Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(15)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/qcms/src/iccread.c

Issue 2796923002: [qcms] Only accept valid input ranges when reading VCGT formula (Closed)
Patch Set: Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/qcms/README.chromium ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/qcms/src/iccread.c
diff --git a/third_party/qcms/src/iccread.c b/third_party/qcms/src/iccread.c
index 124506597fc30776dc9a3a4c1db0fe90ad8bf4c0..3ca89d0498b168bca7abaa298381ca486a38ca84 100644
--- a/third_party/qcms/src/iccread.c
+++ b/third_party/qcms/src/iccread.c
@@ -3,22 +3,22 @@
// Copyright (C) 2009 Mozilla Foundation
// Copyright (C) 1998-2007 Marti Maria
//
-// Permission is hereby granted, free of charge, to any person obtaining
-// a copy of this software and associated documentation files (the "Software"),
-// to deal in the Software without restriction, including without limitation
-// the rights to use, copy, modify, merge, publish, distribute, sublicense,
-// and/or sell copies of the Software, and to permit persons to whom the Software
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the "Software"),
+// to deal in the Software without restriction, including without limitation
+// the rights to use, copy, modify, merge, publish, distribute, sublicense,
+// and/or sell copies of the Software, and to permit persons to whom the Software
// is furnished to do so, subject to the following conditions:
//
-// The above copyright notice and this permission notice shall be included in
+// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
-// THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+// THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#include <math.h>
@@ -479,6 +479,12 @@ static qcms_bool read_tag_vcgtType(qcms_profile *profile, struct mem_source *src
if (!src->valid)
goto invalid_vcgt_tag;
+ if (gamma <= 0)
+ goto invalid_vcgt_tag;
+ if (min <= 0 || min > 1.f)
+ goto invalid_vcgt_tag;
+ if (max <= 0 || max > 1.f || min > max)
+ goto invalid_vcgt_tag;
robert.bradford 2017/04/04 13:54:24 lgtm. But something has gone wrong with the identa
Noel Gordon 2017/04/04 14:11:34 Ah yes, my editor is in chromium mode, not qcms mo
for (j = 0; j < profile->vcgt.length; ++j) {
*dest++ = 65535.f *
@@ -689,7 +695,7 @@ static struct XYZNumber read_tag_XYZType(struct mem_source *src, struct tag_inde
return num;
}
-// Read the tag at a given offset rather then the tag_index.
+// Read the tag at a given offset rather then the tag_index.
// This method is used when reading mAB tags where nested curveType are
// present that are not part of the tag_index.
static struct curveType *read_curveType(struct mem_source *src, uint32_t offset, uint32_t *len)
@@ -740,7 +746,7 @@ static struct curveType *read_curveType(struct mem_source *src, uint32_t offset,
curve->type = type;
for (i=0; i < COUNT_TO_LENGTH[count]; i++) {
- curve->parameter[i] = s15Fixed16Number_to_float(read_s15Fixed16Number(src, offset + 12 + i*4));
+ curve->parameter[i] = s15Fixed16Number_to_float(read_s15Fixed16Number(src, offset + 12 + i*4));
robert.bradford 2017/04/04 13:54:24 I don't think you need this hunk.
Noel Gordon 2017/04/04 14:11:34 Agree, my editor again, will fix.
}
*len = 12 + COUNT_TO_LENGTH[count] * 4;
« no previous file with comments | « third_party/qcms/README.chromium ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698