diff options
| author | Marti Maria <marti.maria@littlecms.com> | 2023-04-17 15:23:53 +0200 |
|---|---|---|
| committer | Marti Maria <marti.maria@littlecms.com> | 2023-04-17 15:23:53 +0200 |
| commit | 5b083856e928bd73a655c1d6c1255c49d973ceca (patch) | |
| tree | 1b87cf650653e36e5e532f544f96b8d3ff6890dc | |
| parent | b0541c2c147a0a9ef7aa0f00d16c032d984f5387 (diff) | |
| download | lcms2-5b083856e928bd73a655c1d6c1255c49d973ceca.tar.gz | |
prevent to allocate a big chunk of memory on corrupted LUT
Overflow here is harmless, but caller code may try to allocate a big chunk of memory, which will be immediatly freed because file size does not match.
| -rw-r--r-- | src/cmslut.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/cmslut.c b/src/cmslut.c index 77977fc..383f05c 100644 --- a/src/cmslut.c +++ b/src/cmslut.c @@ -475,6 +475,9 @@ cmsUInt32Number CubeSize(const cmsUInt32Number Dims[], cmsUInt32Number b) if (rv > UINT_MAX / dim) return 0; } + // Again, prevent overflow + if (rv > UINT_MAX / 15) return 0; + return rv; } |