packages/lcms2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lcms2/fix-arry-bounds-on-writing-matrices.patch
overweight 26944f8d5c Package init
2019-09-30 10:54:36 -04:00

148 lines
5.9 KiB
Diff
Raw Blame History

From 9632a058a0c617a6461a1c32bc437fef87b3de9c Mon Sep 17 00:00:00 2001
From: Marti Maria <info@littlecms.com>
Date: Sun, 12 May 2019 20:24:37 +0200
Subject: [PATCH] fix array bounds on writing matrices
fixed a out-of-bounds error on certain conditions
---
src/cmstypes.c | 84 ++++++++++++++++++++++++--------------------------
1 file changed, 40 insertions(+), 44 deletions(-)
diff --git a/src/cmstypes.c b/src/cmstypes.c
index 521bef0..74c7aed 100644
--- a/src/cmstypes.c
+++ b/src/cmstypes.c
@@ -1853,7 +1853,7 @@ void *Type_LUT8_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cms
static
cmsBool Type_LUT8_Write(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, void* Ptr, cmsUInt32Number nItems)
{
- cmsUInt32Number j, nTabSize;
+ cmsUInt32Number j, nTabSize, i, n;
cmsUInt8Number val;
cmsPipeline* NewLUT = (cmsPipeline*) Ptr;
cmsStage* mpe;
@@ -1902,22 +1902,19 @@ cmsBool Type_LUT8_Write(struct _cms_typehandler_struct* self, cmsIOHANDLER* io,
if (!_cmsWriteUInt8Number(io, (cmsUInt8Number) clutPoints)) return FALSE;
if (!_cmsWriteUInt8Number(io, 0)) return FALSE; // Padding
+ n = NewLUT->InputChannels * NewLUT->OutputChannels;
if (MatMPE != NULL) {
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[0])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[1])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[2])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[3])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[4])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[5])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[6])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[7])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[8])) return FALSE;
-
+ for (i = 0; i < n; i++)
+ {
+ if (!_cmsWrite15Fixed16Number(io, MatMPE->Double[i])) return FALSE;
+ }
}
else {
+ if (n != 9) return FALSE;
+
if (!_cmsWrite15Fixed16Number(io, 1)) return FALSE;
if (!_cmsWrite15Fixed16Number(io, 0)) return FALSE;
if (!_cmsWrite15Fixed16Number(io, 0)) return FALSE;
@@ -2143,7 +2140,7 @@ void *Type_LUT16_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cm
static
cmsBool Type_LUT16_Write(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, void* Ptr, cmsUInt32Number nItems)
{
- cmsUInt32Number nTabSize;
+ cmsUInt32Number nTabSize, n;
cmsPipeline* NewLUT = (cmsPipeline*) Ptr;
cmsStage* mpe;
_cmsStageToneCurvesData* PreMPE = NULL, *PostMPE = NULL;
@@ -2194,21 +2191,20 @@ cmsBool Type_LUT16_Write(struct _cms_typehandler_struct* self, cmsIOHANDLER* io
if (!_cmsWriteUInt8Number(io, (cmsUInt8Number) clutPoints)) return FALSE;
if (!_cmsWriteUInt8Number(io, 0)) return FALSE; // Padding
+ n = NewLUT->InputChannels * NewLUT->OutputChannels;
if (MatMPE != NULL) {
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[0])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[1])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[2])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[3])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[4])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[5])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[6])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[7])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, MatMPE -> Double[8])) return FALSE;
+ for (i = 0; i < n; i++)
+ {
+ if (!_cmsWrite15Fixed16Number(io, MatMPE->Double[i])) return FALSE;
+ }
+
}
else {
+ if (n != 9) return FALSE;
+
if (!_cmsWrite15Fixed16Number(io, 1)) return FALSE;
if (!_cmsWrite15Fixed16Number(io, 0)) return FALSE;
if (!_cmsWrite15Fixed16Number(io, 0)) return FALSE;
@@ -2550,31 +2546,31 @@ void* Type_LUTA2B_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, c
static
cmsBool WriteMatrix(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsStage* mpe)
{
- _cmsStageMatrixData* m = (_cmsStageMatrixData*) mpe -> Data;
-
- // Write the Matrix
- if (!_cmsWrite15Fixed16Number(io, m -> Double[0])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, m -> Double[1])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, m -> Double[2])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, m -> Double[3])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, m -> Double[4])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, m -> Double[5])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, m -> Double[6])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, m -> Double[7])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, m -> Double[8])) return FALSE;
-
- if (m ->Offset != NULL) {
+ cmsUInt32Number i, n;
- if (!_cmsWrite15Fixed16Number(io, m -> Offset[0])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, m -> Offset[1])) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, m -> Offset[2])) return FALSE;
- }
- else {
- if (!_cmsWrite15Fixed16Number(io, 0)) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, 0)) return FALSE;
- if (!_cmsWrite15Fixed16Number(io, 0)) return FALSE;
+ _cmsStageMatrixData* m = (_cmsStageMatrixData*) mpe -> Data;
- }
+ n = mpe->InputChannels * mpe->OutputChannels;
+
+ // Write the Matrix
+ for (i = 0; i < n; i++)
+ {
+ if (!_cmsWrite15Fixed16Number(io, m->Double[i])) return FALSE;
+ }
+
+ if (m->Offset != NULL) {
+
+ for (i = 0; i < mpe->OutputChannels; i++)
+ {
+ if (!_cmsWrite15Fixed16Number(io, m->Offset[i])) return FALSE;
+ }
+ }
+ else {
+ for (i = 0; i < mpe->OutputChannels; i++)
+ {
+ if (!_cmsWrite15Fixed16Number(io, 0)) return FALSE;
+ }
+ }
return TRUE;
Reference in New Issue View Git Blame Copy Permalink