callisto-debian/gimp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

validate size values read from files before using them to allocate memory.

Browse Source 
2007-07-06  Mukund Sivaraman  <muks@mukund.org>

        * plug-ins/common/psd-load.c: validate size values read from files
        before using them to allocate memory.


svn path=/trunk/; revision=22883
This commit is contained in:
Mukund Sivaraman
2007-07-06 08:44:21 +00:00
committed by Mukund Sivaraman
parent 52e636eed9
commit 16970ab4f0
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,3 +1,8 @@
2007-07-06 Mukund Sivaraman <muks@mukund.org>
* plug-ins/common/psd-load.c: validate size values read from files
before using them to allocate memory.
2007-07-05 Sven Neumann <sven@gimp.org>
* plug-ins/common/displace.c: applied patch from Ulf-D. Ehlert

28
plug-ins/common/psd-load.c
View File

@ -1047,6 +1047,17 @@ do_layer_record (FILE *fd,
layer->width = right - left;
layer->height = bottom - top;
if ((layer->height > GIMP_MAX_IMAGE_SIZE) ||
(layer->width > GIMP_MAX_IMAGE_SIZE))
{
g_error ("Input file has a larger layer size than GIMP can handle.");
}
if (layer->width > (G_MAXUINT / layer->height))
{
g_error ("Input file has a larger layer size than GIMP can handle.");
}
IFDBG printf("\t\t\t\tLayer extents: (%d,%d) -> (%d,%d)\n",
left,top,right,bottom);
@ -1167,6 +1178,17 @@ do_layer_record (FILE *fd,
layer->lm_width = right - left;
layer->lm_height = bottom - top;
if ((layer->lm_height > GIMP_MAX_IMAGE_SIZE) ||
(layer->lm_width > GIMP_MAX_IMAGE_SIZE))
{
g_error ("Input file has a larger layer mask size than GIMP can handle.");
}
if (layer->lm_width > (G_MAXUINT / layer->lm_height))
{
g_error ("Input file has a larger layer mask size than GIMP can handle.");
}
color = getguchar(fd, "lmask color");
flags = getguchar(fd, "lmask flags");
@ -3213,6 +3235,12 @@ read_whole_file (FILE *fd, const gchar *filename)
gimp_filename_to_utf8 (filename));
}
if (PSDheader.columns > (G_MAXUINT / PSDheader.rows))
{
g_error ("'%s' has a larger image size than GIMP can handle.",
gimp_filename_to_utf8 (filename));
}
PSDheader.bpp = getgint16 (fd, "depth");
PSDheader.mode = getgint16 (fd, "mode");