Age | Commit message (Collapse) | Author |
|
|
|
unregistering plugins twice may corrupt memory. This commit fixes that.
|
|
m4: sync autoconf-archive (ax_*) macros with upstream
Looks great, thank you!
|
|
- Update the various ax_* macros (which originate from autoconf-archive)
- Switch from acx_pthread.m4 -> ax_pthread.m4
Fixes: https://github.com/mm2/Little-CMS/issues/339
Signed-off-by: Sam James <sam@gentoo.org>
|
|
adjust comment for release
|
|
|
|
free some space by sharing test profiles
|
|
Fix project for visual studio
|
|
lcms2 core testbed has nothing to do with plug-ins
|
|
_cmsQuickFloor() fails when numbers are too close, on fourth decimals, floor of 47.9993 was taken as 48 instead of 47 and this was enough to generate a negative rest and create a segfault. Math is sometimes complex.
|
|
update generated script
|
|
remove bogus file
|
|
recursively
|
|
Release candidate 1
|
|
|
|
Another special case
|
|
configure.ac: fix configure tests broken with Clang 15 (-Wimplicit-int)
|
|
Clang 15 makes -Wimplicit-int an error by default.
Before this fix, configure would think SSE2 support is not present
when it is:
```
checking whether compiler supports SSE2... no
```
Signed-off-by: Sam James <sam@gentoo.org>
|
|
I don't know why people keeps fuzzing this code, but they do, and then they make a lot of noise. So let's make it less permissive and abort early when some wrong characters are found.
I apologize if someone got hurt in the process.
Otherwise this is harmless because is not used on ICC profile handling.
|
|
More code to filter bad API use
|
|
Those profiles are just broken.
|
|
Was missing in the generic cases
|
|
You may create transforms with formatters 0, that means the format is to be specified latter on. So, you were not supposed to call this template with cmsDoTransform before setting the format, but fuzzer did. So I am putting code to prevent this... without including a condition that would ruin all cache and instruction branch guessing.
|
|
It makes no sense that cmsChannelsOf() returns 3 when colorspace is bugus. Added a new function that returns -1 instead. Will document that in 2.15.
It is in the API now, but not in docs.
|
|
Update number
|
|
Moving a function definition to proper place
(My C skills are decreasing every day)
|
|
People keeps trying to break tools helper code, so let's put guards.
|
|
Add API manual for 2.14
|
|
Free resources accordly when detecting a wrong/crafted profile
|
|
cmsReadTag already tracks its pointers so no need to free it
Also fixed a cosmetic warning (no functionality changes)
|
|
Makes no sense to accept profiles with absurd version numbers. That would keep fuzzers busy for a while.
|
|
That was originally intended to prevent building DLLs with different ABI, but since you can actually build .so on linux with this flaw, makes no sense to check only one platform.
I would rather left the decision to developers. You are free to create a .so or DLL with incompatible parameter passing if you use CMS_NO_REGISTER_KEYWORD , it is up to you to check consistency.
|
|
poof-poof
|
|
Crafted profiles with bogus data may be sometimes read but then not written.
lcms is tolerant when reading, strict when writing.
Fixed a situation that may end in memory corruption.
|
|
A minor typo
|
|
Per #332 suggestion....
|
|
a crafted CGAT may induce a crash. Add more validation
Fixes #333
|
|
Plugin should not get those special modes
|
|
on a ill-formed parametric curve
|
|
Each table may have a different node count number, although is is not very frequent
|
|
Move check outside conditional block
|
|
Check for corrupted profiles
|
|
Add checks for out of memory on CGATS parsing. Mainly to prevent exploits
|
|
Last fixup broke icctrans
|
|
To prevent a division by zero on broken profiles
|
|
A division by zero was possible in the other way
|
|
If so, discard profile
|
|
Prevent a rare way to currupt profiles that could potentially cause vulnerability issues
|
|
Which was abused by Fuzzer. since it was not documented now it is gone.
|
|
Range should be in %
|