gimp r26888 - in trunk: . plug-ins/file-psd

From: martinn svn gnome org
To: svn-commits-list gnome org
Subject: gimp r26888 - in trunk: . plug-ins/file-psd
Date: Sat, 6 Sep 2008 15:10:40 +0000 (UTC)

Author: martinn
Date: Sat Sep  6 15:10:40 2008
New Revision: 26888
URL: http://svn.gnome.org/viewvc/gimp?rev=26888&view=rev

Log:
Bug 544939 â PSD Plugin crash (maybe only PSD files created by
Paintshop Pro)

* plug-ins/file-psd/psd-load.c (add_layers): Fix integer underflow
and only attempt to read channel data if there is any channel
data.


Modified:
   trunk/ChangeLog
   trunk/plug-ins/file-psd/psd-load.c

Modified: trunk/plug-ins/file-psd/psd-load.c
==============================================================================
--- trunk/plug-ins/file-psd/psd-load.c	(original)
+++ trunk/plug-ins/file-psd/psd-load.c	Sat Sep  6 15:10:40 2008
@@ -35,6 +35,10 @@
 
 #include "libgimp/stdplugins-intl.h"
 
+
+#define COMP_MODE_SIZE sizeof(guint16)
+
+
 /*  Local function prototypes  */
 static gint             read_header_block          (PSDimage     *img_a,
                                                     FILE         *f,
@@ -958,7 +962,6 @@
 {
   PSDchannel          **lyr_chn;
   guchar               *pixels;
-  guint16               comp_mode;
   guint16               alpha_chn;
   guint16               user_mask_chn;
   guint16               layer_channels;
@@ -1089,16 +1092,21 @@
                                 lyr_chn[cidx]->columns,
                                 lyr_chn[cidx]->rows);
 
-              if (fread (&comp_mode, 2, 1, f) < 1)
+              /* Only read channel data if there is more data than
+               * what compression method that is used
+               */
+              if (lyr_a[lidx]->chn_info[cidx].data_len > COMP_MODE_SIZE)
                 {
-                  psd_set_error (feof (f), errno, error);
-                  return -1;
-                }
-              comp_mode = GUINT16_FROM_BE (comp_mode);
-              IFDBG(3) g_debug ("Compression mode: %d", comp_mode);
+                  guint16 comp_mode;
+
+                  if (fread (&comp_mode, COMP_MODE_SIZE, 1, f) < 1)
+                    {
+                      psd_set_error (feof (f), errno, error);
+                      return -1;
+                    }
+                  comp_mode = GUINT16_FROM_BE (comp_mode);
+                  IFDBG(3) g_debug ("Compression mode: %d", comp_mode);
 
-              if (lyr_a[lidx]->chn_info[cidx].data_len - 2 > 0)
-                {
                   switch (comp_mode)
                     {
                       case PSD_COMP_RAW:        /* Planar raw data */

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]