diff --git a/jdk/src/java.desktop/share/native/liblcms/cmscgats.c b/jdk/src/java.desktop/share/native/liblcms/cmscgats.c index e3079d10983..423fa04398f 100644 --- a/jdk/src/java.desktop/share/native/liblcms/cmscgats.c +++ b/jdk/src/java.desktop/share/native/liblcms/cmscgats.c @@ -2334,6 +2334,7 @@ cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt3 it8 = (cmsIT8*) hIT8; it8 ->MemoryBlock = (char*) _cmsMalloc(ContextID, len + 1); + if (it8 ->MemoryBlock == NULL) return NULL; strncpy(it8 ->MemoryBlock, (const char*) Ptr, len); it8 ->MemoryBlock[len] = 0; diff --git a/jdk/src/java.desktop/share/native/liblcms/cmsio0.c b/jdk/src/java.desktop/share/native/liblcms/cmsio0.c index d4dc1b0d876..303d21c392a 100644 --- a/jdk/src/java.desktop/share/native/liblcms/cmsio0.c +++ b/jdk/src/java.desktop/share/native/liblcms/cmsio0.c @@ -1167,34 +1167,6 @@ cmsHPROFILE CMSEXPORT cmsOpenProfileFromMem(const void* MemPtr, cmsUInt32Number return cmsOpenProfileFromMemTHR(NULL, MemPtr, dwSize); } -static -cmsBool SanityCheck(_cmsICCPROFILE* profile) -{ - cmsIOHANDLER* io; - - if (!profile) { - return FALSE; - } - - io = profile->IOhandler; - if (!io) { - return FALSE; - } - - if (!io->Seek || - !(io->Seek==NULLSeek || io->Seek==MemorySeek || io->Seek==FileSeek)) - { - return FALSE; - } - if (!io->Read || - !(io->Read==NULLRead || io->Read==MemoryRead || io->Read==FileRead)) - { - return FALSE; - } - - return TRUE; -} - // Dump tag contents. If the profile is being modified, untouched tags are copied from FileOrig static cmsBool SaveTags(_cmsICCPROFILE* Icc, _cmsICCPROFILE* FileOrig) @@ -1225,7 +1197,7 @@ cmsBool SaveTags(_cmsICCPROFILE* Icc, _cmsICCPROFILE* FileOrig) // Reach here if we are copying a tag from a disk-based ICC profile which has not been modified by user. // In this case a blind copy of the block data is performed - if (SanityCheck(FileOrig) && Icc -> TagOffsets[i]) { + if (FileOrig != NULL && FileOrig->IOhandler != NULL && Icc -> TagOffsets[i]) { cmsUInt32Number TagSize = FileOrig -> TagSizes[i]; cmsUInt32Number TagOffset = FileOrig -> TagOffsets[i]; @@ -1880,6 +1852,7 @@ cmsBool CMSEXPORT cmsWriteRawTag(cmsHPROFILE hProfile, cmsTagSignature sig, cons { _cmsICCPROFILE* Icc = (_cmsICCPROFILE*) hProfile; int i; + cmsBool ret = TRUE; if (!_cmsLockMutex(Icc->ContextID, Icc ->UsrMutex)) return 0; @@ -1895,10 +1868,11 @@ cmsBool CMSEXPORT cmsWriteRawTag(cmsHPROFILE hProfile, cmsTagSignature sig, cons // Keep a copy of the block Icc ->TagPtrs[i] = _cmsDupMem(Icc ->ContextID, data, Size); + if (!Icc ->TagPtrs[i]) ret = FALSE; Icc ->TagSizes[i] = Size; _cmsUnlockMutex(Icc->ContextID, Icc ->UsrMutex); - return TRUE; + return ret; } // Using this function you can collapse several tag entries to the same block in the profile diff --git a/jdk/src/java.desktop/share/native/liblcms/cmsopt.c b/jdk/src/java.desktop/share/native/liblcms/cmsopt.c index b9d69512cdd..4a09375351d 100644 --- a/jdk/src/java.desktop/share/native/liblcms/cmsopt.c +++ b/jdk/src/java.desktop/share/native/liblcms/cmsopt.c @@ -1181,14 +1181,28 @@ static void* CurvesDup(cmsContext ContextID, const void* ptr) { Curves16Data* Data = _cmsDupMem(ContextID, ptr, sizeof(Curves16Data)); - int i; + int i, j; if (Data == NULL) return NULL; Data ->Curves = _cmsDupMem(ContextID, Data ->Curves, Data ->nCurves * sizeof(cmsUInt16Number*)); + if (Data -> Curves == NULL) { + _cmsFree(ContextID, Data); + return NULL; + } for (i=0; i < Data -> nCurves; i++) { Data ->Curves[i] = _cmsDupMem(ContextID, Data ->Curves[i], Data -> nElements * sizeof(cmsUInt16Number)); + if (Data->Curves[i] == NULL) { + + for (j=0; j < i; j++) { + _cmsFree(ContextID, Data->Curves[j]); + } + _cmsFree(ContextID, Data->Curves); + _cmsFree(ContextID, Data); + return NULL; + } + } return (void*) Data; diff --git a/jdk/src/java.desktop/share/native/liblcms/cmstypes.c b/jdk/src/java.desktop/share/native/liblcms/cmstypes.c index 08cad5ea619..b2812a46cf0 100644 --- a/jdk/src/java.desktop/share/native/liblcms/cmstypes.c +++ b/jdk/src/java.desktop/share/native/liblcms/cmstypes.c @@ -3548,6 +3548,7 @@ void *Type_UcrBg_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cm if (n ->Desc == NULL) return NULL; ASCIIString = (char*) _cmsMalloc(self ->ContextID, SizeOfTag + 1); + if (ASCIIString == NULL) return NULL; if (io ->Read(io, ASCIIString, sizeof(char), SizeOfTag) != SizeOfTag) return NULL; ASCIIString[SizeOfTag] = 0; cmsMLUsetASCII(n ->Desc, cmsNoLanguage, cmsNoCountry, ASCIIString); @@ -3575,6 +3576,7 @@ cmsBool Type_UcrBg_Write(struct _cms_typehandler_struct* self, cmsIOHANDLER* io // Now comes the text. The length is specified by the tag size TextSize = cmsMLUgetASCII(Value ->Desc, cmsNoLanguage, cmsNoCountry, NULL, 0); Text = (char*) _cmsMalloc(self ->ContextID, TextSize); + if (Text == NULL) return FALSE; if (cmsMLUgetASCII(Value ->Desc, cmsNoLanguage, cmsNoCountry, Text, TextSize) != TextSize) return FALSE; if (!io ->Write(io, TextSize, Text)) return FALSE; @@ -3672,6 +3674,7 @@ cmsBool WriteCountAndSting(struct _cms_typehandler_struct* self, cmsIOHANDLER* TextSize = cmsMLUgetASCII(mlu, "PS", Section, NULL, 0); Text = (char*) _cmsMalloc(self ->ContextID, TextSize); + if (Text == NULL) return FALSE; if (!_cmsWriteUInt32Number(io, TextSize)) return FALSE;