[gimp/gimp-2-6] file-xwd: sanity check colormap size (CVE-2013-1913)
- From: Nils Philippsen <nphilipp src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gimp/gimp-2-6] file-xwd: sanity check colormap size (CVE-2013-1913)
- Date: Wed, 4 Dec 2013 10:03:21 +0000 (UTC)
commit 624306cb84fe08c57f7a927da0333eb04cea001d
Author: Nils Philippsen <nils redhat com>
Date: Thu Nov 14 14:29:01 2013 +0100
file-xwd: sanity check colormap size (CVE-2013-1913)
(cherry picked from commit 3997c7188a71dc8fc4c6a7513061180cbbd3590e)
plug-ins/common/file-xwd.c | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
---
diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c
index e4866a6..e7447a2 100644
--- a/plug-ins/common/file-xwd.c
+++ b/plug-ins/common/file-xwd.c
@@ -459,6 +459,17 @@ load_image (const gchar *filename,
/* Position to start of XWDColor structures */
fseek (ifp, (long)xwdhdr.l_header_size, SEEK_SET);
+ /* Guard against insanely huge color maps -- gimp_image_set_colormap() only
+ * accepts colormaps with 0..256 colors anyway. */
+ if (xwdhdr.l_colormap_entries > 256)
+ {
+ g_message (_("'%s':\nIllegal number of colormap entries: %ld"),
+ gimp_filename_to_utf8 (filename),
+ (long)xwdhdr.l_colormap_entries);
+ fclose (ifp);
+ return -1;
+ }
+
if (xwdhdr.l_colormap_entries > 0)
{
xwdcolmap = g_new (L_XWDCOLOR, xwdhdr.l_colormap_entries);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]