diff options
| author | Marti Maria <marti.maria@littlecms.com> | 2023-04-15 11:53:33 +0200 |
|---|---|---|
| committer | Marti Maria <marti.maria@littlecms.com> | 2023-04-15 11:53:33 +0200 |
| commit | b0541c2c147a0a9ef7aa0f00d16c032d984f5387 (patch) | |
| tree | a24d4a5f7631513429942992233468eac43dce25 | |
| parent | bce906a970683fdb692d4174c067b977c8ab6aa7 (diff) | |
| download | lcms2-b0541c2c147a0a9ef7aa0f00d16c032d984f5387.tar.gz | |
Add check for ill-formed CGATS
Guard against redimensioning data in CGATS
| -rw-r--r-- | src/cmscgats.c | 11 | ||||
| -rw-r--r-- | testbed/testcms2.c | 39 |
2 files changed, 45 insertions, 5 deletions
diff --git a/src/cmscgats.c b/src/cmscgats.c index e1b57f0..6dc97ee 100644 --- a/src/cmscgats.c +++ b/src/cmscgats.c @@ -1263,7 +1263,12 @@ KEYVALUE* AddToList(cmsIT8* it8, KEYVALUE** Head, const char *Key, const char *S // This may work for editing properties - // return SynError(it8, "duplicate key <%s>", Key); + if (cmsstrcasecmp(Key, "NUMBER_OF_FIELDS") == 0 || + cmsstrcasecmp(Key, "NUMBER_OF_SETS") == 0) { + + SynError(it8, "duplicate key <%s>", Key); + return NULL; + } } else { @@ -2470,7 +2475,7 @@ cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, const void *Ptr, cm if (it8->MemoryBlock == NULL) { cmsIT8Free(hIT8); - return FALSE; + return NULL; } strncpy(it8 ->MemoryBlock, (const char*) Ptr, len); @@ -2482,7 +2487,7 @@ cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, const void *Ptr, cm if (!ParseIT8(it8, type-1)) { cmsIT8Free(hIT8); - return FALSE; + return NULL; } CookPointers(it8); diff --git a/testbed/testcms2.c b/testbed/testcms2.c index 998ccc9..48230ea 100644 --- a/testbed/testcms2.c +++ b/testbed/testcms2.c @@ -8503,6 +8503,40 @@ int CheckLinearSpacesOptimization(void) #endif + +static +int CheckBadCGATS(void) +{ + const char* bad_it8 = + " \"\"\n" + "NUMBER_OF_FIELDS 4\n" + "BEGIN_DATA_FORMAT\n" + "I R G G\n" + "END_DATA_FORMAT\n" + "NUMBER_OF_FIELDS 9\n" + "NUMBER_OF_SETS 2\n" + "BEGIN_DATA\n" + "d\n" + "0 0Bd\n" + "0Ba $ $ t ."; + + cmsHANDLE hIT8; + + cmsSetLogErrorHandler(NULL); + + hIT8 = cmsIT8LoadFromMem(0, bad_it8, strlen(bad_it8)); + + ResetFatalError(); + + if (hIT8 != NULL) + { + Fail("Wrong IT8 accepted as ok"); + cmsIT8Free(hIT8); + } + + return 1; +} + static int CheckIntToFloatTransform(void) { @@ -9253,9 +9287,9 @@ int main(int argc, char* argv[]) printf("Installing error logger ... "); cmsSetLogErrorHandler(FatalErrorQuit); printf("done.\n"); - + PrintSupportedIntents(); - + Check("Base types", CheckBaseTypes); Check("endianness", CheckEndianness); Check("quick floor", CheckQuickFloor); @@ -9461,6 +9495,7 @@ int main(int argc, char* argv[]) Check("Gamma space detection", CheckGammaSpaceDetection); Check("Unbounded mode w/ integer output", CheckIntToFloatTransform); Check("Corrupted built-in by using cmsWriteRawTag", CheckInducedCorruption); + Check("Bad CGATS file", CheckBadCGATS); } if (DoPluginTests) |