crashed with signal 11
Engine version: Godot Engine v4.2.beta.custom_build (e38686f85b768a451dc06324fe2471adc8665448)
Dumping the backtrace. Please include this when reporting the bug to the project developer.
[1] ./godot.linuxbsd.editor.dev.x86_64.san(+0x3a26def1) [0x55710080eef1] (/home/runner/work/Qarminer/Qarminer/godot/platform/linuxbsd/crash_handler_linuxbsd.cpp:61)
[2] /lib/x86_64-linux-gnu/libc.so.6(+0x42520) [0x7fc121842520] (??:0)
[3] /lib/x86_64-linux-gnu/libc.so.6(+0xc49bf) [0x7fc1218c49bf] (??:0)
[4] Image::get_image_from_mipmap(int) const (/home/runner/work/Qarminer/Qarminer/godot/core/io/image.cpp:3636)
[5] Image::convert(Image::Format) (/home/runner/work/Qarminer/Qarminer/godot/core/io/image.cpp:534)
[6] void call_with_variant_args_helper<__UnexistingClass, Image::Format, 0ul>(__UnexistingClass*, void (__UnexistingClass::*)(Image::Format), Variant const**, Callable::CallError&, IndexSequence<0ul>) (/home/runner/work/Qarminer/Qarminer/godot/./core/variant/binder_common.h:308 (discriminator 4))
[7] void call_with_variant_args_dv<__UnexistingClass, Image::Format>(__UnexistingClass*, void (__UnexistingClass::*)(Image::Format), Variant const**, int, Callable::CallError&, Vector<Variant> const&) (/home/runner/work/Qarminer/Qarminer/godot/./core/variant/binder_common.h:421)
[8] MethodBindT<Image::Format>::call(Object*, Variant const**, int, Callable::CallError&) const (/home/runner/work/Qarminer/Qarminer/godot/./core/object/method_bind.h:335)
[9] Object::callp(StringName const&, Variant const**, int, Callable::CallError&) (/home/runner/work/Qarminer/Qarminer/godot/core/object/object.cpp:775)
[10] Variant::callp(StringName const&, Variant const**, int, Variant&, Callable::CallError&) (/home/runner/work/Qarminer/Qarminer/godot/core/variant/variant_call.cpp:1168)
[11] GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Callable::CallError&, GDScriptFunction::CallState*) (/home/runner/work/Qarminer/Qarminer/godot/modules/gdscript/gdscript_vm.cpp:1705)
[12] GDScriptInstance::callp(StringName const&, Variant const**, int, Callable::CallError&) (/home/runner/work/Qarminer/Qarminer/godot/modules/gdscript/gdscript.cpp:1896)
[13] bool Node::_gdvirtual__process_call<false>(double) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/node.h:318 (discriminator 1))
[14] Node::_notification(int) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/node.cpp:58)
[15] Node::_notificationv(int, bool) (/home/runner/work/Qarminer/Qarminer/godot/./scene/main/node.h:49 (discriminator 14))
[16] Object::notification(int, bool) (/home/runner/work/Qarminer/Qarminer/godot/core/object/object.cpp:840)
[17] SceneTree::_process_group(SceneTree::ProcessGroup*, bool) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/scene_tree.cpp:951)
[18] SceneTree::_process(bool) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/scene_tree.cpp:1023 (discriminator 2))
[19] SceneTree::process(double) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/scene_tree.cpp:510)
[20] Main::iteration() (/home/runner/work/Qarminer/Qarminer/godot/main/main.cpp:3636)
[21] OS_LinuxBSD::run() (/home/runner/work/Qarminer/Qarminer/godot/platform/linuxbsd/os_linuxbsd.cpp:933)
[22] ./godot.linuxbsd.editor.dev.x86_64.san(main+0x58f) [0x55710080e958] (/home/runner/work/Qarminer/Qarminer/godot/platform/linuxbsd/godot_linuxbsd.cpp:76)
[23] /lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x7fc121829d90] (??:0)
[24] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x7fc121829e40] (??:0)
[25] ./godot.linuxbsd.editor.dev.x86_64.san(_start+0x25) [0x55710080e305] (??:?)
-- END OF BACKTRACE --
================================================================
Aborted (core dumped)

This example was found by Godot fuzzer - Qarminer, so it is quite unlikelly that this code could be used in real project, but still this should be handled gracefully.

Memory leaks or asan backtraces are visible when using Godot build with sanitizers support - https://github.com/qarmin/GodotBuilds/actions (linux -> linux-editor-sanitizers)

Steps to reproduce

Above

Minimal reproduction project

Above

[AThousandShips]

Missing format validity check, should be trivial to add a safety check

To clarify: when creating a new image this is checked, but when converting it isn't and the data is assumed to be valid, which it is not

[rsburke4]

Added a PR. Is this how you use the error system in Godot? Is just a message enough or should a specific code be returned? #84782