Hi Brian, You are right, the patch is buggy. I will fix it in the next release. Thanks for let me know. Marti
> Hi All, > > I have a question about an already applied patch for CVE-2009-0793. > Here is the patch that was apparently applied: > > https://bugzilla.redhat.com/attachment.cgi?id=337279 > > Looking at this patch, I am not sure I understand why the first check for > NULL was put in after the call to FromLstarToXYZ. The FromLstartToXYZ > attempts to dereference its first parameter within the first few lines of > the function. > > I would have expected something more like this: > > --- cmsxform.c.orig 2009-07-10 10:19:45.000000000 -0600 > +++ cmsxform.c 2009-07-10 10:43:43.000000000 -0600 > @@ -658,11 +658,9 @@ > LPGAMMATABLE Shapes1[3]; > > GrayTRC = cmsReadICCGamma(hProfile, icSigGrayTRCTag); > + if (GrayTRC == NULL) return NULL; > FromLstarToXYZ(GrayTRC, Shapes1); > > - if (GrayTRC == NULL) > - return NULL; > - > // Reversing must be done after curve translation > > Shapes[0] = cmsReverseGamma(Shapes1[0]->nEntries, > Shapes1[0]); > > > Am I missing something? > > Thanks, > Brian ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Lcms-user mailing list Lcms-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lcms-user
