[gimp/gimp-2-8] file-xwd: sanity check colormap size (CVE-2013-1913)

[Nils Philippsen <nphilipp src gnome org>]

commit 7f2322e4ced8ba393abc5a0aa15a607f340f0db8
Author: Nils Philippsen <nils redhat com>
Date:   Thu Nov 14 14:29:01 2013 +0100

    file-xwd: sanity check colormap size (CVE-2013-1913)
    
    (cherry picked from commit 32ae0f83e5748299641cceaabe3f80f1b3afd03e)

 plug-ins/common/file-xwd.c |   11 +++++++++++
 1 files changed, 11 insertions(+), 0 deletions(-)
---
diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c
index 3240f7e..2625f69 100644
--- a/plug-ins/common/file-xwd.c
+++ b/plug-ins/common/file-xwd.c
@@ -461,6 +461,17 @@ load_image (const gchar  *filename,
   /* Position to start of XWDColor structures */
   fseek (ifp, (long)xwdhdr.l_header_size, SEEK_SET);
 
+  /* Guard against insanely huge color maps -- gimp_image_set_colormap() only
+   * accepts colormaps with 0..256 colors anyway. */
+  if (xwdhdr.l_colormap_entries > 256)
+    {
+      g_message (_("'%s':\nIllegal number of colormap entries: %ld"),
+                 gimp_filename_to_utf8 (filename),
+                 (long)xwdhdr.l_colormap_entries);
+      fclose (ifp);
+      return -1;
+    }
+
   if (xwdhdr.l_colormap_entries > 0)
     {
       xwdcolmap = g_new (L_XWDCOLOR, xwdhdr.l_colormap_entries);