# HG changeset patch
# User jchen
# Date 1371150877 25200
# Node ID 841e21c03f0f824b3f899dafab12645d54654f06
# Parent  d94588b7854d7a0f304f12bc89c8eb65b0bafe07
8014098: Better profile validation
Reviewed-by: bae, mschoene, prr

diff -r d94588b7854d -r 841e21c03f0f jdk/src/share/native/sun/java2d/cmm/lcms/cmsio0.c
--- a/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio0.c	Thu Jun 13 10:31:21 2013 +0800
+++ b/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio0.c	Thu Jun 13 12:14:37 2013 -0700
@@ -1074,6 +1074,27 @@
 }
 
 
+static
+cmsBool SanityCheck(_cmsICCPROFILE* profile)
+{
+    cmsIOHANDLER* io = profile->IOhandler;
+    if (!io) {
+        return FALSE;
+    }
+
+    if (!io->Seek ||
+        !(io->Seek==NULLSeek || io->Seek==MemorySeek || io->Seek==FileSeek))
+    {
+        return FALSE;
+    }
+    if (!io->Read ||
+        !(io->Read==NULLRead || io->Read==MemoryRead || io->Read==FileRead))
+    {
+        return FALSE;
+    }
+
+    return TRUE;
+}
 
 // Dump tag contents. If the profile is being modified, untouched tags are copied from FileOrig
 static
@@ -1087,6 +1108,7 @@
     cmsTagTypeSignature TypeBase;
     cmsTagTypeHandler* TypeHandler;
 
+    if (!SanityCheck(FileOrig)) return FALSE;
 
     for (i=0; i < Icc -> TagCount; i++) {
 
@@ -1292,8 +1314,8 @@
     // Should we just calculate the needed space?
     if (MemPtr == NULL) {
 
-           *BytesNeeded =  cmsSaveProfileToIOhandler(hProfile, NULL);
-            return TRUE;
+        *BytesNeeded = cmsSaveProfileToIOhandler(hProfile, NULL);
+        return (*BytesNeeded == 0 ? FALSE : TRUE);
     }
 
     // That is a real write operation