From 6a5752bcebd674dcc83b9bbc1664880132e45d90 Mon Sep 17 00:00:00 2001 From: Tor Andersson Date: Wed, 7 Nov 2018 23:05:43 +0100 Subject: Fix 698971: Detect ICC colorspace mismatch in TIFF loader. Make sure that the ICC colorspace has the same number of components as the photometric interpretation. --- source/fitz/load-tiff.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'source/fitz/load-tiff.c') diff --git a/source/fitz/load-tiff.c b/source/fitz/load-tiff.c index 0e58859d..404af929 100644 --- a/source/fitz/load-tiff.c +++ b/source/fitz/load-tiff.c @@ -1105,6 +1105,35 @@ tiff_ycc_to_rgb(fz_context *ctx, struct tiff *tiff) } } +static int +tiff_components_from_photometric(int photometric) +{ + switch (photometric) + { + case 0: /* WhiteIsZero */ + return 1; + case 1: /* BlackIsZero */ + return 1; + case 2: /* RGB */ + return 3; + case 3: /* RGBPal */ + return 3; + case 5: /* CMYK */ + return 4; + case 6: /* YCbCr */ + return 3; + case 8: /* Direct L*a*b* encoding. a*, b* signed values */ + case 9: /* ICC Style L*a*b* encoding */ + return 3; + case 32844: /* SGI CIE Log 2 L (16bpp Greyscale) */ + return 1; + case 32845: /* SGI CIE Log 2 L, u, v (24bpp or 32bpp) */ + return 3; + default: + return 0; + } +} + static void tiff_decode_ifd(fz_context *ctx, struct tiff *tiff) { @@ -1143,6 +1172,8 @@ tiff_decode_ifd(fz_context *ctx, struct tiff *tiff) { buff = fz_new_buffer_from_copied_data(ctx, tiff->profile, tiff->profilesize); tiff->colorspace = fz_new_icc_colorspace(ctx, FZ_COLORSPACE_NONE, buff); + if (fz_colorspace_n(ctx, tiff->colorspace) != tiff_components_from_photometric(tiff->photometric)) + fz_throw(ctx, FZ_ERROR_GENERIC, "embedded ICC profile colorspace mismatch"); } fz_always(ctx) fz_drop_buffer(ctx, buff); -- cgit v1.2.3