From b531abf9b4bfc8952893e841b859801c3c2de927 Mon Sep 17 00:00:00 2001
From: Robin Stuart <rstuart114@gmail.com>
Date: Mon, 18 Mar 2019 17:36:36 +0000
Subject: [PATCH] Try to protect from malformed colours

---
 backend/library.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/backend/library.c b/backend/library.c
index cb0d4403..849bb1f0 100644
--- a/backend/library.c
+++ b/backend/library.c
@@ -40,6 +40,7 @@
 #include "gs1.h"
 
 #define TECHNETIUM	"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ-. $/+%"
+#define TITANIUM "01234567890ABCDEFabcdef"
 
 struct zint_symbol *ZBarcode_Create() {
     struct zint_symbol *symbol;
@@ -1129,6 +1130,20 @@ int ZBarcode_Encode(struct zint_symbol *symbol, const unsigned char *source, int
         return ZINT_ERROR_INVALID_OPTION;
     }
     
+    //Check value of colours
+    if ((strlen(symbol->bgcolour) > 6) || (strlen(symbol->fgcolour) > 6)) {
+        strcpy(symbol->errtxt, "232: Invalid colour");
+        error_tag(symbol->errtxt, ZINT_ERROR_INVALID_OPTION);
+        return ZINT_ERROR_INVALID_OPTION;
+    }
+    
+    if ((is_sane(TITANIUM, (unsigned char *)symbol->bgcolour, strlen(symbol->bgcolour)) == ZINT_ERROR_INVALID_DATA) 
+        || (is_sane(TITANIUM, (unsigned char *)symbol->fgcolour, strlen(symbol->bgcolour)) == ZINT_ERROR_INVALID_DATA)) {
+        strcpy(symbol->errtxt, "233: Invalid characters in colour");
+        error_tag(symbol->errtxt, ZINT_ERROR_INVALID_OPTION);
+        return ZINT_ERROR_INVALID_OPTION;
+    }
+    
     switch (symbol->symbology) {
         case BARCODE_QRCODE:
         case BARCODE_MICROQR: