Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(443)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/qcms/src/iccread.c

Issue 2796923002: [qcms] Only accept valid input ranges when reading VCGT formula (Closed)
Patch Set: Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/qcms/README.chromium ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* vim: set ts=8 sw=8 noexpandtab: */ 1 /* vim: set ts=8 sw=8 noexpandtab: */
2 // qcms 2 // qcms
3 // Copyright (C) 2009 Mozilla Foundation 3 // Copyright (C) 2009 Mozilla Foundation
4 // Copyright (C) 1998-2007 Marti Maria 4 // Copyright (C) 1998-2007 Marti Maria
5 // 5 //
6 // Permission is hereby granted, free of charge, to any person obtaining 6 // Permission is hereby granted, free of charge, to any person obtaining
7 // a copy of this software and associated documentation files (the "Software"), 7 // a copy of this software and associated documentation files (the "Software"),
8 // to deal in the Software without restriction, including without limitation 8 // to deal in the Software without restriction, including without limitation
9 // the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 // the rights to use, copy, modify, merge, publish, distribute, sublicense,
10 // and/or sell copies of the Software, and to permit persons to whom the Softwar e 10 // and/or sell copies of the Software, and to permit persons to whom the Softwar e
11 // is furnished to do so, subject to the following conditions: 11 // is furnished to do so, subject to the following conditions:
12 // 12 //
13 // The above copyright notice and this permission notice shall be included in 13 // The above copyright notice and this permission notice shall be included in
14 // all copies or substantial portions of the Software. 14 // all copies or substantial portions of the Software.
15 // 15 //
16 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO 17 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
18 // THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 // THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 19 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 20 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 21 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 22 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 23
24 #include <math.h> 24 #include <math.h>
25 #include <assert.h> 25 #include <assert.h>
26 #include <stdlib.h> 26 #include <stdlib.h>
27 #include <string.h> //memset 27 #include <string.h> //memset
28 #include "qcmsint.h" 28 #include "qcmsint.h"
29 29
30 /* It might be worth having a unified limit on content controlled 30 /* It might be worth having a unified limit on content controlled
31 * allocation per profile. This would remove the need for many 31 * allocation per profile. This would remove the need for many
(...skipping 440 matching lines...) Expand 10 before | Expand all | Expand 10 after
472 float gamma = s15Fixed16Number_to_float( 472 float gamma = s15Fixed16Number_to_float(
473 read_s15Fixed16Number(src, formula_offse t + 12 * i)); 473 read_s15Fixed16Number(src, formula_offse t + 12 * i));
474 float min = s15Fixed16Number_to_float( 474 float min = s15Fixed16Number_to_float(
475 read_s15Fixed16Number(src, formula_offse t + 4 + 12 * i)); 475 read_s15Fixed16Number(src, formula_offse t + 4 + 12 * i));
476 float max = s15Fixed16Number_to_float( 476 float max = s15Fixed16Number_to_float(
477 read_s15Fixed16Number(src, formula_offse t + 8 + 12 * i)); 477 read_s15Fixed16Number(src, formula_offse t + 8 + 12 * i));
478 float range = max - min; 478 float range = max - min;
479 479
480 if (!src->valid) 480 if (!src->valid)
481 goto invalid_vcgt_tag; 481 goto invalid_vcgt_tag;
482 if (gamma <= 0)
483 goto invalid_vcgt_tag;
484 if (min <= 0 || min > 1.f)
485 goto invalid_vcgt_tag;
486 if (max <= 0 || max > 1.f || min > max)
487 goto invalid_vcgt_tag;
robert.bradford 2017/04/04 13:54:24 lgtm. But something has gone wrong with the identa
Noel Gordon 2017/04/04 14:11:34 Ah yes, my editor is in chromium mode, not qcms mo
482 488
483 for (j = 0; j < profile->vcgt.length; ++j) { 489 for (j = 0; j < profile->vcgt.length; ++j) {
484 *dest++ = 65535.f * 490 *dest++ = 65535.f *
485 (min + range * pow((float)j / (profile-> vcgt.length - 1), gamma)); 491 (min + range * pow((float)j / (profile-> vcgt.length - 1), gamma));
486 } 492 }
487 } 493 }
488 } 494 }
489 495
490 return true; 496 return true;
491 497
(...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after
682 invalid_source(src, "unexpected type, expected XYZ"); 688 invalid_source(src, "unexpected type, expected XYZ");
683 num.X = read_s15Fixed16Number(src, offset+8); 689 num.X = read_s15Fixed16Number(src, offset+8);
684 num.Y = read_s15Fixed16Number(src, offset+12); 690 num.Y = read_s15Fixed16Number(src, offset+12);
685 num.Z = read_s15Fixed16Number(src, offset+16); 691 num.Z = read_s15Fixed16Number(src, offset+16);
686 } else { 692 } else {
687 invalid_source(src, "missing xyztag"); 693 invalid_source(src, "missing xyztag");
688 } 694 }
689 return num; 695 return num;
690 } 696 }
691 697
692 // Read the tag at a given offset rather then the tag_index. 698 // Read the tag at a given offset rather then the tag_index.
693 // This method is used when reading mAB tags where nested curveType are 699 // This method is used when reading mAB tags where nested curveType are
694 // present that are not part of the tag_index. 700 // present that are not part of the tag_index.
695 static struct curveType *read_curveType(struct mem_source *src, uint32_t offset, uint32_t *len) 701 static struct curveType *read_curveType(struct mem_source *src, uint32_t offset, uint32_t *len)
696 { 702 {
697 static const uint32_t COUNT_TO_LENGTH[5] = {1, 3, 4, 5, 7}; 703 static const uint32_t COUNT_TO_LENGTH[5] = {1, 3, 4, 5, 7};
698 struct curveType *curve = NULL; 704 struct curveType *curve = NULL;
699 uint32_t type = read_u32(src, offset); 705 uint32_t type = read_u32(src, offset);
700 uint32_t count; 706 uint32_t count;
701 int i; 707 int i;
702 708
(...skipping 30 matching lines...) Expand all
733 } 739 }
734 740
735 curve = malloc(sizeof(struct curveType)); 741 curve = malloc(sizeof(struct curveType));
736 if (!curve) 742 if (!curve)
737 return NULL; 743 return NULL;
738 744
739 curve->count = count; 745 curve->count = count;
740 curve->type = type; 746 curve->type = type;
741 747
742 for (i=0; i < COUNT_TO_LENGTH[count]; i++) { 748 for (i=0; i < COUNT_TO_LENGTH[count]; i++) {
743 » » » curve->parameter[i] = s15Fixed16Number_to_float(read_s15 Fixed16Number(src, offset + 12 + i*4));» 749 » » » curve->parameter[i] = s15Fixed16Number_to_float(read_s15 Fixed16Number(src, offset + 12 + i*4));
robert.bradford 2017/04/04 13:54:24 I don't think you need this hunk.
Noel Gordon 2017/04/04 14:11:34 Agree, my editor again, will fix.
744 } 750 }
745 *len = 12 + COUNT_TO_LENGTH[count] * 4; 751 *len = 12 + COUNT_TO_LENGTH[count] * 4;
746 752
747 if ((count == 1 || count == 2)) { 753 if ((count == 1 || count == 2)) {
748 /* we have a type 1 or type 2 function that has a divisi on by 'a' */ 754 /* we have a type 1 or type 2 function that has a divisi on by 'a' */
749 float a = curve->parameter[1]; 755 float a = curve->parameter[1];
750 if (a == 0.f) 756 if (a == 0.f)
751 invalid_source(src, "parametricCurve definition causes division by zero."); 757 invalid_source(src, "parametricCurve definition causes division by zero.");
752 } 758 }
753 } 759 }
(...skipping 883 matching lines...) Expand 10 before | Expand all | Expand 10 after
1637 { 1643 {
1638 qcms_profile *profile = NULL; 1644 qcms_profile *profile = NULL;
1639 FILE *file = _wfopen(path, L"rb"); 1645 FILE *file = _wfopen(path, L"rb");
1640 if (file) { 1646 if (file) {
1641 profile = qcms_profile_from_file(file); 1647 profile = qcms_profile_from_file(file);
1642 fclose(file); 1648 fclose(file);
1643 } 1649 }
1644 return profile; 1650 return profile;
1645 } 1651 }
1646 #endif 1652 #endif
OLDNEW
« no previous file with comments | « third_party/qcms/README.chromium ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698