diff options
| author | Nicolas Pena <npm@chromium.org> | 2017-08-22 11:01:51 -0400 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-08-25 18:03:45 +0000 |
| commit | 175a8588f4290df8ec32d697c0248eb5c6b2c396 (patch) | |
| tree | 43822c8c1beb00fd05623292def2da96b5c294bb | |
| parent | 8ada2ef8000abce4eb98506cc6195c78067f1000 (diff) | |
| download | pdfium-175a8588f4290df8ec32d697c0248eb5c6b2c396.tar.xz | |
Do not QuickFloor on cmsintrp
In this CL, the flag CMS_DONT_USE_FAST_FLOOR is set to true because quickfloor
could cause heap-buffer-overflow due to flooring errors. In the testcase for
the bug, Input[2] is a number very close but smaller than 1 such that
quickfloor returned 1 (whereas Input[2] >= 1.0 was false).
Bug: chromium:752725
Change-Id: Ibb1763aa120a600e86602f1a46c4cd6d0d6bebd5
Reviewed-on: https://pdfium-review.googlesource.com/11310
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
| -rw-r--r-- | third_party/lcms/0028-do-not-quickfloor.patch | 13 | ||||
| -rw-r--r-- | third_party/lcms/README.pdfium | 1 | ||||
| -rw-r--r-- | third_party/lcms/include/lcms2.h | 2 |
3 files changed, 15 insertions, 1 deletions
diff --git a/third_party/lcms/0028-do-not-quickfloor.patch b/third_party/lcms/0028-do-not-quickfloor.patch new file mode 100644 index 0000000000..598917a939 --- /dev/null +++ b/third_party/lcms/0028-do-not-quickfloor.patch @@ -0,0 +1,13 @@ +diff --git a/third_party/lcms/include/lcms2.h b/third_party/lcms/include/lcms2.h +index 739e6e1f8..c84a4fd93 100644 +--- a/third_party/lcms/include/lcms2.h ++++ b/third_party/lcms/include/lcms2.h +@@ -38,7 +38,7 @@ + // #define CMS_DONT_USE_INT64 1 + + // Uncomment this if your compiler doesn't work with fast floor function +-// #define CMS_DONT_USE_FAST_FLOOR 1 ++#define CMS_DONT_USE_FAST_FLOOR 1 + + // Uncomment this line if you want lcms to use the black point tag in profile, + // if commented, lcms will compute the black point by its own. diff --git a/third_party/lcms/README.pdfium b/third_party/lcms/README.pdfium index 3167130c56..f8fe7e749e 100644 --- a/third_party/lcms/README.pdfium +++ b/third_party/lcms/README.pdfium @@ -39,3 +39,4 @@ Local Modifications: 0025-upstream-direct-leak-Type_MPE_Read.patch: fix leak in cmstypes.c. 0026-more-unsupported-characters.patch: remove other unsupported characters. 0027-changes-from-beginning-of-time.patch: commented changes from initial commit. +0028-do-not-quickfloor.patch: flooring errors may cause heap-buffer-overflow. diff --git a/third_party/lcms/include/lcms2.h b/third_party/lcms/include/lcms2.h index 739e6e1f82..c84a4fd937 100644 --- a/third_party/lcms/include/lcms2.h +++ b/third_party/lcms/include/lcms2.h @@ -38,7 +38,7 @@ // #define CMS_DONT_USE_INT64 1 // Uncomment this if your compiler doesn't work with fast floor function -// #define CMS_DONT_USE_FAST_FLOOR 1 +#define CMS_DONT_USE_FAST_FLOOR 1 // Uncomment this line if you want lcms to use the black point tag in profile, // if commented, lcms will compute the black point by its own. |