[gimp] Validate XCF string length



commit 4855d433b08eb483b7c94a4c9ecfd80acce9b553
Author: Mukund Sivaraman <muks banu com>
Date:   Sat Oct 16 04:04:26 2010 +0530

    Validate XCF string length
    
    This patch limits the string length to 16 MB. If problems occur in the
    future because 16 MB is small, increase the limit by modifying
    MAX_XCF_STRING_LEN.

 app/xcf/xcf-read.c |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/app/xcf/xcf-read.c b/app/xcf/xcf-read.c
index 9d87f40..4e4ab3a 100644
--- a/app/xcf/xcf-read.c
+++ b/app/xcf/xcf-read.c
@@ -27,6 +27,7 @@
 
 #include "gimp-intl.h"
 
+#define MAX_XCF_STRING_LEN (16 * (1L << 20)) /* 16 MB */
 
 guint
 xcf_read_int32 (FILE    *fp,
@@ -94,7 +95,13 @@ xcf_read_string (FILE   *fp,
 
       total += xcf_read_int32 (fp, &tmp, 1);
 
-      if (tmp > 0)
+      if (tmp > MAX_XCF_STRING_LEN)
+        {
+          g_warning ("Maximum string length (%ld bytes) exceeded."
+                     " Possibly corrupt XCF file.", MAX_XCF_STRING_LEN);
+          data[i] = NULL;
+        }
+      else if (tmp > 0)
         {
           gchar *str;
 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]