From: Øyvind Kolås <pippin@gimp.org>
Date: Wed, 24 Aug 2022 11:23:15 +0000 (+0200)
Subject: ICC: verify validity of data-ranges for ICC tags
X-Git-Tag: archive/raspbian/1%0.1.106-3+rpi1^2~15^2~1^2~3
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=8f91c5ac7a6ebe90ab484ec91fc6c4edba48581f;p=babl.git

ICC: verify validity of data-ranges for ICC tags

Fixing issue #78
---

diff --git a/babl/babl-icc.c b/babl/babl-icc.c
index fa461cd..3deb29b 100644
--- a/babl/babl-icc.c
+++ b/babl/babl-icc.c
@@ -365,6 +365,14 @@ icc_tag (ICC        *state,
           *offset = icc_read (u32, TAG_COUNT_OFF + 4 + 12* t + 4);
         if (el_length)
           *el_length = icc_read (u32, TAG_COUNT_OFF + 4 + 12* t + 4*2);
+
+        if (*offset + *el_length > state->length || *offset < 0)
+        {
+           *offset = 0;
+           *el_length = 0;
+           return 0; // broken input
+        }
+
         return 1;
      }
   }