[gimp/gimp-2-6] GBR: more input data sanitation
- From: Nils Philippsen <nphilipp src gnome org>
- To: svn-commits-list gnome org
- Cc:
- Subject: [gimp/gimp-2-6] GBR: more input data sanitation
- Date: Thu, 10 Dec 2009 12:07:15 +0000 (UTC)
commit aecccbc62cdb0e0a287502fbf34b98e2371b69b4
Author: Nils Philippsen <nils redhat com>
Date: Tue Dec 8 16:36:10 2009 +0100
GBR: more input data sanitation
Guard against bh.width or bh.height > GIMP_MAX_IMAGE_SIZE, only allow
valid values of bh.bytes.
(cherry picked from commit b053021a2938d5967edfc966470bfac9257fc03a)
plug-ins/common/file-gbr.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
---
diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c
index 98cd314..ceaaf6f 100644
--- a/plug-ins/common/file-gbr.c
+++ b/plug-ins/common/file-gbr.c
@@ -382,7 +382,10 @@ load_image (const gchar *filename,
bh.spacing = g_ntohl (bh.spacing);
/* Sanitize values */
- if ((bh.width == 0) || (bh.height == 0) || (bh.bytes == 0) ||
+ if ((bh.width == 0) || (bh.width > GIMP_MAX_IMAGE_SIZE) ||
+ (bh.height == 0) || (bh.height > GIMP_MAX_IMAGE_SIZE) ||
+ ((bh.bytes != 1) && (bh.bytes != 2) && (bh.bytes != 4) &&
+ (bh.bytes != 18)) ||
(G_MAXSIZE / bh.width / bh.height / bh.bytes < 1))
{
g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
