From da587fab57602e5e10c058e6e632df513fba0c93 Mon Sep 17 00:00:00 2001 From: kcwu Date: Fri, 16 Dec 2016 19:42:30 -0800 Subject: lcms: Sanitize floating point read This is partially backported from upstream https://github.com/mm2/Little-CMS/commit/4011a6e3 BUG=chromium:665054 Review-Url: https://codereview.chromium.org/2577963007 --- third_party/lcms2-2.6/0015-sanitize-float-read.patch | 15 +++++++++++++++ third_party/lcms2-2.6/README.pdfium | 2 ++ third_party/lcms2-2.6/src/cmsplugin.c | 4 +++- 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 third_party/lcms2-2.6/0015-sanitize-float-read.patch diff --git a/third_party/lcms2-2.6/0015-sanitize-float-read.patch b/third_party/lcms2-2.6/0015-sanitize-float-read.patch new file mode 100644 index 0000000000..70dc7b35cf --- /dev/null +++ b/third_party/lcms2-2.6/0015-sanitize-float-read.patch @@ -0,0 +1,15 @@ +diff --git a/third_party/lcms2-2.6/src/cmsplugin.c b/third_party/lcms2-2.6/src/cmsplugin.c +index b95befb..4ba998b 100644 +--- a/third_party/lcms2-2.6/src/cmsplugin.c ++++ b/third_party/lcms2-2.6/src/cmsplugin.c +@@ -182,7 +182,9 @@ cmsBool CMSEXPORT _cmsReadFloat32Number(cmsIOHANDLER* io, cmsFloat32Number* n) + if (isnan(*n)) + return FALSE; + } +- return TRUE; ++ ++ // fpclassify() required by C99 ++ return (fpclassify(*n) == FP_ZERO) || (fpclassify(*n) == FP_NORMAL); + } + + diff --git a/third_party/lcms2-2.6/README.pdfium b/third_party/lcms2-2.6/README.pdfium index 075d2e0727..c775609e07 100644 --- a/third_party/lcms2-2.6/README.pdfium +++ b/third_party/lcms2-2.6/README.pdfium @@ -25,4 +25,6 @@ Local Modifications: https://github.com/mm2/Little-CMS/commit/c0a98d86 0013-utf8.patch: Encode source files as utf-8. 0014-avoid-fixed-inf.patch: Avoid fixed number LUT optimization on inf values. +0015-sanitize-float-read.patch: Sanitize floating point read. Partially backport + from upstream https://github.com/mm2/Little-CMS/commit/4011a6e3 TODO(ochang): List other patches. diff --git a/third_party/lcms2-2.6/src/cmsplugin.c b/third_party/lcms2-2.6/src/cmsplugin.c index b95befbd96..42c4002b55 100644 --- a/third_party/lcms2-2.6/src/cmsplugin.c +++ b/third_party/lcms2-2.6/src/cmsplugin.c @@ -182,7 +182,9 @@ cmsBool CMSEXPORT _cmsReadFloat32Number(cmsIOHANDLER* io, cmsFloat32Number* n) if (isnan(*n)) return FALSE; } - return TRUE; + + // fpclassify() required by C99 + return (fpclassify(*n) == FP_ZERO) || (fpclassify(*n) == FP_NORMAL); } -- cgit v1.2.3