Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 e11425cb 编写于 作者: B bae
浏览文件
操作

6899653: Sun Java Runtime CMM readMabCurveData Buffer Overflow Vulnerability 

Reviewed-by: prr, hawtin
上级 a5fd5646
隐藏空白更改
内联 并排
Showing with 7 addition and 0 deletion
src/share/native/sun/java2d/cmm/lcms/cmsio1.c
浏览文件 @ e11425cb
...@@ -1433,6 +1433,9 @@ LPLUT LCMSEXPORT cmsReadICCLut(cmsHPROFILE hProfile, icTagSignature sig) ...@@ -1433,6 +1433,9 @@ LPLUT LCMSEXPORT cmsReadICCLut(cmsHPROFILE hProfile, icTagSignature sig)
// If is in memory, the LUT is already there, so throw a copy // If is in memory, the LUT is already there, so throw a copy
if (Icc -> TagPtrs[n]) { if (Icc -> TagPtrs[n]) {
if (!_cmsValidateLUT((LPLUT) Icc ->TagPtrs[n])) {
return NULL;
}
return cmsDupLUT((LPLUT) Icc ->TagPtrs[n]); return cmsDupLUT((LPLUT) Icc ->TagPtrs[n]);
} }
......
src/share/native/sun/java2d/cmm/lcms/cmsxform.c
浏览文件 @ e11425cb
...@@ -1969,6 +1969,10 @@ cmsHTRANSFORM LCMSEXPORT cmsCreateMultiprofileTransform(cmsHPROFILE hProfiles[], ...@@ -1969,6 +1969,10 @@ cmsHTRANSFORM LCMSEXPORT cmsCreateMultiprofileTransform(cmsHPROFILE hProfiles[],
goto ErrorCleanup; goto ErrorCleanup;
} }
if (Transforms[i] == NULL) {
cmsSignalError(LCMS_ERRC_ABORTED, "cmsCreateMultiprofileTransform: unable to create transform");
goto ErrorCleanup;
}
CurrentColorSpace = ColorSpaceOut; CurrentColorSpace = ColorSpaceOut;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册