# HG changeset patch # User prr # Date 1487943136 28800 # Node ID 72af2394abceb7c9256cd935c3c785fac81d7710 # Parent 99b7cd6669445d5eb07759f85b0811037b649891 8171261: Stability fixes for lcms Reviewed-by: serb, vadim, mschoene diff -r 99b7cd666944 -r 72af2394abce src/java.desktop/share/native/liblcms/cmscgats.c --- a/src/java.desktop/share/native/liblcms/cmscgats.c Thu Feb 23 03:43:29 2017 -0800 +++ b/src/java.desktop/share/native/liblcms/cmscgats.c Fri Feb 24 05:32:16 2017 -0800 @@ -900,7 +900,7 @@ k = 0; NextCh(it8); - while (k < MAXSTR && it8->ch != sng) { + while (k < (MAXSTR-1) && it8->ch != sng) { if (it8->ch == '\n'|| it8->ch == '\r') k = MAXSTR+1; else { @@ -2053,14 +2053,18 @@ static void ReadType(cmsIT8* it8, char* SheetTypePtr) { + cmsInt32Number cnt = 0; + // First line is a very special case. while (isseparator(it8->ch)) NextCh(it8); - while (it8->ch != '\r' && it8 ->ch != '\n' && it8->ch != '\t' && it8 -> ch != -1) { + while (it8->ch != '\r' && it8 ->ch != '\n' && it8->ch != '\t' && it8 -> ch != 0) { *SheetTypePtr++= (char) it8 ->ch; + if (cnt++ < MAXSTR) + *SheetTypePtr++= (char) it8 ->ch; NextCh(it8); } @@ -2253,7 +2257,7 @@ // that should be something like some printable characters plus a \n // returns 0 if this is not like a CGATS, or an integer otherwise. This integer is the number of words in first line? static -int IsMyBlock(cmsUInt8Number* Buffer, int n) +int IsMyBlock(const cmsUInt8Number* Buffer, int n) { int words = 1, space = 0, quot = 0; int i; @@ -2317,7 +2321,7 @@ // ---------------------------------------------------------- Exported routines -cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt32Number len) +cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, const void *Ptr, cmsUInt32Number len) { cmsHANDLE hIT8; cmsIT8* it8; @@ -2326,7 +2330,7 @@ _cmsAssert(Ptr != NULL); _cmsAssert(len != 0); - type = IsMyBlock((cmsUInt8Number*)Ptr, len); + type = IsMyBlock((const cmsUInt8Number*)Ptr, len); if (type == 0) return NULL; hIT8 = cmsIT8Alloc(ContextID); diff -r 99b7cd666944 -r 72af2394abce src/java.desktop/share/native/liblcms/cmsnamed.c --- a/src/java.desktop/share/native/liblcms/cmsnamed.c Thu Feb 23 03:43:29 2017 -0800 +++ b/src/java.desktop/share/native/liblcms/cmsnamed.c Fri Feb 24 05:32:16 2017 -0800 @@ -546,7 +546,11 @@ size = v ->Allocated * 2; // Keep a maximum color lists can grow, 100K entries seems reasonable - if (size > 1024*100) return FALSE; + if (size > 1024 * 100) { + _cmsFree(v->ContextID, (void*) v->List); + v->List = NULL; + return FALSE; + } NewPtr = (_cmsNAMEDCOLOR*) _cmsRealloc(v ->ContextID, v ->List, size * sizeof(_cmsNAMEDCOLOR)); if (NewPtr == NULL) @@ -568,8 +572,11 @@ v ->nColors = 0; v ->ContextID = ContextID; - while (v -> Allocated < n){ - if (!GrowNamedColorList(v)) return NULL; + while (v -> Allocated < n) { + if (!GrowNamedColorList(v)) { + _cmsFree(ContextID, (void*) v); + return NULL; + } } strncpy(v ->Prefix, Prefix, sizeof(v ->Prefix)-1); diff -r 99b7cd666944 -r 72af2394abce src/java.desktop/share/native/liblcms/cmsopt.c --- a/src/java.desktop/share/native/liblcms/cmsopt.c Thu Feb 23 03:43:29 2017 -0800 +++ b/src/java.desktop/share/native/liblcms/cmsopt.c Fri Feb 24 05:32:16 2017 -0800 @@ -1483,6 +1483,7 @@ // LUT optimizes to nothing. Set the identity LUT cmsStageFree(ObtainedCurves); + ObtainedCurves = NULL; if (!cmsPipelineInsertStage(Dest, cmsAT_BEGIN, cmsStageAllocIdentity(Dest ->ContextID, Src ->InputChannels))) goto Error; diff -r 99b7cd666944 -r 72af2394abce src/java.desktop/share/native/liblcms/cmstypes.c --- a/src/java.desktop/share/native/liblcms/cmstypes.c Thu Feb 23 03:43:29 2017 -0800 +++ b/src/java.desktop/share/native/liblcms/cmstypes.c Fri Feb 24 05:32:16 2017 -0800 @@ -4460,7 +4460,8 @@ NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans); if (NewLUT == NULL) return NULL; - if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL; + if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error; + if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error; if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) { if (NewLUT != NULL) cmsPipelineFree(NewLUT); @@ -4472,6 +4473,12 @@ *nItems = 1; return NewLUT; + // Error +Error: + if (NewLUT != NULL) cmsPipelineFree(NewLUT); + *nItems = 0; + return NULL; + cmsUNUSED_PARAMETER(SizeOfTag); } diff -r 99b7cd666944 -r 72af2394abce src/java.desktop/share/native/liblcms/lcms2.h --- a/src/java.desktop/share/native/liblcms/lcms2.h Thu Feb 23 03:43:29 2017 -0800 +++ b/src/java.desktop/share/native/liblcms/lcms2.h Fri Feb 24 05:32:16 2017 -0800 @@ -1836,7 +1836,7 @@ // Persistence CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromFile(cmsContext ContextID, const char* cFileName); -CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt32Number len); +CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, const void *Ptr, cmsUInt32Number len); // CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromIOhandler(cmsContext ContextID, cmsIOHANDLER* io); CMSAPI cmsBool CMSEXPORT cmsIT8SaveToFile(cmsHANDLE hIT8, const char* cFileName);