Thanks Louis, For sure that code will help a lot in the fixing of the vulnerabilities.
Many thanks for your contribution, Best regards Marti Maria The littleCMS project http://www.littlecms.com ----- Original Message ----- From: "Louis Solomon [SteelBytes]" <[EMAIL PROTECTED]> To: "Marti.Maria" <[EMAIL PROTECTED]> Sent: Monday, June 25, 2007 4:26 AM Subject: Re: [Lcms-user] error handling > If you have code dealing with those errors I don't. I just have code the causes these errors here's the experimental test harness I was using to create these crashes. just change the path of the icc file to whatever you choose, and compile and run. don't worry about the commented out stuff, that's just left overs from related experiments. Louis Solomon www.SteelBytes.com ----- Original Message ----- From: "Marti.Maria" <[EMAIL PROTECTED]> To: "Louis Solomon [SteelBytes]" <[EMAIL PROTECTED]>; "lcms-user" <lcms-user@lists.sourceforge.net> Sent: Sunday, June 24, 2007 3:03 AM Subject: Re: [Lcms-user] error handling > > Hi Louis, > > If you have code dealing with those errors and want to share it, please > let me know. I would be glad to add your modifications. > On the other hand I only have week ends for open source stuff > right now, so all that will be eventually fixed, but probably not very > soon. > > Anyway, see some of those alredy fixed in CVS, and in the > beta tarballs for 1.17 > > Regards > Marti Maria > The littleCMS project > http://www.littlecms.com > > ----- Original Message ----- > From: "Louis Solomon [SteelBytes]" <[EMAIL PROTECTED]> > To: "lcms-user" <lcms-user@lists.sourceforge.net> > Sent: Thursday, June 21, 2007 4:54 AM > Subject: Re: [Lcms-user] error handling > > > no comment Marti? > > mmmm ... should I fix it myself in the CVS on sourceforge? or should I > just > try and write a sploit :-) > > note: the one example of code that doesn't handle errors I posted > (cmsBuildOutputMatrixShaper), is just one of many points that failure that > I > am finding by doing a little fuzzing > > Louis Solomon > www.SteelBytes.com > > ----- Original Message ----- > From: "Louis Solomon [SteelBytes]" <[EMAIL PROTECTED]> > To: "lcms-user" <lcms-user@lists.sourceforge.net> > Sent: Wednesday, June 13, 2007 4:39 PM > Subject: [Lcms-user] error handling > > >> Is LCMS supposed to be able to recover from all errors if I use >> cmsSetErrorHandler and have my handler return 1? It doesn't. It >> recovers >> from most/many. >> >> eg, in cmsBuildOutputMatrixShaper, cmsReadICCGammaReversed does call the >> error handler on bad data, but cmsBuildOutputMatrixShaper still calls >> cmsAllocMatShaper which dies since InverseShapes[x] is NULL >> >> cmsBuildOutputMatrixShaper(...) >> { >> ... >> InverseShapes[0] = cmsReadICCGammaReversed(OutputProfile, >> icSigRedTRCTag); >> InverseShapes[1] = cmsReadICCGammaReversed(OutputProfile, >> icSigGreenTRCTag); >> InverseShapes[2] = cmsReadICCGammaReversed(OutputProfile, >> icSigBlueTRCTag); >> OutMatSh = cmsAllocMatShaper(&DoubleInv, InverseShapes, >> MATSHAPER_OUTPUT); >> ... >> } >> >> this is an easy enough problem to produce by taking an existing profile - >> throw some random data at it, and load it with cmsOpenProfileFromMem(). >> repeat this a few times, and you'll get a fatal exception >> >> hence using cmsSetErrorHandler doesn't stop a denial-of-service. >> >> Louis Solomon >> www.SteelBytes.com >> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by DB2 Express >> Download DB2 Express C - the FREE version of DB2 express and take >> control of your XML. No limits. Just data. Click to get it now. >> http://sourceforge.net/powerbar/db2/ >> _______________________________________________ >> Lcms-user mailing list >> Lcms-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/lcms-user > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Lcms-user mailing list > Lcms-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lcms-user > > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Lcms-user mailing list Lcms-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lcms-user
