third_party/qcms/google.patch - Issue 363593004: Check for unused tag_len in read_nested_curveType()

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/qcms/google.patch

Issue 363593004: Check for unused tag_len in read_nested_curveType() (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: third_party/qcms/google.patch

diff --git a/third_party/qcms/google.patch b/third_party/qcms/google.patch

index 16353c054cdd68707cb97f6db90c0fed5e215327..a64d239d9d6771547be733f6c96b7c57c15c0078 100644

--- a/third_party/qcms/google.patch

+++ b/third_party/qcms/google.patch

@@ -1,5 +1,5 @@

diff --git a/third_party/qcms/src/iccread.c b/third_party/qcms/src/iccread.c

-index 36b7011..9ee6b94 100644

+index 36b7011..5876f96 100644

--- a/third_party/qcms/src/iccread.c

+++ b/third_party/qcms/src/iccread.c

@@ -266,7 +266,7 @@ qcms_bool qcms_profile_is_bogus(qcms_profile *profile)

@@ -43,7 +43,33 @@ index 36b7011..9ee6b94 100644

struct curveType *curve = NULL;

uint32_t type = read_u32(src, offset);

uint32_t count;

-@@ -657,7 +666,7 @@ static struct lutType *read_tag_lutType(struct mem_source *src, struct tag_index

+@@ -484,19 +493,23 @@ static void read_nested_curveType(struct mem_source *src, struct curveType *(*cu

+ uint32_t channel_offset = 0;

+ int i;

+ for (i = 0; i < num_channels; i++) {

+- uint32_t tag_len;

++ uint32_t tag_len = ~0;

+ (*curveArray)[i] = read_curveType(src, curve_offset + channel_offset, &tag_len);

+ if (!(*curveArray)[i]) {

+ invalid_source(src, "invalid nested curveType curve");

+ }

++ if (tag_len == ~0) {

++ invalid_source(src, "invalid nested curveType tag length");

++ return;

++ }

+ channel_offset += tag_len;

+ // 4 byte aligned

+ if ((tag_len % 4) != 0)

+ channel_offset += 4 - (tag_len % 4);

+ }

+ static void mAB_release(struct lutmABType *lut)

+@@ -657,7 +670,7 @@ static struct lutType *read_tag_lutType(struct mem_source *src, struct tag_index

uint16_t num_input_table_entries;

uint16_t num_output_table_entries;

uint8_t in_chan, grid_points, out_chan;

@@ -52,7 +78,7 @@ index 36b7011..9ee6b94 100644

uint32_t clut_size;

size_t entry_size;

struct lutType *lut;

-@@ -997,6 +1006,9 @@ qcms_profile* qcms_profile_from_memory(const void *mem, size_t size)

+@@ -997,6 +1010,9 @@ qcms_profile* qcms_profile_from_memory(const void *mem, size_t size)

source.size = size;

source.valid = true;

« no previous file with comments | « third_party/qcms/README.chromium ('k') | third_party/qcms/src/iccread.c » ('j') | no next file with comments »