LibGfx: Make ICC reader check that profile size is a multiple of 4

With this, I would've found e8bd067ce5f7 earlier. (If this turns out to be too strict in practice, we can always relax it again.)
author: Nico Weber <thakis@chromium.org> 2023-02-23 10:53:44 -0500
committer: Linus Groh <mail@linusgroh.de> 2023-02-24 19:17:20 +0100
commit: b161f5ea05688ef151a28f89227384326e9411c3 (patch)
tree: 27b1032fa7eff5aef6b75428d42ec29d8d705cb3
parent: d7f348ab50f10bc06cfe2420bf0b10616ecc3c2a (diff)
download: serenity-b161f5ea05688ef151a28f89227384326e9411c3.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/Userland/Libraries/LibGfx/ICC/Profile.cpp b/Userland/Libraries/LibGfx/ICC/Profile.cpp
index 6739d844a4..f0afe9c7b9 100644
--- a/Userland/Libraries/LibGfx/ICC/Profile.cpp
+++ b/Userland/Libraries/LibGfx/ICC/Profile.cpp
@@ -72,6 +72,11 @@ ErrorOr<u32> parse_size(ICCHeader const& header, ReadonlyBytes icc_bytes)
     if (header.profile_size > icc_bytes.size())
         return Error::from_string_literal("ICC::Profile: Profile size larger than input data");
 
+    // ICC v4, 7.1.2:
+    // "NOTE 1 This implies that the length is required to be a multiple of four."
+    if (header.profile_size % 4 != 0)
+        return Error::from_string_literal("ICC::Profile: Profile size not a multiple of four");
+
     return header.profile_size;
 }
author	Nico Weber <thakis@chromium.org>	2023-02-23 10:53:44 -0500
committer	Linus Groh <mail@linusgroh.de>	2023-02-24 19:17:20 +0100
commit	b161f5ea05688ef151a28f89227384326e9411c3 (patch)
tree	27b1032fa7eff5aef6b75428d42ec29d8d705cb3
parent	d7f348ab50f10bc06cfe2420bf0b10616ecc3c2a (diff)
download	serenity-b161f5ea05688ef151a28f89227384326e9411c3.zip