Use-of-uninitialized-value in HeifContext::has_alpha #1305
Description
Oss-fuzz has detected a new issue in libheif as part of GraphicsMagick oss-fuzz testing. The issue (still private) is oss-fuzz 71492.
The backtrace (including in GraphicsMagick) looks like this:
==1674==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x5c66f6788101 in HeifContext::has_alpha(unsigned int) const [libheif/libheif/context.cc:848](https://github.com/strukturag/libheif/blob/8cc6c796ac706bdf99c1f6f82f32b7873bbbf19d/libheif/context.cc#L848):46
#1 0x5c66f6585722 in heif_image_handle_has_alpha_channel [libheif/libheif/api/libheif/heif.cc:1103](https://github.com/strukturag/libheif/blob/8cc6c796ac706bdf99c1f6f82f32b7873bbbf19d/libheif/api/libheif/heif.cc#L1103):27
#2 0x5c66f61b48c7 in ReadHEIFImage /src/graphicsmagick/coders/heif.c:593:7
#3 0x5c66f5f28a2c in ReadImage /src/graphicsmagick/magick/constitute.c:1682:13
#4 0x5c66f5ecd01a in BlobToImage /src/graphicsmagick/magick/blob.c:785:13
#5 0x5c66f5e48b86 in Magick::Image::read(Magick::Blob const&) /src/graphicsmagick/Magick++/lib/Image.cpp:1592:5
#6 0x5c66f5e34eb4 in LLVMFuzzerTestOneInput /src/graphicsmagick/fuzzing/coder_fuzzer.cc:24:11
#7 0x5c66f5d31350 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
#8 0x5c66f5d1bae4 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6
#9 0x5c66f5d2157a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9
#10 0x5c66f5d4d972 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#11 0x7e2cda7ad082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16
#12 0x5c66f5d125bd in _start
Uninitialized value was created by an allocation of 'chroma' in the stack frame
#0 0x5c66f6786afc in HeifContext::has_alpha(unsigned int) const [libheif/libheif/context.cc:845](https://github.com/strukturag/libheif/blob/8cc6c796ac706bdf99c1f6f82f32b7873bbbf19d/libheif/context.cc#L845):3
This is the input file which causes the issue (a bogus extension is added to defeat Github):
