If colorUsed is 0, the number of palette is 2 to the power of bit per pixel.
testdata/colormap-251.{bmp,png} are added for testing 8-bit format with colorUsed less than 256.
testdata/colormap-0.{bmp,png} are added for testing 8-bit format with colorUsed 0.

Fixes golang/go#61240

Change-Id: I1a627a570f667874a91c517f4a771e9e97d2af6b
Reviewed-on: https://go-review.googlesource.com/c/image/+/508575
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
Reviewed-by: Nigel Tao <[email protected]>
Reviewed-by: Nigel Tao (INACTIVE; USE @golang.org INSTEAD) <[email protected]>
Auto-Submit: Dmitri Shuralyov <[email protected]>
Run-TryBot: Nigel Tao <[email protected]>

Fix two paths by which a malicious image could cause unreasonable
amounts of CPU consumption while decoding.

Avoid iterating over every horizontal pixel when decoding
a 0-height tiled image.

Limit the amount of data that will be decompressed per tile.

Thanks to Philippe Antoine (Catena cyber) for reporting this issue.

Fixes CVE-2023-29407
Fixes CVE-2023-29408
Fixes golang/go#61581
Fixes golang/go#61582

Change-Id: I8cbb26fa06843c6fe9fa99810cb1315431fa7d1d
Reviewed-on: https://go-review.googlesource.com/c/image/+/514897
Reviewed-by: Roland Shoemaker <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Auto-Submit: Damien Neil <[email protected]>
Run-TryBot: Damien Neil <[email protected]>