[gimp] Issue #4605 - Invalid abr brush crashes GIMP

From: Ell <ell src gnome org>
To: commits-list gnome org
Cc:
Subject: [gimp] Issue #4605 - Invalid abr brush crashes GIMP
Date: Tue, 11 Feb 2020 16:02:19 +0000 (UTC)

commit 52cb2edd9e7cdfd376f39c35620df34cfbf75f5b
Author: Ell <ell_se yahoo com>
Date:   Tue Feb 11 17:44:43 2020 +0200

    Issue #4605 - Invalid abr brush crashes GIMP
    
    When loading ABR brushes, error out on negative scan-line lengths,
    instead of trying to allocate a huge buffer.  This entire code
    could use a whole lot more unsignedness, but this should cover the
    crash.

 app/core/gimpbrush-load.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
---
diff --git a/app/core/gimpbrush-load.c b/app/core/gimpbrush-load.c
index 8fa0f494ba..0076f0b98e 100644
--- a/app/core/gimpbrush-load.c
+++ b/app/core/gimpbrush-load.c
@@ -1131,7 +1131,7 @@ abr_rle_decode (GDataInputStream  *input,
   for (i = 0; i < height; i++)
     {
       cscanline_len[i] = abr_read_short (input, error);
-      if (error && *error)
+      if ((error && *error) || cscanline_len[i] <= 0)
         goto err;
     }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]