[gimp/gimp-2-6] file-xwd: sanity check colormap size (CVE-2013-1913)



commit 624306cb84fe08c57f7a927da0333eb04cea001d
Author: Nils Philippsen <nils redhat com>
Date:   Thu Nov 14 14:29:01 2013 +0100

    file-xwd: sanity check colormap size (CVE-2013-1913)
    
    (cherry picked from commit 3997c7188a71dc8fc4c6a7513061180cbbd3590e)

 plug-ins/common/file-xwd.c |   11 +++++++++++
 1 files changed, 11 insertions(+), 0 deletions(-)
---
diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c
index e4866a6..e7447a2 100644
--- a/plug-ins/common/file-xwd.c
+++ b/plug-ins/common/file-xwd.c
@@ -459,6 +459,17 @@ load_image (const gchar  *filename,
   /* Position to start of XWDColor structures */
   fseek (ifp, (long)xwdhdr.l_header_size, SEEK_SET);
 
+  /* Guard against insanely huge color maps -- gimp_image_set_colormap() only
+   * accepts colormaps with 0..256 colors anyway. */
+  if (xwdhdr.l_colormap_entries > 256)
+    {
+      g_message (_("'%s':\nIllegal number of colormap entries: %ld"),
+                 gimp_filename_to_utf8 (filename),
+                 (long)xwdhdr.l_colormap_entries);
+      fclose (ifp);
+      return -1;
+    }
+
   if (xwdhdr.l_colormap_entries > 0)
     {
       xwdcolmap = g_new (L_XWDCOLOR, xwdhdr.l_colormap_entries);


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]