[babl] ICC: verify validity of data-ranges for ICC tags

From: Øyvind "pippin" Kolås <ok src gnome org>
To: commits-list gnome org
Cc:
Subject: [babl] ICC: verify validity of data-ranges for ICC tags
Date: Wed, 24 Aug 2022 11:24:02 +0000 (UTC)

commit 8f91c5ac7a6ebe90ab484ec91fc6c4edba48581f
Author: Øyvind Kolås <pippin gimp org>
Date:   Wed Aug 24 13:23:15 2022 +0200

    ICC: verify validity of data-ranges for ICC tags
    
    Fixing issue #78

 babl/babl-icc.c | 8 ++++++++
 1 file changed, 8 insertions(+)
---
diff --git a/babl/babl-icc.c b/babl/babl-icc.c
index fa461cd11..3deb29b81 100644
--- a/babl/babl-icc.c
+++ b/babl/babl-icc.c
@@ -365,6 +365,14 @@ icc_tag (ICC        *state,
           *offset = icc_read (u32, TAG_COUNT_OFF + 4 + 12* t + 4);
         if (el_length)
           *el_length = icc_read (u32, TAG_COUNT_OFF + 4 + 12* t + 4*2);
+
+        if (*offset + *el_length > state->length || *offset < 0)
+        {
+           *offset = 0;
+           *el_length = 0;
+           return 0; // broken input
+        }
+
         return 1;
      }
   }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]