[gimp/gimp-2-6] file-psp: fix overflow protection (CVE-2011-1782)

From: Nils Philippsen <nphilipp src gnome org>
To: commits-list gnome org
Cc:
Subject: [gimp/gimp-2-6] file-psp: fix overflow protection (CVE-2011-1782)
Date: Mon, 23 May 2011 14:00:48 +0000 (UTC)

commit a92328348e47a6386a713d60ef4220e666be8022
Author: Nils Philippsen <nils redhat com>
Date:   Fri May 13 17:08:02 2011 +0200

    file-psp: fix overflow protection (CVE-2011-1782)
    
    amends commit 48ec15890e1751dede061f6d1f469b6508c13439, related to
    CVE-2010-4543
    (cherry picked from commit f657361db04de69ce003328724c59e3f942d7d15)

 plug-ins/common/file-psp.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
index e281c41..4931c87 100644
--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
@@ -1246,7 +1246,7 @@ read_channel_data (FILE       *f,
             fread (buf, runcount, 1, f);
 
           /* prevent buffer overflow for bogus data */
-          runcount = MIN (runcount, endq - q);
+          runcount = MIN (runcount, (endq - q) / bytespp);
 
           if (bytespp == 1)
             {

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]