Skip to content

Commit

Permalink
Add more checks to CGATS parser
Browse files Browse the repository at this point in the history 
For non-happy  path on crafted CGATS
  • Loading branch information
@mm2
mm2 committed Apr 11, 2024
1 parent af6c565 commit dbb4a1a
Showing 1 changed file with 13 additions and 5 deletions.
18 changes: 13 additions & 5 deletions src/cmscgats.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1375,17 +1375,21 @@ KEYVALUE* AddAvailableSampleID(cmsIT8* it8, const char* Key)


static
void AllocTable(cmsIT8* it8)
cmsBool AllocTable(cmsIT8* it8)
{
TABLE* t;

if (it8->TablesCount >= (MAXTABLES-1))
return FALSE;

t = it8 ->Tab + it8 ->TablesCount;

t->HeaderList = NULL;
t->DataFormat = NULL;
t->Data = NULL;

it8 ->TablesCount++;
return TRUE;
}


Expand All @@ -1397,7 +1401,10 @@ cmsInt32Number CMSEXPORT cmsIT8SetTable(cmsHANDLE IT8, cmsUInt32Number nTable)

if (nTable == it8 ->TablesCount) {

AllocTable(it8);
if (!AllocTable(it8)) {
SynError(it8, "Too many tables");
return -1;
}
}
else {
SynError(it8, "Table %d is out of sequence", nTable);
Expand Down Expand Up @@ -2197,8 +2204,8 @@ cmsBool HeaderSection(cmsIT8* it8)
if (!GetVal(it8, Buffer, MAXSTR - 1, "Property data expected")) return FALSE;

if (Key->WriteAs != WRITE_PAIR) {
AddToList(it8, &GetTable(it8)->HeaderList, VarName, NULL, Buffer,
(it8->sy == SSTRING) ? WRITE_STRINGIFY : WRITE_UNCOOKED);
if (AddToList(it8, &GetTable(it8)->HeaderList, VarName, NULL, Buffer,
(it8->sy == SSTRING) ? WRITE_STRINGIFY : WRITE_UNCOOKED) == NULL) return FALSE;
}
else {
const char *Subkey;
Expand Down Expand Up @@ -2306,7 +2313,8 @@ cmsBool ParseIT8(cmsIT8* it8, cmsBool nosheet)

if (it8 -> sy != SEOF) {

AllocTable(it8);
if (!AllocTable(it8)) return FALSE;

it8 ->nTable = it8 ->TablesCount - 1;

// Read sheet type if present. We only support identifier and string.
Expand Down

0 comments on commit dbb4a1a

Please sign in to comment.