Guard against integer overflow when classifying transfer functions
Bug: chromium:1016183
Change-Id: I9ad5a18a5941661dbd88963d70a043cbe5dcc470
Reviewed-on: https://skia-review.googlesource.com/c/skcms/+/251245
Reviewed-by: Mike Klein <mtklein@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
diff --git a/skcms.cc b/skcms.cc
index 6b4d87b..99b2d87 100644
--- a/skcms.cc
+++ b/skcms.cc
@@ -137,10 +137,10 @@
, TF_HLGish* hlg = nullptr) {
if (tf.g < 0 && (int)tf.g == tf.g) {
// TODO: sanity checks for PQ/HLG like we do for sRGBish.
- switch (-(int)tf.g) {
- case PQish: if (pq ) { memcpy(pq , &tf.a, sizeof(*pq )); } return PQish;
- case HLGish: if (hlg) { memcpy(hlg, &tf.a, sizeof(*hlg)); } return HLGish;
- case HLGinvish: if (hlg) { memcpy(hlg, &tf.a, sizeof(*hlg)); } return HLGinvish;
+ switch ((int)tf.g) {
+ case -PQish: if (pq ) { memcpy(pq , &tf.a, sizeof(*pq )); } return PQish;
+ case -HLGish: if (hlg) { memcpy(hlg, &tf.a, sizeof(*hlg)); } return HLGish;
+ case -HLGinvish: if (hlg) { memcpy(hlg, &tf.a, sizeof(*hlg)); } return HLGinvish;
}
return Bad;
}
