8171261: Stability fixes for lcms

Reviewed-by: serb, vadim, mschoene
This commit is contained in:
Phil Race 2017-02-24 05:32:16 -08:00
parent 640238256c
commit 547745b881
5 changed files with 29 additions and 10 deletions

View File

@ -900,7 +900,7 @@ void InSymbol(cmsIT8* it8)
k = 0;
NextCh(it8);
while (k < MAXSTR && it8->ch != sng) {
while (k < (MAXSTR-1) && it8->ch != sng) {
if (it8->ch == '\n'|| it8->ch == '\r') k = MAXSTR+1;
else {
@ -2053,14 +2053,18 @@ cmsBool HeaderSection(cmsIT8* it8)
static
void ReadType(cmsIT8* it8, char* SheetTypePtr)
{
cmsInt32Number cnt = 0;
// First line is a very special case.
while (isseparator(it8->ch))
NextCh(it8);
while (it8->ch != '\r' && it8 ->ch != '\n' && it8->ch != '\t' && it8 -> ch != -1) {
while (it8->ch != '\r' && it8 ->ch != '\n' && it8->ch != '\t' && it8 -> ch != 0) {
*SheetTypePtr++= (char) it8 ->ch;
if (cnt++ < MAXSTR)
*SheetTypePtr++= (char) it8 ->ch;
NextCh(it8);
}
@ -2253,7 +2257,7 @@ void CookPointers(cmsIT8* it8)
// that should be something like some printable characters plus a \n
// returns 0 if this is not like a CGATS, or an integer otherwise. This integer is the number of words in first line?
static
int IsMyBlock(cmsUInt8Number* Buffer, int n)
int IsMyBlock(const cmsUInt8Number* Buffer, int n)
{
int words = 1, space = 0, quot = 0;
int i;
@ -2317,7 +2321,7 @@ cmsBool IsMyFile(const char* FileName)
// ---------------------------------------------------------- Exported routines
cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt32Number len)
cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, const void *Ptr, cmsUInt32Number len)
{
cmsHANDLE hIT8;
cmsIT8* it8;
@ -2326,7 +2330,7 @@ cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt3
_cmsAssert(Ptr != NULL);
_cmsAssert(len != 0);
type = IsMyBlock((cmsUInt8Number*)Ptr, len);
type = IsMyBlock((const cmsUInt8Number*)Ptr, len);
if (type == 0) return NULL;
hIT8 = cmsIT8Alloc(ContextID);

View File

@ -546,7 +546,11 @@ cmsBool GrowNamedColorList(cmsNAMEDCOLORLIST* v)
size = v ->Allocated * 2;
// Keep a maximum color lists can grow, 100K entries seems reasonable
if (size > 1024*100) return FALSE;
if (size > 1024 * 100) {
_cmsFree(v->ContextID, (void*) v->List);
v->List = NULL;
return FALSE;
}
NewPtr = (_cmsNAMEDCOLOR*) _cmsRealloc(v ->ContextID, v ->List, size * sizeof(_cmsNAMEDCOLOR));
if (NewPtr == NULL)
@ -568,8 +572,11 @@ cmsNAMEDCOLORLIST* CMSEXPORT cmsAllocNamedColorList(cmsContext ContextID, cmsUIn
v ->nColors = 0;
v ->ContextID = ContextID;
while (v -> Allocated < n){
if (!GrowNamedColorList(v)) return NULL;
while (v -> Allocated < n) {
if (!GrowNamedColorList(v)) {
_cmsFree(ContextID, (void*) v);
return NULL;
}
}
strncpy(v ->Prefix, Prefix, sizeof(v ->Prefix)-1);

View File

@ -1483,6 +1483,7 @@ cmsBool OptimizeByJoiningCurves(cmsPipeline** Lut, cmsUInt32Number Intent, cmsUI
// LUT optimizes to nothing. Set the identity LUT
cmsStageFree(ObtainedCurves);
ObtainedCurves = NULL;
if (!cmsPipelineInsertStage(Dest, cmsAT_BEGIN, cmsStageAllocIdentity(Dest ->ContextID, Src ->InputChannels)))
goto Error;

View File

@ -4460,7 +4460,8 @@ void *Type_MPE_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans);
if (NewLUT == NULL) return NULL;
if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL;
if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error;
if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error;
if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) {
if (NewLUT != NULL) cmsPipelineFree(NewLUT);
@ -4472,6 +4473,12 @@ void *Type_MPE_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
*nItems = 1;
return NewLUT;
// Error
Error:
if (NewLUT != NULL) cmsPipelineFree(NewLUT);
*nItems = 0;
return NULL;
cmsUNUSED_PARAMETER(SizeOfTag);
}

View File

@ -1836,7 +1836,7 @@ CMSAPI cmsInt32Number CMSEXPORT cmsIT8SetTable(cmsHANDLE hIT8, cmsUInt32Number
// Persistence
CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromFile(cmsContext ContextID, const char* cFileName);
CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt32Number len);
CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, const void *Ptr, cmsUInt32Number len);
// CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromIOhandler(cmsContext ContextID, cmsIOHANDLER* io);
CMSAPI cmsBool CMSEXPORT cmsIT8SaveToFile(cmsHANDLE hIT8, const char* cFileName);