From 7e915b145b5eb29520be27b84229aa4998274dc3 Mon Sep 17 00:00:00 2001 From: Nico Weber Date: Sun, 12 Feb 2023 10:33:53 -0500 Subject: LibGfx: Let ICC code validate tag data alignment Both when reading the main tag table and when reading embedded curve data in lutAToBType or lutBToAType. --- Userland/Libraries/LibGfx/ICC/Profile.cpp | 4 ++++ Userland/Libraries/LibGfx/ICC/TagTypes.cpp | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/Userland/Libraries/LibGfx/ICC/Profile.cpp b/Userland/Libraries/LibGfx/ICC/Profile.cpp index e85869ab28..92f964c121 100644 --- a/Userland/Libraries/LibGfx/ICC/Profile.cpp +++ b/Userland/Libraries/LibGfx/ICC/Profile.cpp @@ -558,6 +558,10 @@ ErrorOr Profile::read_header(ReadonlyBytes bytes) ErrorOr> Profile::read_tag(ReadonlyBytes bytes, u32 offset_to_beginning_of_tag_data_element, u32 size_of_tag_data_element) { + // "All tag data elements shall start on a 4-byte boundary (relative to the start of the profile data stream)" + if (offset_to_beginning_of_tag_data_element % 4 != 0) + return Error::from_string_literal("ICC::Profile: Tag data not aligned"); + if (offset_to_beginning_of_tag_data_element + size_of_tag_data_element > bytes.size()) return Error::from_string_literal("ICC::Profile: Tag data out of bounds"); diff --git a/Userland/Libraries/LibGfx/ICC/TagTypes.cpp b/Userland/Libraries/LibGfx/ICC/TagTypes.cpp index abc70d0356..978e41791a 100644 --- a/Userland/Libraries/LibGfx/ICC/TagTypes.cpp +++ b/Userland/Libraries/LibGfx/ICC/TagTypes.cpp @@ -382,6 +382,10 @@ static ErrorOr read_clut_data(ReadonlyBytes bytes, AdvancedLUTHeader c static ErrorOr read_curve(ReadonlyBytes bytes, u32 offset) { + // "All tag data elements shall start on a 4-byte boundary (relative to the start of the profile data stream)" + if (offset % 4 != 0) + return Error::from_string_literal("ICC::Profile: lut curve data not aligned"); + // See read_curves() below. if (offset + sizeof(u32) > bytes.size()) return Error::from_string_literal("ICC::Profile: not enough data for lut curve type"); -- cgit v1.2.3