Get rid of an undocumented feature

Which was abused by Fuzzer. since it was not documented now it is gone.

2 files changed, 32 insertions, 29 deletions

diff --git a/src/cmsio0.c b/src/cmsio0.c
index 545dfff..1e9b8a9 100644
--- a/src/cmsio0.c
+++ b/src/cmsio0.c
@@ -1825,6 +1825,9 @@ cmsUInt32Number CMSEXPORT cmsReadRawTag(cmsHPROFILE hProfile, cmsTagSignature si
     cmsUInt32Number rc;
     cmsUInt32Number Offset, TagSize;
 
+    // Sanity check
+    if (data != NULL && BufferSize == 0) return 0;
+
     if (!_cmsLockMutex(Icc->ContextID, Icc ->UsrMutex)) return 0;
 
     // Search for given tag in ICC profile directory
@@ -1844,7 +1847,7 @@ cmsUInt32Number CMSEXPORT cmsReadRawTag(cmsHPROFILE hProfile, cmsTagSignature si
         if (data != NULL) {
 
             if (BufferSize < TagSize)
-                TagSize = BufferSize;
+                goto Error;
 
             if (!Icc ->IOhandler ->Seek(Icc ->IOhandler, Offset)) goto Error;
             if (!Icc ->IOhandler ->Read(Icc ->IOhandler, data, 1, TagSize)) goto Error;
@@ -1866,7 +1869,7 @@ cmsUInt32Number CMSEXPORT cmsReadRawTag(cmsHPROFILE hProfile, cmsTagSignature si
 
             TagSize  = Icc ->TagSizes[i];
             if (BufferSize < TagSize)
-                TagSize = BufferSize;
+                goto Error;
 
             memmove(data, Icc ->TagPtrs[i], TagSize);
 
diff --git a/testbed/testcms2.c b/testbed/testcms2.c
index 02a9a7b..de753d2 100644
--- a/testbed/testcms2.c
+++ b/testbed/testcms2.c
@@ -7834,41 +7834,41 @@ cmsInt32Number CheckFloatSegments(void)
 static
 cmsInt32Number CheckReadRAW(void)
 {
-    cmsInt32Number tag_size, tag_size1;
-    char buffer[4];
-    cmsHPROFILE hProfile;
-    
+	cmsInt32Number tag_size, tag_size1;
+	char buffer[37009];
+	cmsHPROFILE hProfile;
 
-    SubTest("RAW read on on-disk");
-    hProfile = cmsOpenProfileFromFile("test1.icc", "r");
 
-    if (hProfile == NULL) 
-        return 0;
-    
-    tag_size = cmsReadRawTag(hProfile, cmsSigGamutTag, buffer, 4);
-    tag_size1 = cmsReadRawTag(hProfile, cmsSigGamutTag, NULL, 0);
+	SubTest("RAW read on on-disk");
+	hProfile = cmsOpenProfileFromFile("test1.icc", "r");
 
-    cmsCloseProfile(hProfile);
+	if (hProfile == NULL)
+		return 0;
+	tag_size1 = cmsReadRawTag(hProfile, cmsSigGamutTag, NULL, 0);
+	tag_size = cmsReadRawTag(hProfile, cmsSigGamutTag, buffer, 37009);
 
-    if (tag_size != 4)
-        return 0;
 
-    if (tag_size1 != 37009)
-        return 0;
+	cmsCloseProfile(hProfile);
 
-    SubTest("RAW read on in-memory created profiles");
-    hProfile = cmsCreate_sRGBProfile();
-    tag_size = cmsReadRawTag(hProfile, cmsSigGreenColorantTag, buffer, 4);
-    tag_size1 = cmsReadRawTag(hProfile, cmsSigGreenColorantTag, NULL, 0);
+	if (tag_size != 37009)
+		return 0;
 
-    cmsCloseProfile(hProfile);
+	if (tag_size1 != 37009)
+		return 0;
 
-    if (tag_size != 4)
-        return 0;
-    if (tag_size1 != 20)
-        return 0;
+	SubTest("RAW read on in-memory created profiles");
+	hProfile = cmsCreate_sRGBProfile();
+	tag_size1 = cmsReadRawTag(hProfile, cmsSigGreenColorantTag, NULL, 0);
+	tag_size = cmsReadRawTag(hProfile, cmsSigGreenColorantTag, buffer, 20);
 
-    return 1;
+	cmsCloseProfile(hProfile);
+
+	if (tag_size != 20)
+		return 0;
+	if (tag_size1 != 20)
+		return 0;
+
+	return 1;
 }
 
 
@@ -9458,7 +9458,7 @@ int main(int argc, char* argv[])
     Check("Parametric curve on Rec709", CheckParametricRec709);
     Check("Floating Point sampled curve with non-zero start", CheckFloatSamples);
     Check("Floating Point segmented curve with short sampled segment", CheckFloatSegments);
-    Check("Read RAW portions", CheckReadRAW);
+    Check("Read RAW tags", CheckReadRAW);
     Check("Check MetaTag", CheckMeta);
     Check("Null transform on floats", CheckFloatNULLxform);
     Check("Set free a tag", CheckRemoveTag);