validate size values read from files before using them to allocate memory.
2007-07-04 Mukund Sivaraman <muks@mukund.org> * plug-ins/common/dicom.c: validate size values read from files before using them to allocate memory. svn path=/trunk/; revision=22862
This commit is contained in:
Mukund Sivaraman
committed by
Mukund Sivaraman
Mukund Sivaraman
parent
62dbf9e330
commit
12f9898386
@ -1,3 +1,8 @@
|
|||||||
|
2007-07-04 Mukund Sivaraman <muks@mukund.org>
|
||||||
|
|
||||||
|
* plug-ins/common/dicom.c: validate size values read from files
|
||||||
|
before using them to allocate memory.
|
||||||
|
|
||||||
2007-07-04 Sven Neumann <sven@gimp.org>
|
2007-07-04 Sven Neumann <sven@gimp.org>
|
||||||
|
|
||||||
* app/paint/gimpbrushcore.[ch]: applied patch from Jens Persson
|
* app/paint/gimpbrushcore.[ch]: applied patch from Jens Persson
|
||||||
|
|||||||
@ -49,7 +49,7 @@
|
|||||||
/* Declare local data types */
|
/* Declare local data types */
|
||||||
typedef struct _DicomInfo
|
typedef struct _DicomInfo
|
||||||
{
|
{
|
||||||
gint width, height; /* The size of the image */
|
guint width, height; /* The size of the image */
|
||||||
gint maxval; /* For 16 and 24 bit image files, the max
|
gint maxval; /* For 16 and 24 bit image files, the max
|
||||||
value which we need to normalize to */
|
value which we need to normalize to */
|
||||||
gint samples_per_pixel; /* Number of image planes (0 for pbm) */
|
gint samples_per_pixel; /* Number of image planes (0 for pbm) */
|
||||||
@ -281,8 +281,8 @@ load_image (const gchar *filename)
|
|||||||
FILE *DICOM;
|
FILE *DICOM;
|
||||||
gchar buf[500]; /* buffer for random things like scanning */
|
gchar buf[500]; /* buffer for random things like scanning */
|
||||||
DicomInfo *dicominfo;
|
DicomInfo *dicominfo;
|
||||||
gint width = 0;
|
guint width = 0;
|
||||||
gint height = 0;
|
guint height = 0;
|
||||||
gint samples_per_pixel = 0;
|
gint samples_per_pixel = 0;
|
||||||
gint bpp = 0;
|
gint bpp = 0;
|
||||||
guint8 *pix_buf = NULL;
|
guint8 *pix_buf = NULL;
|
||||||
@ -410,6 +410,15 @@ load_image (const gchar *filename)
|
|||||||
if (tag == 0xFFFEE000)
|
if (tag == 0xFFFEE000)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
/* Even for pixel data, we don't handle very large element
|
||||||
|
lengths */
|
||||||
|
|
||||||
|
if (element_length >= (G_MAXUINT - 6))
|
||||||
|
{
|
||||||
|
g_error ("'%s' seems to have an incorrect value field length.",
|
||||||
|
gimp_filename_to_utf8 (filename));
|
||||||
|
}
|
||||||
|
|
||||||
/* Read contents. Allocate a bit more to make room for casts to int
|
/* Read contents. Allocate a bit more to make room for casts to int
|
||||||
below. */
|
below. */
|
||||||
value = g_new0 (guint8, element_length + 4);
|
value = g_new0 (guint8, element_length + 4);
|
||||||
@ -470,6 +479,12 @@ load_image (const gchar *filename)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ((width > GIMP_MAX_IMAGE_SIZE) || (height > GIMP_MAX_IMAGE_SIZE))
|
||||||
|
{
|
||||||
|
g_error ("'%s' has a larger image size than GIMP can handle.",
|
||||||
|
gimp_filename_to_utf8 (filename));
|
||||||
|
}
|
||||||
|
|
||||||
dicominfo->width = width;
|
dicominfo->width = width;
|
||||||
dicominfo->height = height;
|
dicominfo->height = height;
|
||||||
dicominfo->bpp = bpp;
|
dicominfo->bpp = bpp;
|
||||||
|
|||||||
Reference in New Issue
Block a user