Hi Louis, If you have code dealing with those errors and want to share it, please let me know. I would be glad to add your modifications. On the other hand I only have week ends for open source stuff right now, so all that will be eventually fixed, but probably not very soon.
Anyway, see some of those alredy fixed in CVS, and in the beta tarballs for 1.17 Regards Marti Maria The littleCMS project http://www.littlecms.com ----- Original Message ----- From: "Louis Solomon [SteelBytes]" <[EMAIL PROTECTED]> To: "lcms-user" <lcms-user@lists.sourceforge.net> Sent: Thursday, June 21, 2007 4:54 AM Subject: Re: [Lcms-user] error handling no comment Marti? mmmm ... should I fix it myself in the CVS on sourceforge? or should I just try and write a sploit :-) note: the one example of code that doesn't handle errors I posted (cmsBuildOutputMatrixShaper), is just one of many points that failure that I am finding by doing a little fuzzing Louis Solomon www.SteelBytes.com ----- Original Message ----- From: "Louis Solomon [SteelBytes]" <[EMAIL PROTECTED]> To: "lcms-user" <lcms-user@lists.sourceforge.net> Sent: Wednesday, June 13, 2007 4:39 PM Subject: [Lcms-user] error handling > Is LCMS supposed to be able to recover from all errors if I use > cmsSetErrorHandler and have my handler return 1? It doesn't. It recovers > from most/many. > > eg, in cmsBuildOutputMatrixShaper, cmsReadICCGammaReversed does call the > error handler on bad data, but cmsBuildOutputMatrixShaper still calls > cmsAllocMatShaper which dies since InverseShapes[x] is NULL > > cmsBuildOutputMatrixShaper(...) > { > ... > InverseShapes[0] = cmsReadICCGammaReversed(OutputProfile, > icSigRedTRCTag); > InverseShapes[1] = cmsReadICCGammaReversed(OutputProfile, > icSigGreenTRCTag); > InverseShapes[2] = cmsReadICCGammaReversed(OutputProfile, > icSigBlueTRCTag); > OutMatSh = cmsAllocMatShaper(&DoubleInv, InverseShapes, > MATSHAPER_OUTPUT); > ... > } > > this is an easy enough problem to produce by taking an existing profile - > throw some random data at it, and load it with cmsOpenProfileFromMem(). > repeat this a few times, and you'll get a fatal exception > > hence using cmsSetErrorHandler doesn't stop a denial-of-service. > > Louis Solomon > www.SteelBytes.com > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Lcms-user mailing list > Lcms-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lcms-user ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Lcms-user mailing list Lcms-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lcms-user ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Lcms-user mailing list Lcms-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lcms-user
