radload: improve sanity check of colour-related headers (#4384)

lovell · web-flow · commit ae14d974fe15 · 2025-02-11T11:52:49.000Z
Ensure PRIMARIES and COLORCORR have expected number of components
diff --git a/ChangeLog b/ChangeLog
@@ -21,6 +21,7 @@
 - morph: fix Orc path with large masks [kleisauke]
 - invertlut: fix final value in some cases
 - matrixload: fix file format detect for some matrix types
+- radload: improve sanity check of colour-related headers [lovell]
 
 10/10/24 8.16.0
 
diff --git a/libvips/foreign/radiance.c b/libvips/foreign/radiance.c
@@ -229,8 +229,8 @@ typedef float RGBPRIMS[4][2]; /* (x,y) chromaticities for RGBW */
 #define COLCORSTR "COLORCORR="
 #define LCOLCORSTR 10
 #define iscolcor(hl) (!strncmp(hl, COLCORSTR, LCOLCORSTR))
-#define colcorval(cc, hl) sscanf((hl) + LCOLCORSTR, "%f %f %f", \
-	&(cc)[RED], &(cc)[GRN], &(cc)[BLU])
+#define colcorval(cc, hl) (sscanf((hl) + LCOLCORSTR, "%f %f %f", \
+							   &(cc)[RED], &(cc)[GRN], &(cc)[BLU]) == 3)
 
 #define MINELEN 8	   /* minimum scanline length for encoding */
 #define MAXELEN 0x7fff /* maximum scanline length for encoding */
@@ -643,15 +643,17 @@ rad2vips_process_line(char *line, Read *read)
 		COLOR cc;
 		int i;
 
-		(void) colcorval(cc, line);
+		if (!colcorval(cc, line))
+			return -1;
 		for (i = 0; i < 3; i++)
 			read->colcor[i] *= cc[i];
 	}
 	else if (isaspect(line)) {
 		read->aspect *= aspectval(line);
 	}
 	else if (isprims(line)) {
-		(void) primsval(read->prims, line);
+		if (!primsval(read->prims, line))
+			return -1;
 	}
 
 	return 0;
