diff options
| author | Marti Maria <marti.maria@littlecms.com> | 2022-08-22 16:51:59 +0300 |
|---|---|---|
| committer | Marti Maria <marti.maria@littlecms.com> | 2022-08-22 16:51:59 +0300 |
| commit | 54390818348493a88c43b0dadbad77bdc9750699 (patch) | |
| tree | 84188701a12bc30ac584b8900827749b02947670 | |
| parent | 7600d91699256c0b2929023700c41772e8b61a99 (diff) | |
Add validation against broken profiles
Crafted profiles with bogus data may be sometimes read but then not written.
lcms is tolerant when reading, strict when writing.
Fixed a situation that may end in memory corruption.
| -rw-r--r-- | src/cmstypes.c | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/src/cmstypes.c b/src/cmstypes.c index e056731..4b7e7ab 100644 --- a/src/cmstypes.c +++ b/src/cmstypes.c @@ -1935,17 +1935,25 @@ cmsBool Type_LUT8_Write(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, // That should be all if (mpe != NULL) { - cmsSignalError(mpe->ContextID, cmsERROR_UNKNOWN_EXTENSION, "LUT is not suitable to be saved as LUT8"); + cmsSignalError(self->ContextID, cmsERROR_UNKNOWN_EXTENSION, "LUT is not suitable to be saved as LUT8"); return FALSE; } if (clut == NULL) clutPoints = 0; - else - clutPoints = clut->Params->nSamples[0]; - - if (!_cmsWriteUInt8Number(io, (cmsUInt8Number) NewLUT ->InputChannels)) return FALSE; - if (!_cmsWriteUInt8Number(io, (cmsUInt8Number) NewLUT ->OutputChannels)) return FALSE; + else { + // Lut8 only allows same CLUT points in all dimensions + clutPoints = clut->Params->nSamples[0]; + for (i = 1; i < cmsPipelineInputChannels(NewLUT); i++) { + if (clut->Params->nSamples[i] != clutPoints) { + cmsSignalError(self->ContextID, cmsERROR_UNKNOWN_EXTENSION, "LUT with different samples per dimension not suitable to be saved as LUT16"); + return FALSE; + } + } + } + + if (!_cmsWriteUInt8Number(io, (cmsUInt8Number)cmsPipelineInputChannels(NewLUT))) return FALSE; + if (!_cmsWriteUInt8Number(io, (cmsUInt8Number)cmsPipelineOutputChannels(NewLUT))) return FALSE; if (!_cmsWriteUInt8Number(io, (cmsUInt8Number) clutPoints)) return FALSE; if (!_cmsWriteUInt8Number(io, 0)) return FALSE; // Padding @@ -2218,7 +2226,7 @@ cmsBool Type_LUT16_Write(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, // That should be all if (mpe != NULL) { - cmsSignalError(mpe->ContextID, cmsERROR_UNKNOWN_EXTENSION, "LUT is not suitable to be saved as LUT16"); + cmsSignalError(self->ContextID, cmsERROR_UNKNOWN_EXTENSION, "LUT is not suitable to be saved as LUT16"); return FALSE; } @@ -2227,8 +2235,16 @@ cmsBool Type_LUT16_Write(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, if (clut == NULL) clutPoints = 0; - else - clutPoints = clut->Params->nSamples[0]; + else { + // Lut16 only allows same CLUT points in all dimensions + clutPoints = clut->Params->nSamples[0]; + for (i = 1; i < InputChannels; i++) { + if (clut->Params->nSamples[i] != clutPoints) { + cmsSignalError(self->ContextID, cmsERROR_UNKNOWN_EXTENSION, "LUT with different samples per dimension not suitable to be saved as LUT16"); + return FALSE; + } + } + } if (!_cmsWriteUInt8Number(io, (cmsUInt8Number) InputChannels)) return FALSE; if (!_cmsWriteUInt8Number(io, (cmsUInt8Number) OutputChannels)) return FALSE; |