[babl] icc: add offset bounds checks to read_sign

From: Øyvind "pippin" Kolås <ok src gnome org>
To: commits-list gnome org
Cc:
Subject: [babl] icc: add offset bounds checks to read_sign
Date: Wed, 3 Feb 2021 00:12:06 +0000 (UTC)

commit 607d453049f92539ec164bc3180567bea19c61cd
Author: Øyvind Kolås <pippin gimp org>
Date:   Wed Feb 3 01:00:16 2021 +0100

    icc: add offset bounds checks to read_sign

 babl/babl-icc.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
---
diff --git a/babl/babl-icc.c b/babl/babl-icc.c
index b5e426947..52a35d2a5 100644
--- a/babl/babl-icc.c
+++ b/babl/babl-icc.c
@@ -322,6 +322,11 @@ read_sign (ICC *state,
            int  offset)
 {
   sign_t ret;
+  if (offset < 0 || offset > state->length - 4)
+  {
+    for (int i = 0; i < 5; i ++) ret.str[0]=0;
+    return ret;
+  }
   ret.str[0]=icc_read (u8, offset);
   ret.str[1]=icc_read (u8, offset + 1);
   ret.str[2]=icc_read (u8, offset + 2);
@@ -1191,7 +1196,7 @@ babl_space_from_icc (const char   *icc_data,
                 trc_red, trc_green, trc_blue);
 
        babl_free (state);
-       ret->space.icc_length = icc_length;
+       ret->space.icc_length  = icc_length;
        ret->space.icc_profile = malloc (icc_length);
        memcpy (ret->space.icc_profile, icc_data, icc_length);
        return ret;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]