summaryrefslogtreecommitdiff
path: root/third_party/lcms2-2.6/README.pdfium
AgeCommit message (Collapse)Author
2017-05-08[LCMS] Upstream direct leak fixNicolas Pena
This CL applies the following upstream patch: https://github.com/mm2/Little-CMS/commit/02c95fa76bdc4f73113373070278666f47aff82f Bug: chromium:718500 Change-Id: I7898b22e44a5ea5c0d1c301233037fbaabb8e327 Reviewed-on: https://pdfium-review.googlesource.com/5092 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-08[lcms] Verify enough data to service request before allocatingDan Sinclair
If the count of items is large enough, there maybe not enough data in the file to read. This Cl verifies we'll have enough data before attempting to allocate the memory to store the results. Bug: chromium:718504 Change-Id: I82e7df3511e529c4bd72a772e9d6e607a0615927 Reviewed-on: https://pdfium-review.googlesource.com/5110 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-02-27LCMS upstream patch to fix integer overflowsNicolas Pena
Patch: https://github.com/mm2/Little-CMS/commit/9f427d5ff544ab1be37f485ac13b2419a1610cc3 BUG=696430 Change-Id: I20b8b4aad565d6f6aaed8c66be7e9709eec2b5ce Reviewed-on: https://pdfium-review.googlesource.com/2849 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-02-22lcms upstream patches to fix security bugchromium/3021Nicolas Pena
Patch that fixes LUT consistency: https://github.com/mm2/Little-CMS/commit/9936ecf0745002cea8e46dc575079b4872e9af8c Patch that sanitizes MPE profiles: https://github.com/mm2/Little-CMS/commit/06662a755525586223efe1790da1497d5b2d9e67 BUG=675617 Change-Id: I9ccc4158432387360dcb358e2a015a9434df46e4 Reviewed-on: https://pdfium-review.googlesource.com/2820 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2016-12-16lcms: Sanitize floating point readchromium/2956chromium/2955kcwu
This is partially backported from upstream https://github.com/mm2/Little-CMS/commit/4011a6e3 BUG=chromium:665054 Review-Url: https://codereview.chromium.org/2577963007
2016-12-07lcms: avoid fixed number LUT optimization on inf valueskcwu
BUG=chromium:666705 Review-Url: https://codereview.chromium.org/2538703002
2016-12-02Encode lcms files as utf-8Scott Graham
The diff isn't well displayed in Rietveld, and I had to do some interpretation here, as it wasn't clear what code page these files were pretending to use. The left quotes were 0x92, the right quote + \n had been converted to ?, and the negative infinity was 0x96. (I assume maybe Mac something.) In any case, I tried to interpret the comments and make them something sensible. In the worst case, it's "only" comments that are broken, as no actual code was modified. R=tsepez@chromium.org, brucedawson@chroium.org BUG=637203,454858 Review URL: https://codereview.chromium.org/2545593002 .
2016-11-07lcms: backport upstream commit c0a98d86kcwu
This fixed several issues. BUG=chromium:654265,chromium:657282,chromium:654676,chromium:654313 Review-Url: https://codereview.chromium.org/2482523003
2016-11-07lcms: Fix memory leak in ReadSegmentedCurvekcwu
BUG=chromium:658223 Review-Url: https://codereview.chromium.org/2480013002
2016-10-17lcms: Revise previous cmsStageAllocMatrix fixkcwu
Also fixed wrong patch file name. This is fixup of 958e57cb and d2023170 TEST=apply this change in lcms' repo and make check BUG=chromium:651849,chromium:654198 Review-Url: https://codereview.chromium.org/2424803002
2016-10-17lcms: reject NaN when reading float numberskcwu
LerpFloat functions expect input values are normal float. They first clamp values to the range of [0.0, 1.0] and then calculate interpolation with the input values. If the input value is NaN, it will lead to heap buffer overflow because the index to LutTable is calculated based on the said value and fclamp(NaN) is not in expected [0.0, 1.0] range. This patch rejects all NaN values earlier when reading float numbers. So it also changed behavior for cases other than LerpFloat. I think it is okay because NaN doesn't make sense for usual calculations. BUG=654676 Review-Url: https://codereview.chromium.org/2422553002
2016-10-04Fix cmdStageAllocMatrix parameter swapkcwu
For cmdStageAllocMatrix, InputChans is length of Matrix, OutputChans is length of Offsets. The original code will allocate NewElem->Offset with length Cols=InputChans (cmslut.c:417). This results in heap buffer overflow later. BUG=chromium:651849 Review-Url: https://codereview.chromium.org/2384063006
2016-09-26Fix memory leak in lcms, MPEmatrix_Readkcwu
BUG=650277 Review-Url: https://codereview.chromium.org/2371723003
2016-09-22Fix memory leaks in lcmskcwu
found by libfuzzer Review-Url: https://codereview.chromium.org/2359243003
2016-09-22Fix use uninitialized value and stack buffer overflow readkcwu
Found by libfuzzer Review-Url: https://codereview.chromium.org/2362813002
2016-09-22Fix infinite loop when calling GrowNamedColorListkcwu
Handle the case that GrowNamedColorList return fail when list is too long. Otherwise the loop never ends. Found by libfuzzer Review-Url: https://codereview.chromium.org/2365663002
2016-06-03LCMS: Update FROM_16_TO_8 macro not to raise UBSan errorochang
Cherry-picked from upstream commit 6da55e0b51124b795b707d318c0e03252222ba06 BUG=chromium:616253 Review-Url: https://codereview.chromium.org/2034123003
2016-02-05lcms2: Fix a type confusion.chromium/2645chromium/2644chromium/2643Oliver Chang
R=tsepez@chromium.org BUG=584223 Review URL: https://codereview.chromium.org/1672163002 .