From 89a2d92549d25df6786d53de5671eb141e1fd3e2 Mon Sep 17 00:00:00 2001 From: kcwu Date: Tue, 22 Nov 2016 11:37:16 -0800 Subject: pdfium: Fix inconsistent number of color components of ICC profile fx_codec_icc.cpp specify default number of color components as 3 for unknown profiles. However, lcms may know such profile with different number of components. The inconsistency may lead to array access violation. This CL uses cmsChannelsOf() from lcms to ensure consistency. And rejects unexpected number according to PDF spec. BUG=chromium:667694 Review-Url: https://codereview.chromium.org/2522933002 --- core/fxcodec/codec/fx_codec_icc.cpp | 38 +++++++++---------------------------- 1 file changed, 9 insertions(+), 29 deletions(-) (limited to 'core/fxcodec') diff --git a/core/fxcodec/codec/fx_codec_icc.cpp b/core/fxcodec/codec/fx_codec_icc.cpp index 085452223d..f77c8507bf 100644 --- a/core/fxcodec/codec/fx_codec_icc.cpp +++ b/core/fxcodec/codec/fx_codec_icc.cpp @@ -8,12 +8,6 @@ #include "core/fxcodec/fx_codec.h" #include "third_party/lcms2-2.6/include/lcms2.h" -const uint32_t N_COMPONENT_LAB = 3; -const uint32_t N_COMPONENT_GRAY = 1; -const uint32_t N_COMPONENT_RGB = 3; -const uint32_t N_COMPONENT_CMYK = 4; -const uint32_t N_COMPONENT_DEFAULT = 3; - struct CLcmsCmm { cmsHTRANSFORM m_hTransform; int m_nSrcComponents; @@ -57,28 +51,6 @@ bool CheckComponents(cmsColorSpaceSignature cs, int nComponents, bool bDst) { return true; } -uint32_t GetCSComponents(cmsColorSpaceSignature cs) { - uint32_t components; - switch (cs) { - case cmsSigLabData: - components = N_COMPONENT_LAB; - break; - case cmsSigGrayData: - components = N_COMPONENT_GRAY; - break; - case cmsSigRgbData: - components = N_COMPONENT_RGB; - break; - case cmsSigCmykData: - components = N_COMPONENT_CMYK; - break; - default: - components = N_COMPONENT_DEFAULT; - break; - } - return components; -} - void* IccLib_CreateTransform(const unsigned char* pSrcProfileData, uint32_t dwSrcProfileSize, uint32_t& nSrcComponents, @@ -108,7 +80,15 @@ void* IccLib_CreateTransform(const unsigned char* pSrcProfileData, int srcFormat; bool bLab = false; cmsColorSpaceSignature srcCS = cmsGetColorSpace(srcProfile); - nSrcComponents = GetCSComponents(srcCS); + + nSrcComponents = cmsChannelsOf(srcCS); + // According to PDF spec, number of components must be 1, 3, or 4. + if (nSrcComponents != 1 && nSrcComponents != 3 && nSrcComponents != 4) { + cmsCloseProfile(srcProfile); + cmsCloseProfile(dstProfile); + return nullptr; + } + if (srcCS == cmsSigLabData) { srcFormat = COLORSPACE_SH(PT_Lab) | CHANNELS_SH(nSrcComponents) | BYTES_SH(0); -- cgit v1.2.3