[gimp] plug-ins: fix GIMP becoming unresponsive due to corrupt image



commit 18d466df7fb601f93663b700d1b411b2310bed53
Author: Jacob Boerema <jgboerema gmail com>
Date:   Mon Aug 22 19:05:22 2022 -0400

    plug-ins: fix GIMP becoming unresponsive due to corrupt image
    
    Image m2-d0f86ab189cbe900ec389ca6d7464713.tif from the imagetestsuite
    is a fuzzed image with an invalid very high number for the channel count.
    
    This causes GIMP to become unresponsive for a very long time. Possibly
    trying to allocate memory for all channels or another cause related to
    the high number of channels.
    
    Let's go for a more "reasonable" limit of 99 channels like we also do
    for Photoshop images and show a message when we find an image with more
    channels.

 plug-ins/file-tiff/file-tiff-load.c | 11 +++++++++++
 1 file changed, 11 insertions(+)
---
diff --git a/plug-ins/file-tiff/file-tiff-load.c b/plug-ins/file-tiff/file-tiff-load.c
index bc57cfc6c9..5a1caa7ef6 100644
--- a/plug-ins/file-tiff/file-tiff-load.c
+++ b/plug-ins/file-tiff/file-tiff-load.c
@@ -1508,6 +1508,17 @@ load_image (GFile        *file,
       else
         load_paths (tif, *image, cols, rows, 0, 0);
 
+      if (extra > 99)
+        {
+          /* Validate number of channels to the same maximum as we use for
+           * Photoshop. A higher number most likely means a corrupt image
+           * and can cause GIMP to become unresponsive and/or stuck.
+           * See m2-d0f86ab189cbe900ec389ca6d7464713.tif from imagetestsuite
+           */
+          g_message (_("Suspicious number of extra channels: %d. Possibly corrupt image."), extra);
+          extra = 99;
+        }
+
       /* Allocate ChannelData for all channels, even the background layer */
       channel = g_new0 (ChannelData, extra + 1);
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]