diff options
| author | Marti Maria <marti.maria@littlecms.com> | 2022-03-06 17:54:15 +0100 |
|---|---|---|
| committer | Marti Maria <marti.maria@littlecms.com> | 2022-03-06 17:54:15 +0100 |
| commit | 458bffeba9a74d6069659768b2c3df20a4aeb495 (patch) | |
| tree | cc441bc60bc2fb71f59304c2c86f19b72e506bd7 /src/cmsio0.c | |
| parent | a5269a91a59572478b12204c0b1ae74a5acb49c0 (diff) | |
| download | lcms2-458bffeba9a74d6069659768b2c3df20a4aeb495.tar.gz | |
Detect whatever a built-in has been corrupted by means of cmsWriteRawTag
Thanks to @prrace to detect such subtle bug.
cmsWriteRawTag could cause a segfault when used to corrupt a tag on a built-in profile-
Diffstat (limited to 'src/cmsio0.c')
| -rw-r--r-- | src/cmsio0.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/cmsio0.c b/src/cmsio0.c index 0143efb..e369e0d 100644 --- a/src/cmsio0.c +++ b/src/cmsio0.c @@ -1558,6 +1558,13 @@ void* CMSEXPORT cmsReadTag(cmsHPROFILE hProfile, cmsTagSignature sig) if (TagSize < 8) goto Error; io = Icc ->IOhandler; + + if (io == NULL) { // This is a built-in profile that has been manipulated, abort early + + cmsSignalError(Icc->ContextID, cmsERROR_CORRUPTION_DETECTED, "Corrupted built-in profile."); + goto Error; + } + // Seek to its location if (!io -> Seek(io, Offset)) goto Error; |