callisto-debian/gimp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

app: check max dimensions when loading xcf files

Browse Source 
Improvements in loading broken xcf files, based on examining issue #8230.
Besides checking for a minimum width and height, GIMP also has a maximum
size we can and should check.

In the case of the image itself, we change invalid dimensions to a size of
1 in hope that the individual layers etc will have the correct size.
For layer, we will also try to go on, but for channel and layer mask, we
will give up.
This commit is contained in:
Jacob Boerema
2022-06-05 16:48:10 -04:00
parent 22af0bcfe6
commit 24c962b95e
1 changed files with 29 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
app/xcf/xcf-load.c
View File

@ -184,10 +184,19 @@ xcf_load_image (Gimp *gimp,
xcf_read_int32 (info, (guint32 *) &width, 1); xcf_read_int32 (info, (guint32 *) &width, 1);
xcf_read_int32 (info, (guint32 *) &height, 1); xcf_read_int32 (info, (guint32 *) &height, 1);
xcf_read_int32 (info, (guint32 *) &image_type, 1); xcf_read_int32 (info, (guint32 *) &image_type, 1);
if (image_type < GIMP_RGB || image_type > GIMP_INDEXED || if (image_type < GIMP_RGB || image_type > GIMP_INDEXED)
width <= 0 || height <= 0)
goto hard_error; goto hard_error;
/* Be lenient with corrupt image dimensions.
* Hopefully layer dimensions will be valid. */
if (width <= 0 || height <= 0 ||
width > GIMP_MAX_IMAGE_SIZE || height > GIMP_MAX_IMAGE_SIZE)
{
GIMP_LOG (XCF, "Invalid image size %d x %d, setting to 1x1.", width, height);
width = 1;
height = 1;
}
if (info->file_version >= 4) if (info->file_version >= 4)
{ {
gint p; gint p;
@ -2186,7 +2195,8 @@ xcf_load_layer (XcfInfo *info,
return NULL; return NULL;
} }
if (width <= 0 || height <= 0) if (width <= 0 || height <= 0 ||
width > GIMP_MAX_IMAGE_SIZE || height > GIMP_MAX_IMAGE_SIZE)
{ {
gboolean is_group_layer = FALSE; gboolean is_group_layer = FALSE;
gboolean is_text_layer = FALSE; gboolean is_text_layer = FALSE;
@ -2372,10 +2382,16 @@ xcf_load_channel (XcfInfo *info,
/* read in the layer width, height and name */ /* read in the layer width, height and name */
xcf_read_int32 (info, (guint32 *) &width, 1); xcf_read_int32 (info, (guint32 *) &width, 1);
xcf_read_int32 (info, (guint32 *) &height, 1); xcf_read_int32 (info, (guint32 *) &height, 1);
if (width <= 0 || height <= 0) if (width <= 0 || height <= 0 ||
return NULL; width > GIMP_MAX_IMAGE_SIZE || height > GIMP_MAX_IMAGE_SIZE)
{
GIMP_LOG (XCF, "Invalid channel size %d x %d.", width, height);
return NULL;
}
xcf_read_string (info, &name, 1); xcf_read_string (info, &name, 1);
GIMP_LOG (XCF, "Channel width=%d, height=%d, name='%s'",
width, height, name);
/* create a new channel */ /* create a new channel */
channel = gimp_channel_new (image, width, height, name, &color); channel = gimp_channel_new (image, width, height, name, &color);
@ -2451,10 +2467,16 @@ xcf_load_layer_mask (XcfInfo *info,
/* read in the layer width, height and name */ /* read in the layer width, height and name */
xcf_read_int32 (info, (guint32 *) &width, 1); xcf_read_int32 (info, (guint32 *) &width, 1);
xcf_read_int32 (info, (guint32 *) &height, 1); xcf_read_int32 (info, (guint32 *) &height, 1);
if (width <= 0 || height <= 0) if (width <= 0 || height <= 0 ||
return NULL; width > GIMP_MAX_IMAGE_SIZE || height > GIMP_MAX_IMAGE_SIZE)
{
GIMP_LOG (XCF, "Invalid layer mask size %d x %d.", width, height);
return NULL;
}
xcf_read_string (info, &name, 1); xcf_read_string (info, &name, 1);
GIMP_LOG (XCF, "Layer mask width=%d, height=%d, name='%s'",
width, height, name);
/* create a new layer mask */ /* create a new layer mask */
layer_mask = gimp_layer_mask_new (image, width, height, name, &color); layer_mask = gimp_layer_mask_new (image, width, height, name, &color);