Hi,
I sent below mail to lcms-user the other day, but I could not find it
on the archive page.
Phil Race pointed me to a change that is pretty similar to mine,
great this is already being worked on!
I'm just wondering where my mail disappeared, maybe because
it had an attachment? Or is it because I just signed up to the list?
Best regards,
Goetz.
> -----Original Message-----
> From: Lindenmaier, Goetz
> Sent: Mittwoch, 14. Dezember 2016 16:01
> To: 'lcms-user@lists.sourceforge.net' <lcms-user@lists.sourceforge.net>
> Subject: Contribute fixed proposed by code scan
>
> Hi,
>
>
>
> I'm working at SAP where we are using and contributing to OpenJdk.
>
> We ran a code scan on the OpenJdk jdk9 sources and identified a few
>
> issues in the lcms coding.
>
>
>
> I tried to create a git pull request but somehow failed on my first
>
> few attempts, so I decided to use mail for now.
>
>
>
> Find the proposed changes below and attached in a patch file.
>
> The proposed changes in detail:
>
>
>
> cmserr.c
> Must check return value of ftell.
>
>
>
> cmsgamma.c
> Out32/out/in are used as arrays in called function.
>
> cmslut.c
> Out[] may be used uninitialized.
>
> cmstypes.c
> Must check return value of Tell. The negative outcome should not be passed
> to Seek.
>
> cmsxform.c
> Using uninitialized element of array wIn when calling *p->FromInput. (The
> function pointer resolves to Pack1Byte.)
> Using uninitialized element of array fIn when calling *p->FromInputFloat.
> (The function pointer resolves to PackDoublesFromFloat.)
> Using uninitialized element of array fIn when calling *p->FromInputFloat.
> (The function pointer resolves to PackDoublesFromFloat.)
>
> wOutOfGamut is used as array.
>
>
>
> Best regards,
>
> Goetz
>
>
>
>
>
>
>
> diff --git a/src/cmserr.c b/src/cmserr.c
>
> index 700152e..6856fb3 100644
>
> --- a/src/cmserr.c
>
> +++ b/src/cmserr.c
>
> @@ -54,6 +54,7 @@ long int CMSEXPORT cmsfilelength(FILE* f)
>
> long int p , n;
>
> p = ftell(f); // register current file position
>
> + if (p < 0) { return -1; }
>
> if (fseek(f, 0, SEEK_END) != 0) {
>
> return -1;
>
> diff --git a/src/cmsgamma.c b/src/cmsgamma.c
>
> index 3d59105..10fca01 100644
>
> --- a/src/cmsgamma.c
>
> +++ b/src/cmsgamma.c
>
> @@ -573,7 +573,7 @@ static
>
> cmsFloat64Number EvalSegmentedFn(const cmsToneCurve *g,
> cmsFloat64Number R)
>
> {
>
> int i;
>
> - cmsFloat32Number Out32;
>
> + cmsFloat32Number Out32[cmsMAXCHANNELS];
>
> cmsFloat64Number Out;
>
> for (i = g->nSegments - 1; i >= 0; --i) {
>
> @@ -589,18 +589,18 @@ cmsFloat64Number EvalSegmentedFn(const
> cmsToneCurve *g, cmsFloat64Number R)
>
> // Setup the table (TODO: clean that)
>
> g->SegInterp[i]->Table = g->Segments[i].SampledPoints;
>
> - g->SegInterp[i]->Interpolation.LerpFloat(&R1, &Out32, g-
> >SegInterp[i]);
>
> - Out = (cmsFloat64Number) Out32;
>
> + g->SegInterp[i]->Interpolation.LerpFloat(&R1, Out32, g-
> >SegInterp[i]);
>
> + Out = (cmsFloat64Number) Out32[0];
>
> }
>
> else {
>
> Out = g->Evals[i](g->Segments[i].Type,
> g->Segments[i].Params, R);
>
> }
>
> - if (isinf(Out))
>
> + if (isinf(Out)) {
>
> return PLUS_INF;
>
> - else
>
> - {
>
> + }
>
> + else {
>
> if (isinf(-Out))
>
> return MINUS_INF;
>
> }
>
> @@ -1223,12 +1223,12 @@ cmsFloat32Number CMSEXPORT
> cmsEvalToneCurveFloat(const cmsToneCurve* Curve, cmsF
>
> // We need xput over here
>
> cmsUInt16Number CMSEXPORT cmsEvalToneCurve16(const cmsToneCurve*
> Curve, cmsUInt16Number v)
>
> {
>
> - cmsUInt16Number out;
>
> + cmsUInt16Number out[cmsMAXCHANNELS];
>
> + cmsUInt16Number in[2] = {v, 0};
>
> _cmsAssert(Curve != NULL);
>
> -
>
> - Curve ->InterpParams ->Interpolation.Lerp16(&v, &out, Curve -
> >InterpParams);
>
> - return out;
>
> + Curve ->InterpParams ->Interpolation.Lerp16(in, out, Curve -
> >InterpParams);
>
> + return out[0];
>
> }
>
>
>
> diff --git a/src/cmslut.c b/src/cmslut.c
>
> index 0a13018..aa45929 100644
>
> --- a/src/cmslut.c
>
> +++ b/src/cmslut.c
>
> @@ -786,9 +786,12 @@ cmsBool CMSEXPORT
> cmsStageSampleCLut16bit(cmsStage* mpe, cmsSAMPLER16 Sampler, v
>
> In[t] = _cmsQuantizeVal(Colorant, nSamples[t]);
>
> }
>
> - if (clut ->Tab.T != NULL) {
>
> - for (t=0; t < nOutputs; t++)
>
> + for (t=0; t < nOutputs; t++) {
>
> + if (clut ->Tab.T != NULL) {
>
> Out[t] = clut->Tab.T[index + t];
>
> + } else {
>
> + Out[t] = 0;
>
> + }
>
> }
>
> if (!Sampler(In, Out, Cargo))
>
> diff --git a/src/cmstypes.c b/src/cmstypes.c
>
> index bf51326..9131d05 100644
>
> --- a/src/cmstypes.c
>
> +++ b/src/cmstypes.c
>
> @@ -2679,6 +2679,7 @@ cmsBool Type_LUTA2B_Write(struct
> _cms_typehandler_struct* self, cmsIOHANDLER* io
>
> cmsStage * CLUT = NULL;
>
> cmsUInt32Number offsetB = 0, offsetMat = 0, offsetM = 0, offsetC = 0,
> offsetA = 0;
>
> cmsUInt32Number BaseOffset, DirectoryPos, CurrentPos;
>
> + cmsInt32Number CurrentPos0;
>
> // Get the base for all offsets
>
> BaseOffset = io ->Tell(io) - sizeof(_cmsTagBase);
>
> @@ -2741,7 +2742,9 @@ cmsBool Type_LUTA2B_Write(struct
> _cms_typehandler_struct* self, cmsIOHANDLER* io
>
> if (!WriteSetOfCurves(self, io, cmsSigParametricCurveType, B)) return
> FALSE;
>
> }
>
> - CurrentPos = io ->Tell(io);
>
> + CurrentPos0 = io ->Tell(io);
>
> + if (CurrentPos0 < 0) { return FALSE; }
>
> + CurrentPos = (cmsUInt32Number)CurrentPos0;
>
> if (!io ->Seek(io, DirectoryPos)) return FALSE;
>
> @@ -2864,7 +2867,7 @@ cmsBool Type_LUTB2A_Write(struct
> _cms_typehandler_struct* self, cmsIOHANDLER* i
>
> cmsStage *CLUT = NULL;
>
> cmsUInt32Number offsetB = 0, offsetMat = 0, offsetM = 0, offsetC = 0,
> offsetA = 0;
>
> cmsUInt32Number BaseOffset, DirectoryPos, CurrentPos;
>
> -
>
> + cmsInt32Number CurrentPos0;
>
> BaseOffset = io ->Tell(io) - sizeof(_cmsTagBase);
>
> @@ -2920,7 +2923,9 @@ cmsBool Type_LUTB2A_Write(struct
> _cms_typehandler_struct* self, cmsIOHANDLER* i
>
> if (!WriteSetOfCurves(self, io, cmsSigParametricCurveType, B)) return
> FALSE;
>
> }
>
> - CurrentPos = io ->Tell(io);
>
> + CurrentPos0 = io ->Tell(io);
>
> + if (CurrentPos0 < 0) { return FALSE; }
>
> + CurrentPos = (cmsUInt32Number)CurrentPos0;
>
> if (!io ->Seek(io, DirectoryPos)) return FALSE;
>
> @@ -4478,6 +4483,7 @@ static
>
> cmsBool Type_MPE_Write(struct _cms_typehandler_struct* self,
> cmsIOHANDLER* io, void* Ptr, cmsUInt32Number nItems)
>
> {
>
> cmsUInt32Number i, BaseOffset, DirectoryPos, CurrentPos;
>
> + cmsInt32Number CurrentPos0;
>
> int inputChan, outputChan;
>
> cmsUInt32Number ElemCount;
>
> cmsUInt32Number *ElementOffsets = NULL, *ElementSizes = NULL, Before;
>
> @@ -4543,7 +4549,9 @@ cmsBool Type_MPE_Write(struct
> _cms_typehandler_struct* self, cmsIOHANDLER* io, v
>
> }
>
> // Write the directory
>
> - CurrentPos = io ->Tell(io);
>
> + CurrentPos0 = io ->Tell(io);
>
> + if (CurrentPos0 < 0) { goto Error; }
>
> + CurrentPos = (cmsUInt32Number)CurrentPos0;
>
> if (!io ->Seek(io, DirectoryPos)) goto Error;
>
> @@ -5169,7 +5177,8 @@ cmsBool Type_Dictionary_Write(struct
> _cms_typehandler_struct* self, cmsIOHANDLER
>
> cmsBool AnyName, AnyValue;
>
> cmsUInt32Number i, Count, Length;
>
> cmsUInt32Number DirectoryPos, CurrentPos, BaseOffset;
>
> - _cmsDICarray a;
>
> + cmsInt32Number CurrentPos0;
>
> + _cmsDICarray a;
>
> if (hDict == NULL) return FALSE;
>
> @@ -5219,7 +5228,10 @@ cmsBool Type_Dictionary_Write(struct
> _cms_typehandler_struct* self, cmsIOHANDLER
>
> }
>
> // Write the directory
>
> - CurrentPos = io ->Tell(io);
>
> + CurrentPos0 = io ->Tell(io);
>
> + if (CurrentPos0 < 0) { goto Error; }
>
> + CurrentPos = (cmsUInt32Number)CurrentPos0;
>
> +
>
> if (!io ->Seek(io, DirectoryPos)) goto Error;
>
> if (!WriteOffsetArray(io, &a, Count, Length)) goto Error;
>
> diff --git a/src/cmsxform.c b/src/cmsxform.c
>
> index 254d003..8107240 100644
>
> --- a/src/cmsxform.c
>
> +++ b/src/cmsxform.c
>
> @@ -255,6 +255,7 @@ void FloatXFORM(_cmsTRANSFORM* p,
>
> strideIn = 0;
>
> strideOut = 0;
>
> + memset(fIn, 0, sizeof(fIn));
>
> for (i = 0; i < LineCount; i++) {
>
> @@ -319,6 +320,7 @@ void NullFloatXFORM(_cmsTRANSFORM* p,
>
> strideIn = 0;
>
> strideOut = 0;
>
> + memset(fIn, 0, sizeof(fIn));
>
> for (i = 0; i < LineCount; i++) {
>
> @@ -356,6 +358,7 @@ void NullXFORM(_cmsTRANSFORM* p,
>
> strideIn = 0;
>
> strideOut = 0;
>
> + memset(wIn, 0, sizeof(wIn));
>
> for (i = 0; i < LineCount; i++) {
>
> @@ -393,6 +396,7 @@ void PrecalculatedXFORM(_cmsTRANSFORM* p,
>
> strideIn = 0;
>
> strideOut = 0;
>
> + memset(wIn, 0, sizeof(wIn));
>
> for (i = 0; i < LineCount; i++) {
>
> @@ -419,10 +423,10 @@ void
> TransformOnePixelWithGamutCheck(_cmsTRANSFORM* p,
>
> const cmsUInt16Number wIn[],
>
> cmsUInt16Number wOut[])
>
> {
>
> - cmsUInt16Number wOutOfGamut;
>
> + cmsUInt16Number wOutOfGamut[cmsMAXCHANNELS];
>
> - p ->GamutCheck ->Eval16Fn(wIn, &wOutOfGamut, p ->GamutCheck ->Data);
>
> - if (wOutOfGamut >= 1) {
>
> + p ->GamutCheck ->Eval16Fn(wIn, wOutOfGamut, p ->GamutCheck ->Data);
>
> + if (wOutOfGamut[0] >= 1) {
>
> cmsUInt16Number i;
>
> _cmsAlarmCodesChunkType* ContextAlarmCodes =
> (_cmsAlarmCodesChunkType*) _cmsContextGetClientChunk(p->ContextID,
> AlarmCodesContext);
>
> @@ -436,7 +440,7 @@ void
> TransformOnePixelWithGamutCheck(_cmsTRANSFORM* p,
>
> p ->Lut ->Eval16Fn(wIn, wOut, p -> Lut->Data);
>
> }
>
> -// Gamut check, No caché, 16 bits.
>
> +// Gamut check, No cache, 16 bits.
>
> static
>
> void PrecalculatedXFORMGamutCheck(_cmsTRANSFORM* p,
>
> const void* in,
>
> @@ -454,6 +458,7 @@ void
> PrecalculatedXFORMGamutCheck(_cmsTRANSFORM* p,
>
> strideIn = 0;
>
> strideOut = 0;
>
> + memset(wIn, 0, sizeof(wIn));
>
> for (i = 0; i < LineCount; i++) {
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Lcms-user mailing list
Lcms-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lcms-user
