Heap Overflow in colorAsString: method

[tatowilson]

bindingx/weex/ios/Sources/EBUtility+WX.m

Lines 253 to 259 in 872f11e

	+ (NSString *)colorAsString:(CGColorRef)cgColor {
	const CGFloat *components = CGColorGetComponents(cgColor);
	if (components) {
	return [NSString stringWithFormat:@"rgba(%d,%d,%d,%f)", (int)(components[0]*255), (int)(components[1]*255), (int)(components[2]*255), components[3]];
	}
	return nil;
	}

According to doc of CGColorGetComponents:

Return Value
An array of intensity values for the color components (including alpha) associated with the specified color. The size of the array is one more than the number of components of the color space for the color.

The size of the return array should not be assumed larger than or equal to 4, or it may lead to heap overflow.

There exists a function named CGColorGetNumberOfComponents, and its doc says:

Return Value
The number of color components (including alpha) associated with the specified color. This number is one more than the number of components of the color space for the color.

The size of the return array depends on the color space, which has different models defined in CGColorSpaceModel, and some model(eg. kCGColorSpaceModelMonochrome) has number of color components less than 4.