From b161f5ea05688ef151a28f89227384326e9411c3 Mon Sep 17 00:00:00 2001 From: Nico Weber Date: Thu, 23 Feb 2023 10:53:44 -0500 Subject: [PATCH] LibGfx: Make ICC reader check that profile size is a multiple of 4 With this, I would've found e8bd067ce5f7 earlier. (If this turns out to be too strict in practice, we can always relax it again.) --- Userland/Libraries/LibGfx/ICC/Profile.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Userland/Libraries/LibGfx/ICC/Profile.cpp b/Userland/Libraries/LibGfx/ICC/Profile.cpp index 6739d844a4..f0afe9c7b9 100644 --- a/Userland/Libraries/LibGfx/ICC/Profile.cpp +++ b/Userland/Libraries/LibGfx/ICC/Profile.cpp @@ -72,6 +72,11 @@ ErrorOr parse_size(ICCHeader const& header, ReadonlyBytes icc_bytes) if (header.profile_size > icc_bytes.size()) return Error::from_string_literal("ICC::Profile: Profile size larger than input data"); + // ICC v4, 7.1.2: + // "NOTE 1 This implies that the length is required to be a multiple of four." + if (header.profile_size % 4 != 0) + return Error::from_string_literal("ICC::Profile: Profile size not a multiple of four"); + return header.profile_size; }