Summary: | some of the .icm profiles provided are not 4 bytes padded (as requiered by specification) | ||
---|---|---|---|
Product: | [Applications] krita | Reporter: | Francesco Riosa <vivo75+kde> |
Component: | General | Assignee: | Krita Bugs <krita-bugs-null> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | halla, johu |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Other | ||
OS: | Linux | ||
URL: | https://bugs.gentoo.org/show_bug.cgi?id=466798 | ||
Latest Commit: | Version Fixed In: | ||
Attachments: | calligra_icm.zip |
Description
Francesco Riosa
2013-05-09 17:19:16 UTC
Created attachment 79805 [details]
calligra_icm.zip
the three files padded and with header modified
nearly forgotten but important, from: https://bugs.gentoo.org/show_bug.cgi?id=466798#c12 Hi, that's Marti, the author of lcms. I've taken a look on that and those bogus profiles comes from diverse origins. The "2.1" and "2.3" version stamp you see in the profile does *not* refer to littlecms library, but to the ICC spec they are supposed to follow. Current ICC spec is 4.3, so go figure how old those profiles are. I can identify lcmslab and lcmsxyz as being prototypes created by myself about 15 years ago, in the old days of lcms 1.1 I would just discard those profiles as they are actually useless. For the remaining ones, I searching in my profile collection I can find same file names but with size multiple of 4. I wonder if any spare bytes have been added by I don't know which magic process. Otherwise, the check is fine but probably too restrictive for untrusted environments and too permissive if you want to take security into account. The profile header contains the expected length, I would check that field and probably the MD5 id if you want to make sure the profile have not been stamped. Thanks! I'll follow the suggestions to remove the lcms profiles and use your padded scRGB profile (which we created ourselves, iirc). Git commit d97b7d6a5e46c057f6660cd76409b2eb62943612 by Boudewijn Rempt. Committed on 18/05/2013 at 10:53. Pushed by rempt into branch 'master'. Update the scRGB profile M +- -- krita/data/profiles/scRGB.icm http://commits.kde.org/calligra/d97b7d6a5e46c057f6660cd76409b2eb62943612 Git commit 20556d6bb8b5e1ed72fd1dbf64b02e3c6aaff378 by Boudewijn Rempt. Committed on 18/05/2013 at 10:53. Pushed by rempt into branch 'calligra/2.7'. Update the scRGB profile M +- -- krita/data/profiles/scRGB.icm http://commits.kde.org/calligra/20556d6bb8b5e1ed72fd1dbf64b02e3c6aaff378 |