From f528ec47facaaa966b600a8e424add7cc4e16e5b Mon Sep 17 00:00:00 2001 From: Johannes Bildstein Date: Fri, 24 Mar 2017 19:54:37 +0100 Subject: [PATCH] secure writing strings against invalid parameters --- .../DataWriter/IccDataWriter.Primitives.cs | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/ImageSharp/MetaData/Profiles/ICC/DataWriter/IccDataWriter.Primitives.cs b/src/ImageSharp/MetaData/Profiles/ICC/DataWriter/IccDataWriter.Primitives.cs index 509413f80..92120d0ac 100644 --- a/src/ImageSharp/MetaData/Profiles/ICC/DataWriter/IccDataWriter.Primitives.cs +++ b/src/ImageSharp/MetaData/Profiles/ICC/DataWriter/IccDataWriter.Primitives.cs @@ -175,6 +175,11 @@ namespace ImageSharp /// the number of bytes written public int WriteAsciiString(string value) { + if (string.IsNullOrEmpty(value)) + { + return 0; + } + byte[] data = AsciiEncoding.GetBytes(value); this.dataStream.Write(data, 0, data.Length); return data.Length; @@ -189,6 +194,18 @@ namespace ImageSharp /// the number of bytes written public int WriteAsciiString(string value, int length, char paddingChar) { + if (length == 0) + { + return 0; + } + + Guard.MustBeGreaterThan(length, 0, nameof(length)); + + if (value == null) + { + value = string.Empty; + } + value = value.Substring(0, Math.Min(length - 1, value.Length)); byte[] textData = AsciiEncoding.GetBytes(value); @@ -209,6 +226,11 @@ namespace ImageSharp /// the number of bytes written public int WriteUnicodeString(string value) { + if (string.IsNullOrEmpty(value)) + { + return 0; + } + byte[] data = Encoding.BigEndianUnicode.GetBytes(value); this.dataStream.Write(data, 0, data.Length); return data.Length;