[gimp] Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer overflow...

[Jehan Pagès <jehanp src gnome org>]

commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8
Author: Jehan <jehan girinstud io>
Date:   Wed Dec 20 16:44:20 2017 +0100

    Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer overflow...
    
    ... in PSP importer.
    Check if declared block length is valid (i.e. within the actual file)
    before going further.
    Consider the file as broken otherwise and fail loading it.

 plug-ins/common/file-psp.c |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)
---
diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
index d975e13..c25bece 100644
--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
@@ -1792,6 +1792,15 @@ load_image (const gchar  *filename,
     {
       block_start = ftell (f);
 
+      if (block_start + block_total_len > st.st_size)
+        {
+          g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+                       _("Could not open '%s' for reading: %s"),
+                       gimp_filename_to_utf8 (filename),
+                       _("invalid block size"));
+          goto error;
+        }
+
       if (id == PSP_IMAGE_BLOCK)
         {
           if (block_number != 0)