[gimp/gimp-2-8] Bug 676804 - file handling DoS for fit file format

[Michael Natterer <mitch src gnome org>]

commit 0474376d234bc3d0901fd5e86f89d778a6473dd8
Author: Michael Natterer <mitch gimp org>
Date:   Wed Jun 6 21:21:10 2012 +0200

    Bug 676804 - file handling DoS for fit file format
    
    Apply patch from joe reactionis co uk which fixes a buffer overflow on
    broken/malicious fits files.
    (cherry picked from commit ace45631595e8781a1420842582d67160097163c)

 plug-ins/file-fits/fits-io.c |   16 ++++++++++++----
 1 files changed, 12 insertions(+), 4 deletions(-)
---
diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c
index 03d9652..ed77318 100644
--- a/plug-ins/file-fits/fits-io.c
+++ b/plug-ins/file-fits/fits-io.c
@@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr,
  hdulist->used.simple = (strncmp (hdr->data, "SIMPLE  ", 8) == 0);
  hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0);
  if (hdulist->used.xtension)
- {
-   fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
-   strcpy (hdulist->xtension, fdat->fstring);
- }
+   {
+     fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
+     if (fdat != NULL)
+       {
+         strcpy (hdulist->xtension, fdat->fstring);
+       }
+     else
+       {
+         strcpy (errmsg, "No valid XTENSION header found.");
+         goto err_return;
+       }
+   }
 
  FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong);
  hdulist->naxis = fdat->flong;