[gimp] Revert "Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / load_image."



commit ba759fbcfd3a2316f62cf3d5a9d0fb885314ceff
Author: Jehan <jehan girinstud io>
Date:   Thu Dec 21 22:14:39 2017 +0100

    Revert "Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / load_image."
    
    This reverts commit 06d24a79af94837d615d0024916bb95a01bf3c59.
    
    The CVE is still fixed but now in a different way. Commit 4fa0cd4dcf
    passes instead the accurate string length when using the string, hence
    making it work even when not NUL-terminated. This has the advantage of
    having the GBR file loaded in the end, despite such file format error. I
    am personally not persuaded this is the best path since a file with such
    an error may either be corrupted, or worse may have been constructed on
    purpose to be harmful, so rejecting it directly may be the safe choice.
    Nevertheless I may also be too doubtful and maybe trying to save a
    slightly corrupted file may be the nicest choice indeed.

 plug-ins/common/file-gbr.c |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)
---
diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c
index 46bc59f..dfa25ae 100644
--- a/plug-ins/common/file-gbr.c
+++ b/plug-ins/common/file-gbr.c
@@ -463,8 +463,7 @@ load_image (GFile   *file,
 
       if (! g_input_stream_read_all (input, temp, size,
                                      &bytes_read, NULL, error) ||
-          bytes_read != size                                   ||
-          temp[size - 1] != '\0')
+          bytes_read != size)
         {
           g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
                        _("Error in GIMP brush file '%s'"),


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]