Fix parametric curves 4 and 5 inversion safeguard

A bug introduced circa 2017 in a try of preventing security risks. Parametric curve inversions needs divisions, the change was trying to prevent a division by zero. Unfortunately it was discarding legit cases as well. Now it seems to be done correctly.
author: Marti Maria <mmaria@abindustries.com> 2021-11-30 12:32:48 +0100
committer: Marti Maria <mmaria@abindustries.com> 2021-11-30 12:32:48 +0100
commit: 8fb182279d9418b1477bb2bfe28e8ed4926e2318 (patch)
tree: c076b9f95468d848458ffdf202d81a739c72340d
parent: 630cd7e6743c4addaa79b39d6d8493af394dd43a (diff)
download: lcms2-8fb182279d9418b1477bb2bfe28e8ed4926e2318.tar.gz
1 files changed, 35 insertions, 29 deletions
diff --git a/src/cmsgamma.c b/src/cmsgamma.c
index 3499241..28f9ed5 100644
--- a/src/cmsgamma.c
+++ b/src/cmsgamma.c
@@ -507,28 +507,31 @@ cmsFloat64Number DefaultEvalParametricFn(cmsInt32Number Type, const cmsFloat64Nu
     // X=Y/c              | Y< (ad+b)^g
     case -4:
     {
-        if (fabs(Params[0]) < MATRIX_DET_TOLERANCE ||
-            fabs(Params[1]) < MATRIX_DET_TOLERANCE ||
-            fabs(Params[3]) < MATRIX_DET_TOLERANCE)
-        {
-            Val = 0;
-        }
+
+        e = Params[1] * Params[4] + Params[2];
+        if (e < 0)
+            disc = 0;
         else
-        {
-            e = Params[1] * Params[4] + Params[2];
-            if (e < 0)
-                disc = 0;
-            else
-                disc = pow(e, Params[0]);
+            disc = pow(e, Params[0]);
 
-            if (R >= disc) {
+        if (R >= disc) {
+
+            if (fabs(Params[0]) < MATRIX_DET_TOLERANCE ||
+                fabs(Params[1]) < MATRIX_DET_TOLERANCE)
 
+                Val = 0;
+
+            else
                 Val = (pow(R, 1.0 / Params[0]) - Params[2]) / Params[1];
-            }
-            else {
+        }
+        else {
+
+            if (fabs(Params[3]) < MATRIX_DET_TOLERANCE)
+                Val = 0;
+            else
                 Val = R / Params[3];
-            }
         }
+
     }
     break;
 
@@ -555,26 +558,29 @@ cmsFloat64Number DefaultEvalParametricFn(cmsInt32Number Type, const cmsFloat64Nu
     // X=(Y-f)/c          | else
     case -5:
     {
-        if (fabs(Params[1]) < MATRIX_DET_TOLERANCE ||
-            fabs(Params[3]) < MATRIX_DET_TOLERANCE)
-        {
-            Val = 0;
-        }
-        else
-        {
-            disc = Params[3] * Params[4] + Params[6];
-            if (R >= disc) {
+        disc = Params[3] * Params[4] + Params[6];
+        if (R >= disc) {
+
+            e = R - Params[5];
+            if (e < 0)
+                Val = 0;
+            else
+            {
+                if (fabs(Params[0]) < MATRIX_DET_TOLERANCE ||
+                    fabs(Params[1]) < MATRIX_DET_TOLERANCE)
 
-                e = R - Params[5];
-                if (e < 0)
                     Val = 0;
                 else
                     Val = (pow(e, 1.0 / Params[0]) - Params[2]) / Params[1];
             }
-            else {
+        }
+        else {
+            if (fabs(Params[3]) < MATRIX_DET_TOLERANCE)
+                Val = 0;
+            else
                 Val = (R - Params[6]) / Params[3];
-            }
         }
+
     }
     break;
author	Marti Maria <mmaria@abindustries.com>	2021-11-30 12:32:48 +0100
committer	Marti Maria <mmaria@abindustries.com>	2021-11-30 12:32:48 +0100
commit	8fb182279d9418b1477bb2bfe28e8ed4926e2318 (patch)
tree	c076b9f95468d848458ffdf202d81a739c72340d
parent	630cd7e6743c4addaa79b39d6d8493af394dd43a (diff)
download	lcms2-8fb182279d9418b1477bb2bfe28e8ed4926e2318.tar.gz