[gimp] app: fix #6436 *.gih grayscale export crashes GIMP

[Jacob Boerema <jboerema src gnome org>]

commit e2b1cc9476e85067ceaa97fef141fe9e2a1b9c11
Author: Jacob Boerema <jgboerema gmail com>
Date:   Mon Nov 8 17:10:21 2021 -0500

    app: fix #6436 *.gih grayscale export crashes GIMP
    
    When we try to export a grayscale image with layers with negative offsets
    to a GIH brush GIMP crashes without producing any crashlog.
    Running in GDB showed us that there is heap corruption caused by incorrect
    computation of buffer sizes because of the negative offsets.
    
    In file_gih_image_to_pipe there is a comment that offsets are assumed
    positive, but no checking is done whether that is correct.
    Let's add some checks, set offset to 0 if negative and adjust width and
    height accordingly.

 app/file-data/file-data-gih.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
---
diff --git a/app/file-data/file-data-gih.c b/app/file-data/file-data-gih.c
index 3b025d62ef..0da36c6569 100644
--- a/app/file-data/file-data-gih.c
+++ b/app/file-data/file-data-gih.c
@@ -284,6 +284,24 @@ file_gih_image_to_pipe (GimpImage   *image,
 
       gimp_item_get_offset (GIMP_ITEM (layer), &offset_x, &offset_y);
 
+      /* Since we assume positive layer offsets we need to make sure this
+       * is always the case or we will crash for grayscale layers.
+       * See issue #6436. */
+      if (offset_x < 0)
+        {
+          g_warning (_("Negative x offset: %d for layer %s corrected."),
+                     offset_x, gimp_object_get_name (layer));
+          width += offset_x;
+          offset_x = 0;
+        }
+      if (offset_y < 0)
+        {
+          g_warning (_("Negative y offset: %d for layer %s corrected."),
+                     offset_y, gimp_object_get_name (layer));
+          height += offset_y;
+          offset_y = 0;
+        }
+
       for (row = 0; row < params.rows; row++)
         {
           gint y, ynext;