< prev index next >
src/share/native/sun/java2d/cmm/lcms/cmstypes.c
Print this page
rev 12531 : 8171261: Stability fixes for lcms
Reviewed-by: serb, vadim, mschoene
rev 12551 : 8183028: Improve CMS header processing
Reviewed-by: serb, rhalade, mschoene
rev 12553 : 8184937: LCMS error 13: Couldn't link the profiles
Reviewed-by: prr
Contributed-by: sreeprakash.s@oracle.com
@@ -1482,10 +1482,11 @@
if (!_cmsReadUInt32Number(io, &Len)) goto Error;
if (!_cmsReadUInt32Number(io, &Offset)) goto Error;
// Check for overflow
if (Offset < (SizeOfHeader + 8)) goto Error;
+ if (((Offset + Len) < Len) || ((Offset + Len) > SizeOfTag + 8)) goto Error;
// True begin of the string
BeginOfThisString = Offset - SizeOfHeader - 8;
// Ajust to wchar_t elements
@@ -4450,22 +4451,23 @@
// Allocates an empty LUT
NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans);
if (NewLUT == NULL) return NULL;
- if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL;
-
- if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) {
- if (NewLUT != NULL) cmsPipelineFree(NewLUT);
- *nItems = 0;
- return NULL;
- }
+ if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error;
+ if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error;
// Success
*nItems = 1;
return NewLUT;
+ // Error
+Error:
+ if (NewLUT != NULL) cmsPipelineFree(NewLUT);
+ *nItems = 0;
+ return NULL;
+
cmsUNUSED_PARAMETER(SizeOfTag);
}
< prev index next >