diff options
author | Marti Maria <marti.maria@littlecms.com> | 2023-03-26 10:26:57 +0200 |
---|---|---|
committer | Marti Maria <marti.maria@littlecms.com> | 2023-03-26 10:26:57 +0200 |
commit | e85c64ec86b9025c696f707d820ba28e3e732e70 (patch) | |
tree | fc432aeeb331848d3dd1b43ac59a1ca79d3182b0 | |
parent | 2a751a618eaa3ff3b181c67755120fa5142a2630 (diff) | |
download | lcms2-e85c64ec86b9025c696f707d820ba28e3e732e70.tar.gz |
add bounds check when writing IT8 file
A minor check to get fuzzers happy. ICC parsing and processing is unaffected.
-rw-r--r-- | src/cmscgats.c | 52 |
1 files changed, 29 insertions, 23 deletions
diff --git a/src/cmscgats.c b/src/cmscgats.c index 51fc2a6..e1b57f0 100644 --- a/src/cmscgats.c +++ b/src/cmscgats.c @@ -1850,11 +1850,14 @@ void WriteDataFormat(SAVESTREAM* fp, cmsIT8* it8) WriteStr(fp, " "); nSamples = satoi(cmsIT8GetProperty(it8, "NUMBER_OF_FIELDS")); - for (i = 0; i < nSamples; i++) { + if (nSamples <= t->nSamples) { - WriteStr(fp, t->DataFormat[i]); - WriteStr(fp, ((i == (nSamples-1)) ? "\n" : "\t")); - } + for (i = 0; i < nSamples; i++) { + + WriteStr(fp, t->DataFormat[i]); + WriteStr(fp, ((i == (nSamples - 1)) ? "\n" : "\t")); + } + } WriteStr (fp, "END_DATA_FORMAT\n"); } @@ -1864,39 +1867,42 @@ void WriteDataFormat(SAVESTREAM* fp, cmsIT8* it8) static void WriteData(SAVESTREAM* fp, cmsIT8* it8) { - int i, j; + int i, j, nPatches; TABLE* t = GetTable(it8); if (!t->Data) return; WriteStr (fp, "BEGIN_DATA\n"); - t->nPatches = satoi(cmsIT8GetProperty(it8, "NUMBER_OF_SETS")); + nPatches = satoi(cmsIT8GetProperty(it8, "NUMBER_OF_SETS")); - for (i = 0; i < t-> nPatches; i++) { + if (nPatches <= t->nPatches) { - WriteStr(fp, " "); + for (i = 0; i < nPatches; i++) { - for (j = 0; j < t->nSamples; j++) { + WriteStr(fp, " "); - char *ptr = t->Data[i*t->nSamples+j]; + for (j = 0; j < t->nSamples; j++) { - if (ptr == NULL) WriteStr(fp, "\"\""); - else { - // If value contains whitespace, enclose within quote + char* ptr = t->Data[i * t->nSamples + j]; - if (strchr(ptr, ' ') != NULL) { + if (ptr == NULL) WriteStr(fp, "\"\""); + else { + // If value contains whitespace, enclose within quote - WriteStr(fp, "\""); - WriteStr(fp, ptr); - WriteStr(fp, "\""); - } - else - WriteStr(fp, ptr); - } + if (strchr(ptr, ' ') != NULL) { - WriteStr(fp, ((j == (t->nSamples-1)) ? "\n" : "\t")); - } + WriteStr(fp, "\""); + WriteStr(fp, ptr); + WriteStr(fp, "\""); + } + else + WriteStr(fp, ptr); + } + + WriteStr(fp, ((j == (t->nSamples - 1)) ? "\n" : "\t")); + } + } } WriteStr (fp, "END_DATA\n"); } |