Skip to content
Snippets Groups Projects
Commit ddaa7c4b authored by Jan Alexander Steffens (heftig)'s avatar Jan Alexander Steffens (heftig)
Browse files

1.4.1+6+gf08c25d-1

parent b867293c
No related branches found
Tags 1.4.1+6+gf08c25d-1
No related merge requests found
From 264981ddfd1984b25c629d8e3ef6cf25c70cc61a Mon Sep 17 00:00:00 2001
Message-Id: <264981ddfd1984b25c629d8e3ef6cf25c70cc61a.1513453349.git.jan.steffens@gmail.com>
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Sat, 16 Dec 2017 04:18:01 +0100
Subject: [PATCH 1/2] Make cd_color_get_blackbody_rgb_full safer
Validate arguments. If temp is divisible by 100, avoid interpolation
because it accesses beyond the data for temp == 10000.
---
lib/colord/cd-color.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/lib/colord/cd-color.c b/lib/colord/cd-color.c
index 6062595187616846..3907a7349c1351ba 100644
--- a/lib/colord/cd-color.c
+++ b/lib/colord/cd-color.c
@@ -29,6 +29,7 @@
#include "config.h"
#include <math.h>
+#include <stdlib.h>
#include <glib-object.h>
#include <lcms2.h>
@@ -1444,33 +1445,38 @@ cd_color_get_blackbody_rgb_full (gdouble temp,
CdColorBlackbodyFlags flags)
{
gboolean ret = TRUE;
- gdouble alpha;
- gint temp_index;
+ div_t temp_int;
const CdColorRGB *blackbody_func = blackbody_data_d65modified;
+ g_return_val_if_fail (!isnan (temp), FALSE);
+ g_return_val_if_fail (result != NULL, FALSE);
+
/* use modified curve */
if (flags & CD_COLOR_BLACKBODY_FLAG_USE_PLANCKIAN)
blackbody_func = blackbody_data_d65plankian;
/* check lower bound */
if (temp < 1000) {
ret = FALSE;
temp = 1000;
}
/* check upper bound */
if (temp > 10000) {
ret = FALSE;
temp = 10000;
}
/* bilinear interpolate the blackbody data */
- alpha = ((guint) temp % 100) / 100.0;
- temp_index = ((guint) temp - 1000) / 100;
- cd_color_rgb_interpolate (&blackbody_func[temp_index],
- &blackbody_func[temp_index + 1],
- alpha,
- result);
+ temp_int = div (temp, 100);
+ if (temp_int.rem == 0)
+ *result = blackbody_func[temp_int.quot - 10];
+ else
+ cd_color_rgb_interpolate (&blackbody_func[temp_int.quot - 10],
+ &blackbody_func[temp_int.quot - 9],
+ temp_int.rem / 100.0,
+ result);
+
return ret;
}
--
2.15.1
From 1b9d7f1c7e32c831157868b536bfaf4ce436c1ee Mon Sep 17 00:00:00 2001
Message-Id: <1b9d7f1c7e32c831157868b536bfaf4ce436c1ee.1513453349.git.jan.steffens@gmail.com>
In-Reply-To: <264981ddfd1984b25c629d8e3ef6cf25c70cc61a.1513453349.git.jan.steffens@gmail.com>
References: <264981ddfd1984b25c629d8e3ef6cf25c70cc61a.1513453349.git.jan.steffens@gmail.com>
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Sat, 16 Dec 2017 20:40:51 +0100
Subject: [PATCH 2/2] Avoid buffer overflow when reading profile_id
The profile ID is 16 bytes, not 4 bytes. Use the union type specified by
the LCMS API.
---
lib/colord/cd-icc.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/lib/colord/cd-icc.c b/lib/colord/cd-icc.c
index 99fa27b2988b26d0..8b7841fdd66de3f6 100644
--- a/lib/colord/cd-icc.c
+++ b/lib/colord/cd-icc.c
@@ -227,20 +227,20 @@ gchar *
cd_icc_to_string (CdIcc *icc)
{
CdIccPrivate *priv = GET_PRIVATE (icc);
+ cmsProfileID profile_id;
cmsInt32Number tag_size;
cmsTagSignature sig;
cmsTagSignature sig_link;
cmsTagTypeSignature tag_type;
gboolean ret;
gchar tag_str[5] = " ";
GDateTime *created;
GError *error_local = NULL;
GString *str;
guint32 i;
guint32 number_tags;
guint32 tmp;
guint64 header_flags;
- guint8 profile_id[4];
g_return_val_if_fail (CD_IS_ICC (icc), NULL);
@@ -335,12 +335,12 @@ cd_icc_to_string (CdIcc *icc)
g_string_append_printf (str, " Creator\t= %s\n", tag_str);
/* profile ID */
- cmsGetHeaderProfileID (priv->lcms_profile, profile_id);
- g_string_append_printf (str, " Profile ID\t= 0x%02x%02x%02x%02x\n",
- profile_id[0],
- profile_id[1],
- profile_id[2],
- profile_id[3]);
+ cmsGetHeaderProfileID (priv->lcms_profile, profile_id.ID8);
+ g_string_append_printf (str, " Profile ID\t= %08x%08x%08x%08x\n",
+ profile_id.ID32[0],
+ profile_id.ID32[1],
+ profile_id.ID32[2],
+ profile_id.ID32[3]);
/* print tags */
g_string_append (str, "\n");
--
2.15.1
......@@ -2,7 +2,7 @@
# Contributor: Ionut Biru <ibiru@archlinux.org>
pkgname=colord
pkgver=1.4.1
pkgver=1.4.1+6+gf08c25d
pkgrel=1
pkgdesc="System daemon for managing color devices"
arch=(x86_64)
......@@ -14,10 +14,14 @@ makedepends=(gobject-introspection vala sane bash-completion argyllcms git docbo
optdepends=('sane: scanner support'
'argyllcms: color profiling')
replaces=(shared-color-profiles)
install=colord.install
_commit=ef560710602ce590e72f8412cb200f68d6e3e153 # tags/1.4.1^0
source=("git+https://github.com/hughsie/colord#commit=$_commit")
sha1sums=('SKIP')
options=(!emptydirs)
_commit=f08c25ddd93ad3fa691172119a038465cd178420 # master
source=("git+https://github.com/hughsie/colord#commit=$_commit"
0001-Make-cd_color_get_blackbody_rgb_full-safer.patch
0002-Avoid-buffer-overflow-when-reading-profile_id.patch)
sha256sums=('SKIP'
'b804aa00631040fff7032af12c2c92c1b6de42b7adfd8d05671257071ef348ce'
'db50941a8f35f819123f4dac55269acf6e1916287c69087e69d506499c0ee974')
validpgpkeys=('163EB50119225DB3DF8F49EA17ACBA8DFA970E17')
pkgver() {
......@@ -26,20 +30,19 @@ pkgver() {
}
prepare() {
mkdir build
cd $pkgname
patch -Np1 -i ../0001-Make-cd_color_get_blackbody_rgb_full-safer.patch
patch -Np1 -i ../0002-Avoid-buffer-overflow-when-reading-profile_id.patch
}
build() {
cd build
meson setup --prefix=/usr --buildtype=release ../$pkgname \
--localstatedir=/var --libexecdir=/usr/lib/$pkgname \
arch-meson $pkgname build \
-Denable-libcolordcompat=true \
-Denable-sane=true \
-Denable-vala=true \
-Denable-print-profiles=true \
-Dwith-daemon-user=colord
ninja
ninja -C build
}
check() {
......@@ -48,11 +51,9 @@ check() {
}
package() {
cd build
DESTDIR="$pkgdir" ninja install
# the build system has no colord user, so the chown fails
chown -R 124:124 "$pkgdir/var/lib/colord"
DESTDIR="$pkgdir" ninja -C build install
echo 'u colord - "Color management daemon" /var/lib/colord' |
install -Dm644 /dev/stdin "$pkgdir/usr/lib/sysusers.d/$pkgname.conf"
}
# vim:set ts=2 sw=2 et:
post_install() {
getent group colord >/dev/null || groupadd -g 124 colord
getent passwd colord >/dev/null || useradd -d /var/lib/colord -u 124 -g colord -s /bin/false colord
}
post_upgrade() {
post_install
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment