diff options
author | Marti Maria <info@littlecms.com> | 2012-05-23 17:33:33 +0200 |
---|---|---|
committer | Marti Maria <info@littlecms.com> | 2012-05-23 17:33:33 +0200 |
commit | 9e246ece55017da090a842e0cf3273483f32afa1 (patch) | |
tree | 0bda2dc945b45c5ee9b66827935c54230951c130 | |
parent | 24b8bdfdf831b3bc017514ff76260aa386ee59f2 (diff) | |
download | lcms2-9e246ece55017da090a842e0cf3273483f32afa1.tar.gz |
More extra checks
-rw-r--r-- | AUTHORS | 1 | ||||
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | src/cmsopt.c | 3 | ||||
-rw-r--r-- | src/cmstypes.c | 2 |
4 files changed, 4 insertions, 3 deletions
@@ -25,6 +25,7 @@ Michael Vhrel (Artifex) Robin Watts (Artifex) Michal Cihar Daniel Kaneider +Mateusz Jurczyk (Google) Special Thanks -------------- @@ -72,3 +72,4 @@ Added a new plug-in type Internal stage structs are now accessible through plug-in API Fixed a bug on ending zero when saving a IT8 to memory Fixed a bug on IT8 reading of negative numbers. +Increased security checks, thanks to Mateusz Jurczyk, from Google. diff --git a/src/cmsopt.c b/src/cmsopt.c index 1347e3d..8d0f62f 100644 --- a/src/cmsopt.c +++ b/src/cmsopt.c @@ -547,9 +547,6 @@ cmsBool OptimizeByResampling(cmsPipeline** Lut, cmsUInt32Number Intent, cmsUInt3 // This is a loosy optimization! does not apply in floating-point cases if (_cmsFormatterIsFloat(*InputFormat) || _cmsFormatterIsFloat(*OutputFormat)) return FALSE; - - - ColorSpace = _cmsICCcolorSpace(T_COLORSPACE(*InputFormat)); OutputColorSpace = _cmsICCcolorSpace(T_COLORSPACE(*OutputFormat)); nGridPoints = _cmsReasonableGridpointsByColorspace(ColorSpace, *dwFlags); diff --git a/src/cmstypes.c b/src/cmstypes.c index 2d4d2b2..ffdcc7d 100644 --- a/src/cmstypes.c +++ b/src/cmstypes.c @@ -1738,6 +1738,8 @@ void *Type_LUT8_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cms if (!_cmsReadUInt8Number(io, &OutputChannels)) goto Error; if (!_cmsReadUInt8Number(io, &CLUTpoints)) goto Error; + if (CLUTpoints == 1) goto Error; // Impossible value, 0 for no CLUT and then 2 at least + // Padding if (!_cmsReadUInt8Number(io, NULL)) goto Error; |