changeset 8504:f02f003a47f0

8171261: Stability fixes for lcms Reviewed-by: serb, vadim, mschoene
author prr
date Fri, 07 Apr 2017 17:54:06 +0530
parents 0cf256d7a864
children 26aa66633abc
files src/share/native/sun/java2d/cmm/lcms/cmscgats.c src/share/native/sun/java2d/cmm/lcms/cmsnamed.c src/share/native/sun/java2d/cmm/lcms/cmsopt.c src/share/native/sun/java2d/cmm/lcms/cmstypes.c src/share/native/sun/java2d/cmm/lcms/lcms2.h
diffstat 5 files changed, 29 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/native/sun/java2d/cmm/lcms/cmscgats.c	Mon May 11 09:14:03 2015 -0700
+++ b/src/share/native/sun/java2d/cmm/lcms/cmscgats.c	Fri Apr 07 17:54:06 2017 +0530
@@ -900,7 +900,7 @@
             k = 0;
             NextCh(it8);
 
-            while (k < MAXSTR && it8->ch != sng) {
+            while (k < (MAXSTR-1) && it8->ch != sng) {
 
                 if (it8->ch == '\n'|| it8->ch == '\r') k = MAXSTR+1;
                 else {
@@ -2053,14 +2053,18 @@
 static
 void ReadType(cmsIT8* it8, char* SheetTypePtr)
 {
+    cmsInt32Number cnt = 0;
+
     // First line is a very special case.
 
     while (isseparator(it8->ch))
             NextCh(it8);
 
-    while (it8->ch != '\r' && it8 ->ch != '\n' && it8->ch != '\t' && it8 -> ch != -1) {
+    while (it8->ch != '\r' && it8 ->ch != '\n' && it8->ch != '\t' && it8 -> ch != 0) {
 
         *SheetTypePtr++= (char) it8 ->ch;
+        if (cnt++ < MAXSTR)
+            *SheetTypePtr++= (char) it8 ->ch;
         NextCh(it8);
     }
 
@@ -2253,7 +2257,7 @@
 // that should be something like some printable characters plus a \n
 // returns 0 if this is not like a CGATS, or an integer otherwise. This integer is the number of words in first line?
 static
-int IsMyBlock(cmsUInt8Number* Buffer, int n)
+int IsMyBlock(const cmsUInt8Number* Buffer, int n)
 {
     int words = 1, space = 0, quot = 0;
     int i;
@@ -2317,7 +2321,7 @@
 // ---------------------------------------------------------- Exported routines
 
 
-cmsHANDLE  CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt32Number len)
+cmsHANDLE  CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, const void *Ptr, cmsUInt32Number len)
 {
     cmsHANDLE hIT8;
     cmsIT8*  it8;
@@ -2326,7 +2330,7 @@
     _cmsAssert(Ptr != NULL);
     _cmsAssert(len != 0);
 
-    type = IsMyBlock((cmsUInt8Number*)Ptr, len);
+    type = IsMyBlock((const cmsUInt8Number*)Ptr, len);
     if (type == 0) return NULL;
 
     hIT8 = cmsIT8Alloc(ContextID);
--- a/src/share/native/sun/java2d/cmm/lcms/cmsnamed.c	Mon May 11 09:14:03 2015 -0700
+++ b/src/share/native/sun/java2d/cmm/lcms/cmsnamed.c	Fri Apr 07 17:54:06 2017 +0530
@@ -521,7 +521,11 @@
         size = v ->Allocated * 2;
 
     // Keep a maximum color lists can grow, 100K entries seems reasonable
-    if (size > 1024*100) return FALSE;
+    if (size > 1024 * 100) {
+        _cmsFree(v->ContextID, (void*) v->List);
+        v->List = NULL;
+        return FALSE;
+    }
 
     NewPtr = (_cmsNAMEDCOLOR*) _cmsRealloc(v ->ContextID, v ->List, size * sizeof(_cmsNAMEDCOLOR));
     if (NewPtr == NULL)
@@ -543,8 +547,11 @@
     v ->nColors   = 0;
     v ->ContextID  = ContextID;
 
-    while (v -> Allocated < n){
-        if (!GrowNamedColorList(v)) return NULL;
+    while (v -> Allocated < n) {
+        if (!GrowNamedColorList(v)) {
+            _cmsFree(ContextID, (void*) v);
+            return NULL;
+        }
     }
 
     strncpy(v ->Prefix, Prefix, sizeof(v ->Prefix)-1);
--- a/src/share/native/sun/java2d/cmm/lcms/cmsopt.c	Mon May 11 09:14:03 2015 -0700
+++ b/src/share/native/sun/java2d/cmm/lcms/cmsopt.c	Fri Apr 07 17:54:06 2017 +0530
@@ -1462,6 +1462,7 @@
 
         // LUT optimizes to nothing. Set the identity LUT
         cmsStageFree(ObtainedCurves);
+        ObtainedCurves = NULL;
 
         if (!cmsPipelineInsertStage(Dest, cmsAT_BEGIN, cmsStageAllocIdentity(Dest ->ContextID, Src ->InputChannels)))
             goto Error;
--- a/src/share/native/sun/java2d/cmm/lcms/cmstypes.c	Mon May 11 09:14:03 2015 -0700
+++ b/src/share/native/sun/java2d/cmm/lcms/cmstypes.c	Fri Apr 07 17:54:06 2017 +0530
@@ -4452,7 +4452,8 @@
     NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans);
     if (NewLUT == NULL) return NULL;
 
-    if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL;
+    if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error;
+    if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error;
 
     if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) {
         if (NewLUT != NULL) cmsPipelineFree(NewLUT);
@@ -4464,6 +4465,12 @@
     *nItems = 1;
     return NewLUT;
 
+    // Error
+Error:
+    if (NewLUT != NULL) cmsPipelineFree(NewLUT);
+    *nItems = 0;
+    return NULL;
+
     cmsUNUSED_PARAMETER(SizeOfTag);
 }
 
--- a/src/share/native/sun/java2d/cmm/lcms/lcms2.h	Mon May 11 09:14:03 2015 -0700
+++ b/src/share/native/sun/java2d/cmm/lcms/lcms2.h	Fri Apr 07 17:54:06 2017 +0530
@@ -1822,7 +1822,7 @@
 
 // Persistence
 CMSAPI cmsHANDLE        CMSEXPORT cmsIT8LoadFromFile(cmsContext ContextID, const char* cFileName);
-CMSAPI cmsHANDLE        CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt32Number len);
+CMSAPI cmsHANDLE        CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, const void *Ptr, cmsUInt32Number len);
 // CMSAPI cmsHANDLE        CMSEXPORT cmsIT8LoadFromIOhandler(cmsContext ContextID, cmsIOHANDLER* io);
 
 CMSAPI cmsBool          CMSEXPORT cmsIT8SaveToFile(cmsHANDLE hIT8, const char* cFileName);