[gimp/gimp-2-6] SGI: sanitize input data



commit 611bad86d2c05743c67c5066fb3eb5bb89b12b50
Author: Nils Philippsen <nils redhat com>
Date:   Wed Dec 9 15:43:28 2009 +0100

    SGI: sanitize input data
    
    Refuse nonsensical xsize, ysize, zsize values.
    (cherry picked from commit daaf1d2b97c74271d9f8cc517f16b53d0089e094)

 plug-ins/file-sgi/sgi.c |   22 ++++++++++++++++++++++
 1 files changed, 22 insertions(+), 0 deletions(-)
---
diff --git a/plug-ins/file-sgi/sgi.c b/plug-ins/file-sgi/sgi.c
index 1186fb8..60f7832 100644
--- a/plug-ins/file-sgi/sgi.c
+++ b/plug-ins/file-sgi/sgi.c
@@ -335,6 +335,28 @@ load_image (const gchar  *filename,
    * Get the image dimensions and create the image...
    */
 
+  /* Sanitize dimensions */
+  if (sgip->xsize == 0 || sgip->xsize > GIMP_MAX_IMAGE_SIZE)
+    {
+      g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+              _("Invalid width: %hu"), sgip->xsize);
+      return -1;
+    }
+
+  if (sgip->ysize == 0 || sgip->ysize > GIMP_MAX_IMAGE_SIZE)
+    {
+      g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+              _("Invalid height: %hu"), sgip->ysize);
+      return -1;
+    }
+
+  if (sgip->zsize == 0 || sgip->zsize > GIMP_MAX_IMAGE_SIZE)
+    {
+      g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+              _("Invalid number of channels: %hu"), sgip->zsize);
+      return -1;
+    }
+
   bytes = sgip->zsize;
 
   switch (sgip->zsize)



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]