[gimp] file-psp: fix overflow protection (CVE-2011-1782)



commit f657361db04de69ce003328724c59e3f942d7d15
Author: Nils Philippsen <nils redhat com>
Date:   Fri May 13 17:08:02 2011 +0200

    file-psp: fix overflow protection (CVE-2011-1782)
    
    amends commit 48ec15890e1751dede061f6d1f469b6508c13439, related to
    CVE-2010-4543

 plug-ins/common/file-psp.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
index 7e620fb..9ae5395 100644
--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
@@ -1200,7 +1200,7 @@ read_channel_data (FILE       *f,
             fread (buf, runcount, 1, f);
 
           /* prevent buffer overflow for bogus data */
-          runcount = MIN (runcount, endq - q);
+          runcount = MIN (runcount, (endq - q) / bytespp);
 
           if (bytespp == 1)
             {



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]