diff options
author | Richard Hughes <richard@hughsie.com> | 2017-12-17 13:17:27 +0000 |
---|---|---|
committer | Richard Hughes <richard@hughsie.com> | 2017-12-17 13:18:04 +0000 |
commit | 2c92e03775a15bcd304ef39e9a3220496fc9168a (patch) | |
tree | 4e892bb9a8adb5004fd45c92bdf396a2d3bd7932 | |
parent | f08c25ddd93ad3fa691172119a038465cd178420 (diff) | |
download | colord-2c92e03775a15bcd304ef39e9a3220496fc9168a.tar.gz |
Avoid buffer overflow when reading profile_id
Based on a patch by Jan Alexander Steffens, many thanks.
Fixes half of: https://bugs.freedesktop.org/show_bug.cgi?id=104294
-rw-r--r-- | lib/colord/cd-icc.c | 62 |
1 files changed, 29 insertions, 33 deletions
diff --git a/lib/colord/cd-icc.c b/lib/colord/cd-icc.c index 99fa27b..5e9441a 100644 --- a/lib/colord/cd-icc.c +++ b/lib/colord/cd-icc.c @@ -213,6 +213,32 @@ cd_icc_write_tag (CdIcc *icc, cmsTagSignature sig, gpointer data, GError **error return FALSE; } +static gchar * +cd_icc_get_precooked_md5 (cmsHPROFILE lcms_profile) +{ + cmsUInt8Number icc_id[16]; + gboolean md5_precooked = FALSE; + gchar *md5 = NULL; + guint i; + + /* check to see if we have a pre-cooked MD5 */ + cmsGetHeaderProfileID (lcms_profile, icc_id); + for (i = 0; i < 16; i++) { + if (icc_id[i] != 0) { + md5_precooked = TRUE; + break; + } + } + if (md5_precooked == FALSE) + return NULL; + + /* convert to a hex string */ + md5 = g_new0 (gchar, 32 + 1); + for (i = 0; i < 16; i++) + g_snprintf (md5 + i * 2, 3, "%02x", icc_id[i]); + return md5; +} + /** * cd_icc_to_string: * @icc: a #CdIcc instance. @@ -240,7 +266,7 @@ cd_icc_to_string (CdIcc *icc) guint32 number_tags; guint32 tmp; guint64 header_flags; - guint8 profile_id[4]; + g_autofree gchar *profile_id = NULL; g_return_val_if_fail (CD_IS_ICC (icc), NULL); @@ -335,12 +361,8 @@ cd_icc_to_string (CdIcc *icc) g_string_append_printf (str, " Creator\t= %s\n", tag_str); /* profile ID */ - cmsGetHeaderProfileID (priv->lcms_profile, profile_id); - g_string_append_printf (str, " Profile ID\t= 0x%02x%02x%02x%02x\n", - profile_id[0], - profile_id[1], - profile_id[2], - profile_id[3]); + profile_id = cd_icc_get_precooked_md5 (priv->lcms_profile); + g_string_append_printf (str, " Profile ID\t= %s", profile_id); /* print tags */ g_string_append (str, "\n"); @@ -817,32 +839,6 @@ const struct { { 0, CD_COLORSPACE_LAST } }; -static gchar * -cd_icc_get_precooked_md5 (cmsHPROFILE lcms_profile) -{ - cmsUInt8Number icc_id[16]; - gboolean md5_precooked = FALSE; - gchar *md5 = NULL; - guint i; - - /* check to see if we have a pre-cooked MD5 */ - cmsGetHeaderProfileID (lcms_profile, icc_id); - for (i = 0; i < 16; i++) { - if (icc_id[i] != 0) { - md5_precooked = TRUE; - break; - } - } - if (md5_precooked == FALSE) - return NULL; - - /* convert to a hex string */ - md5 = g_new0 (gchar, 32 + 1); - for (i = 0; i < 16; i++) - g_snprintf (md5 + i * 2, 3, "%02x", icc_id[i]); - return md5; -} - static gboolean cd_icc_calc_whitepoint (CdIcc *icc, GError **error) { |