summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkcwu <kcwu@chromium.org>2016-12-16 19:42:30 -0800
committerCommit bot <commit-bot@chromium.org>2016-12-16 19:42:30 -0800
commitda587fab57602e5e10c058e6e632df513fba0c93 (patch)
treed8afdd7bfae597a258fb63bb3be657d54a5f6378
parentd5b81ce5722398cc8c259d76e7cd1a5ddc2c562f (diff)
downloadpdfium-da587fab57602e5e10c058e6e632df513fba0c93.tar.xz
lcms: Sanitize floating point readchromium/2956chromium/2955
This is partially backported from upstream https://github.com/mm2/Little-CMS/commit/4011a6e3 BUG=chromium:665054 Review-Url: https://codereview.chromium.org/2577963007
-rw-r--r--third_party/lcms2-2.6/0015-sanitize-float-read.patch15
-rw-r--r--third_party/lcms2-2.6/README.pdfium2
-rw-r--r--third_party/lcms2-2.6/src/cmsplugin.c4
3 files changed, 20 insertions, 1 deletions
diff --git a/third_party/lcms2-2.6/0015-sanitize-float-read.patch b/third_party/lcms2-2.6/0015-sanitize-float-read.patch
new file mode 100644
index 0000000000..70dc7b35cf
--- /dev/null
+++ b/third_party/lcms2-2.6/0015-sanitize-float-read.patch
@@ -0,0 +1,15 @@
+diff --git a/third_party/lcms2-2.6/src/cmsplugin.c b/third_party/lcms2-2.6/src/cmsplugin.c
+index b95befb..4ba998b 100644
+--- a/third_party/lcms2-2.6/src/cmsplugin.c
++++ b/third_party/lcms2-2.6/src/cmsplugin.c
+@@ -182,7 +182,9 @@ cmsBool CMSEXPORT _cmsReadFloat32Number(cmsIOHANDLER* io, cmsFloat32Number* n)
+ if (isnan(*n))
+ return FALSE;
+ }
+- return TRUE;
++
++ // fpclassify() required by C99
++ return (fpclassify(*n) == FP_ZERO) || (fpclassify(*n) == FP_NORMAL);
+ }
+
+
diff --git a/third_party/lcms2-2.6/README.pdfium b/third_party/lcms2-2.6/README.pdfium
index 075d2e0727..c775609e07 100644
--- a/third_party/lcms2-2.6/README.pdfium
+++ b/third_party/lcms2-2.6/README.pdfium
@@ -25,4 +25,6 @@ Local Modifications:
https://github.com/mm2/Little-CMS/commit/c0a98d86
0013-utf8.patch: Encode source files as utf-8.
0014-avoid-fixed-inf.patch: Avoid fixed number LUT optimization on inf values.
+0015-sanitize-float-read.patch: Sanitize floating point read. Partially backport
+ from upstream https://github.com/mm2/Little-CMS/commit/4011a6e3
TODO(ochang): List other patches.
diff --git a/third_party/lcms2-2.6/src/cmsplugin.c b/third_party/lcms2-2.6/src/cmsplugin.c
index b95befbd96..42c4002b55 100644
--- a/third_party/lcms2-2.6/src/cmsplugin.c
+++ b/third_party/lcms2-2.6/src/cmsplugin.c
@@ -182,7 +182,9 @@ cmsBool CMSEXPORT _cmsReadFloat32Number(cmsIOHANDLER* io, cmsFloat32Number* n)
if (isnan(*n))
return FALSE;
}
- return TRUE;
+
+ // fpclassify() required by C99
+ return (fpclassify(*n) == FP_ZERO) || (fpclassify(*n) == FP_NORMAL);
}