8058248: LittleCMS: Missing checks for NULL returns from memory allocation
Reviewed-by: bae, jchen, mschoene
This commit is contained in:
Phil Race
parent
563ee3119b
commit
50b39c9bc6
@ -2334,6 +2334,7 @@ cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt3
|
||||
|
||||
it8 = (cmsIT8*) hIT8;
|
||||
it8 ->MemoryBlock = (char*) _cmsMalloc(ContextID, len + 1);
|
||||
if (it8 ->MemoryBlock == NULL) return NULL;
|
||||
|
||||
strncpy(it8 ->MemoryBlock, (const char*) Ptr, len);
|
||||
it8 ->MemoryBlock[len] = 0;
|
||||
|
||||
@ -1167,34 +1167,6 @@ cmsHPROFILE CMSEXPORT cmsOpenProfileFromMem(const void* MemPtr, cmsUInt32Number
|
||||
return cmsOpenProfileFromMemTHR(NULL, MemPtr, dwSize);
|
||||
}
|
||||
|
||||
static
|
||||
cmsBool SanityCheck(_cmsICCPROFILE* profile)
|
||||
{
|
||||
cmsIOHANDLER* io;
|
||||
|
||||
if (!profile) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
io = profile->IOhandler;
|
||||
if (!io) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (!io->Seek ||
|
||||
!(io->Seek==NULLSeek || io->Seek==MemorySeek || io->Seek==FileSeek))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
if (!io->Read ||
|
||||
!(io->Read==NULLRead || io->Read==MemoryRead || io->Read==FileRead))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
// Dump tag contents. If the profile is being modified, untouched tags are copied from FileOrig
|
||||
static
|
||||
cmsBool SaveTags(_cmsICCPROFILE* Icc, _cmsICCPROFILE* FileOrig)
|
||||
@ -1225,7 +1197,7 @@ cmsBool SaveTags(_cmsICCPROFILE* Icc, _cmsICCPROFILE* FileOrig)
|
||||
|
||||
// Reach here if we are copying a tag from a disk-based ICC profile which has not been modified by user.
|
||||
// In this case a blind copy of the block data is performed
|
||||
if (SanityCheck(FileOrig) && Icc -> TagOffsets[i]) {
|
||||
if (FileOrig != NULL && FileOrig->IOhandler != NULL && Icc -> TagOffsets[i]) {
|
||||
|
||||
cmsUInt32Number TagSize = FileOrig -> TagSizes[i];
|
||||
cmsUInt32Number TagOffset = FileOrig -> TagOffsets[i];
|
||||
@ -1880,6 +1852,7 @@ cmsBool CMSEXPORT cmsWriteRawTag(cmsHPROFILE hProfile, cmsTagSignature sig, cons
|
||||
{
|
||||
_cmsICCPROFILE* Icc = (_cmsICCPROFILE*) hProfile;
|
||||
int i;
|
||||
cmsBool ret = TRUE;
|
||||
|
||||
if (!_cmsLockMutex(Icc->ContextID, Icc ->UsrMutex)) return 0;
|
||||
|
||||
@ -1895,10 +1868,11 @@ cmsBool CMSEXPORT cmsWriteRawTag(cmsHPROFILE hProfile, cmsTagSignature sig, cons
|
||||
|
||||
// Keep a copy of the block
|
||||
Icc ->TagPtrs[i] = _cmsDupMem(Icc ->ContextID, data, Size);
|
||||
if (!Icc ->TagPtrs[i]) ret = FALSE;
|
||||
Icc ->TagSizes[i] = Size;
|
||||
|
||||
_cmsUnlockMutex(Icc->ContextID, Icc ->UsrMutex);
|
||||
return TRUE;
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Using this function you can collapse several tag entries to the same block in the profile
|
||||
|
||||
@ -1181,14 +1181,28 @@ static
|
||||
void* CurvesDup(cmsContext ContextID, const void* ptr)
|
||||
{
|
||||
Curves16Data* Data = _cmsDupMem(ContextID, ptr, sizeof(Curves16Data));
|
||||
int i;
|
||||
int i, j;
|
||||
|
||||
if (Data == NULL) return NULL;
|
||||
|
||||
Data ->Curves = _cmsDupMem(ContextID, Data ->Curves, Data ->nCurves * sizeof(cmsUInt16Number*));
|
||||
if (Data -> Curves == NULL) {
|
||||
_cmsFree(ContextID, Data);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
for (i=0; i < Data -> nCurves; i++) {
|
||||
Data ->Curves[i] = _cmsDupMem(ContextID, Data ->Curves[i], Data -> nElements * sizeof(cmsUInt16Number));
|
||||
if (Data->Curves[i] == NULL) {
|
||||
|
||||
for (j=0; j < i; j++) {
|
||||
_cmsFree(ContextID, Data->Curves[j]);
|
||||
}
|
||||
_cmsFree(ContextID, Data->Curves);
|
||||
_cmsFree(ContextID, Data);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return (void*) Data;
|
||||
|
||||
@ -3548,6 +3548,7 @@ void *Type_UcrBg_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cm
|
||||
if (n ->Desc == NULL) return NULL;
|
||||
|
||||
ASCIIString = (char*) _cmsMalloc(self ->ContextID, SizeOfTag + 1);
|
||||
if (ASCIIString == NULL) return NULL;
|
||||
if (io ->Read(io, ASCIIString, sizeof(char), SizeOfTag) != SizeOfTag) return NULL;
|
||||
ASCIIString[SizeOfTag] = 0;
|
||||
cmsMLUsetASCII(n ->Desc, cmsNoLanguage, cmsNoCountry, ASCIIString);
|
||||
@ -3575,6 +3576,7 @@ cmsBool Type_UcrBg_Write(struct _cms_typehandler_struct* self, cmsIOHANDLER* io
|
||||
// Now comes the text. The length is specified by the tag size
|
||||
TextSize = cmsMLUgetASCII(Value ->Desc, cmsNoLanguage, cmsNoCountry, NULL, 0);
|
||||
Text = (char*) _cmsMalloc(self ->ContextID, TextSize);
|
||||
if (Text == NULL) return FALSE;
|
||||
if (cmsMLUgetASCII(Value ->Desc, cmsNoLanguage, cmsNoCountry, Text, TextSize) != TextSize) return FALSE;
|
||||
|
||||
if (!io ->Write(io, TextSize, Text)) return FALSE;
|
||||
@ -3672,6 +3674,7 @@ cmsBool WriteCountAndSting(struct _cms_typehandler_struct* self, cmsIOHANDLER*
|
||||
|
||||
TextSize = cmsMLUgetASCII(mlu, "PS", Section, NULL, 0);
|
||||
Text = (char*) _cmsMalloc(self ->ContextID, TextSize);
|
||||
if (Text == NULL) return FALSE;
|
||||
|
||||
if (!_cmsWriteUInt32Number(io, TextSize)) return FALSE;
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user