[gimp] app: check max dimensions when loading xcf files

[Jacob Boerema <jboerema src gnome org>]

commit 24c962b95e5c740dff7a87a1f0ccdbf6c0a8c21e
Author: Jacob Boerema <jgboerema gmail com>
Date:   Sun Jun 5 16:48:10 2022 -0400

    app: check max dimensions when loading xcf files
    
    Improvements in loading broken xcf files, based on examining issue #8230.
    Besides checking for a minimum width and height, GIMP also has a maximum
    size we can and should check.
    
    In the case of the image itself, we change invalid dimensions to a size of
    1 in hope that the individual layers etc will have the correct size.
    For layer, we will also try to go on, but for channel and layer mask, we
    will give up.

 app/xcf/xcf-load.c | 36 +++++++++++++++++++++++++++++-------
 1 file changed, 29 insertions(+), 7 deletions(-)
---
diff --git a/app/xcf/xcf-load.c b/app/xcf/xcf-load.c
index 67bc766390..7ef984273c 100644
--- a/app/xcf/xcf-load.c
+++ b/app/xcf/xcf-load.c
@@ -184,10 +184,19 @@ xcf_load_image (Gimp     *gimp,
   xcf_read_int32 (info, (guint32 *) &width, 1);
   xcf_read_int32 (info, (guint32 *) &height, 1);
   xcf_read_int32 (info, (guint32 *) &image_type, 1);
-  if (image_type < GIMP_RGB || image_type > GIMP_INDEXED ||
-      width <= 0 || height <= 0)
+  if (image_type < GIMP_RGB || image_type > GIMP_INDEXED)
     goto hard_error;
 
+  /* Be lenient with corrupt image dimensions.
+   * Hopefully layer dimensions will be valid. */
+  if (width <= 0 || height <= 0 ||
+      width > GIMP_MAX_IMAGE_SIZE || height > GIMP_MAX_IMAGE_SIZE)
+    {
+      GIMP_LOG (XCF, "Invalid image size %d x %d, setting to 1x1.", width, height);
+      width  = 1;
+      height = 1;
+    }
+
   if (info->file_version >= 4)
     {
       gint p;
@@ -2186,7 +2195,8 @@ xcf_load_layer (XcfInfo    *info,
       return NULL;
     }
 
-  if (width <= 0 || height <= 0)
+  if (width <= 0 || height <= 0 ||
+      width > GIMP_MAX_IMAGE_SIZE || height > GIMP_MAX_IMAGE_SIZE)
     {
       gboolean is_group_layer = FALSE;
       gboolean is_text_layer  = FALSE;
@@ -2372,10 +2382,16 @@ xcf_load_channel (XcfInfo   *info,
   /* read in the layer width, height and name */
   xcf_read_int32 (info, (guint32 *) &width,  1);
   xcf_read_int32 (info, (guint32 *) &height, 1);
-  if (width <= 0 || height <= 0)
-    return NULL;
+  if (width <= 0 || height <= 0 ||
+      width > GIMP_MAX_IMAGE_SIZE || height > GIMP_MAX_IMAGE_SIZE)
+    {
+      GIMP_LOG (XCF, "Invalid channel size %d x %d.", width, height);
+      return NULL;
+    }
 
   xcf_read_string (info, &name, 1);
+  GIMP_LOG (XCF, "Channel width=%d, height=%d, name='%s'",
+            width, height, name);
 
   /* create a new channel */
   channel = gimp_channel_new (image, width, height, name, &color);
@@ -2451,10 +2467,16 @@ xcf_load_layer_mask (XcfInfo   *info,
   /* read in the layer width, height and name */
   xcf_read_int32 (info, (guint32 *) &width,  1);
   xcf_read_int32 (info, (guint32 *) &height, 1);
-  if (width <= 0 || height <= 0)
-    return NULL;
+  if (width <= 0 || height <= 0 ||
+      width > GIMP_MAX_IMAGE_SIZE || height > GIMP_MAX_IMAGE_SIZE)
+    {
+      GIMP_LOG (XCF, "Invalid layer mask size %d x %d.", width, height);
+      return NULL;
+    }
 
   xcf_read_string (info, &name, 1);
+  GIMP_LOG (XCF, "Layer mask width=%d, height=%d, name='%s'",
+            width, height, name);
 
   /* create a new layer mask */
   layer_mask = gimp_layer_mask_new (image, width, height, name, &color);