Hi All, I have a question about an already applied patch for CVE-2009-0793. Here is the patch that was apparently applied:
https://bugzilla.redhat.com/attachment.cgi?id=337279 Looking at this patch, I am not sure I understand why the first check for NULL was put in after the call to FromLstarToXYZ. The FromLstartToXYZ attempts to dereference its first parameter within the first few lines of the function. I would have expected something more like this: --- cmsxform.c.orig 2009-07-10 10:19:45.000000000 -0600 +++ cmsxform.c 2009-07-10 10:43:43.000000000 -0600 @@ -658,11 +658,9 @@ LPGAMMATABLE Shapes1[3]; GrayTRC = cmsReadICCGamma(hProfile, icSigGrayTRCTag); + if (GrayTRC == NULL) return NULL; FromLstarToXYZ(GrayTRC, Shapes1); - if (GrayTRC == NULL) - return NULL; - // Reversing must be done after curve translation Shapes[0] = cmsReverseGamma(Shapes1[0]->nEntries, Shapes1[0]); Am I missing something? Thanks, Brian ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Lcms-user mailing list Lcms-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lcms-user
