From 8f91c5ac7a6ebe90ab484ec91fc6c4edba48581f Mon Sep 17 00:00:00 2001 From: =?utf8?q?=C3=98yvind=20Kol=C3=A5s?= Date: Wed, 24 Aug 2022 13:23:15 +0200 Subject: [PATCH] ICC: verify validity of data-ranges for ICC tags Fixing issue #78 --- babl/babl-icc.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/babl/babl-icc.c b/babl/babl-icc.c index fa461cd..3deb29b 100644 --- a/babl/babl-icc.c +++ b/babl/babl-icc.c @@ -365,6 +365,14 @@ icc_tag (ICC *state, *offset = icc_read (u32, TAG_COUNT_OFF + 4 + 12* t + 4); if (el_length) *el_length = icc_read (u32, TAG_COUNT_OFF + 4 + 12* t + 4*2); + + if (*offset + *el_length > state->length || *offset < 0) + { + *offset = 0; + *el_length = 0; + return 0; // broken input + } + return 1; } } -- 2.30.2