diff options
author | Marti Maria <info@littlecms.com> | 2018-09-10 11:26:27 +0200 |
---|---|---|
committer | Marti Maria <info@littlecms.com> | 2018-09-10 11:26:27 +0200 |
commit | 32f0c458c910a033375c57b46d7a3c1c606e6cbc (patch) | |
tree | 81fe135b192f26398989145df18a7fbc50c07133 | |
parent | 768f70ca405cd3159d990e962d54456773bb8cf8 (diff) | |
download | lcms2-32f0c458c910a033375c57b46d7a3c1c606e6cbc.tar.gz |
Reported bug from quangnh89
- Turns a warning into a fatal error.
I have tested the profile against a normal use and found despite this is
a real bug, it is harmless in the security context. The out of bounds
condition can only be reached by building a special program.
Yet-existing, normal code are unaffected as it never needs to do this
particular sequence. I agree it is better to turn this warning into a
fatal error in order to keep safe.
NOT RELATED WITH SECURITY. IT CANNOT BE USED TO DO ANY EXPLOIT.
-rw-r--r-- | src/cmsio0.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/cmsio0.c b/src/cmsio0.c index 90c79d0..ffebfa3 100644 --- a/src/cmsio0.c +++ b/src/cmsio0.c @@ -1599,6 +1599,7 @@ void* CMSEXPORT cmsReadTag(cmsHPROFILE hProfile, cmsTagSignature sig) _cmsTagSignature2String(String, sig); cmsSignalError(Icc ->ContextID, cmsERROR_CORRUPTION_DETECTED, "'%s' Inconsistent number of items: expected %d, got %d", String, TagDescriptor ->ElemCount, ElemCount); + goto Error; } |