Re: [Lcms-user] error handling

Wed, 20 Jun 2007 19:55:12 -0700 

no comment Marti?

mmmm ... should I fix it myself in the CVS on sourceforge?  or should I just 
try and write a sploit :-)

note:  the one example of code that doesn't handle errors I posted 
(cmsBuildOutputMatrixShaper), is just one of many points that failure that I 
am finding by doing a little fuzzing

Louis Solomon
www.SteelBytes.com

----- Original Message ----- 
From: "Louis Solomon [SteelBytes]" <[EMAIL PROTECTED]>
To: "lcms-user" <lcms-user@lists.sourceforge.net>
Sent: Wednesday, June 13, 2007 4:39 PM
Subject: [Lcms-user] error handling


> Is LCMS supposed to be able to recover from all errors if I use
> cmsSetErrorHandler and have my handler return 1?  It doesn't.  It recovers
> from most/many.
>
> eg, in cmsBuildOutputMatrixShaper, cmsReadICCGammaReversed does call the
> error handler on bad data, but cmsBuildOutputMatrixShaper still calls
> cmsAllocMatShaper which dies since InverseShapes[x] is NULL
>
> cmsBuildOutputMatrixShaper(...)
> {
>    ...
>    InverseShapes[0] = cmsReadICCGammaReversed(OutputProfile,
> icSigRedTRCTag);
>    InverseShapes[1] = cmsReadICCGammaReversed(OutputProfile,
> icSigGreenTRCTag);
>    InverseShapes[2] = cmsReadICCGammaReversed(OutputProfile,
> icSigBlueTRCTag);
>    OutMatSh = cmsAllocMatShaper(&DoubleInv, InverseShapes,
> MATSHAPER_OUTPUT);
>    ...
> }
>
> this is an easy enough problem to produce by taking an existing profile -
> throw some random data at it, and load it with cmsOpenProfileFromMem().
> repeat this a few times, and you'll get a fatal exception
>
> hence using cmsSetErrorHandler doesn't stop a denial-of-service.
>
> Louis Solomon
> www.SteelBytes.com
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Lcms-user mailing list
> Lcms-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lcms-user 


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Lcms-user mailing list
Lcms-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lcms-user

Reply via email to