Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(19)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/qcms/src/iccread.c

Issue 363593004: Check for unused tag_len in read_nested_curveType() (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/qcms/google.patch ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/qcms/src/iccread.c
diff --git a/third_party/qcms/src/iccread.c b/third_party/qcms/src/iccread.c
index 9ee6b940111163fb3b454cf40a78abe8a02ad588..5876f96b124f0117d09f21fd06b30529b98c7c40 100644
--- a/third_party/qcms/src/iccread.c
+++ b/third_party/qcms/src/iccread.c
@@ -493,19 +493,23 @@ static void read_nested_curveType(struct mem_source *src, struct curveType *(*cu
uint32_t channel_offset = 0;
int i;
for (i = 0; i < num_channels; i++) {
- uint32_t tag_len;
+ uint32_t tag_len = ~0;
(*curveArray)[i] = read_curveType(src, curve_offset + channel_offset, &tag_len);
if (!(*curveArray)[i]) {
invalid_source(src, "invalid nested curveType curve");
}
+ if (tag_len == ~0) {
+ invalid_source(src, "invalid nested curveType tag length");
+ return;
+ }
+
channel_offset += tag_len;
// 4 byte aligned
if ((tag_len % 4) != 0)
channel_offset += 4 - (tag_len % 4);
}
-
}
static void mAB_release(struct lutmABType *lut)
« no previous file with comments | « third_party/qcms/google.patch ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698