Introduce GIMP_PATTERN_MAX_SIZE (10000) and GIMP_PATTERN_MAX_NAME (256)
and validate pattern dimensions and pattern name length against them.
Add GIMP_BRUSH_MAX_NAME and validate that too.
Also make sure that the names are properly terminated, and some
cleanup.
GIMP_BRUSH_MAX_SIZE was already defined (as 10.000 pixels per dimension,
which is big for a brush) in gimpbrush.h. Let's just use this to
validate the size returned by the header.
Fix the crashes from the third zip:
- forgot to guard the other writing place in the RLE decoder
- one byte after the buffer is still one byte too much
- protect against seeking to bogus offsets
Add brush dimension/depth/compression sanity checks for v6 brushes,
and make sure we don't overrun the RLE decoder's destination buffer.
This properly rejects all brushes from the second zip in the bug.
...in brushes user directory
Consider 8bim section size unsigned, to avoid seeking backward when a
malicious brush includes an 8bim section unknown to GIMP.
This avoids the possibility to start an infinite loop on GIMP start.
Found just a water drop in the ocean, GIMP is still not secure.
Mitch: Added more sanity checks on the Abr's width/height/bytes so now
all brushes in the zip attached to the bug are properly rejected
instead of crashing GIMP.
The file formats GBR and PAT contain names which are supposed to be
NUL-terminated within the files. If no such terminating NUL byte
exists, the parsers of GBR and PAT trigger an out of boundary read
during utf-8 conversion.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
The obsolete .gbp format had a 3-byte pattern following a 1-byte
brush, when embedded in a brush pipe, the current code tries to load
that pattern as a brush, and encounters the '3' in the header. Detect
that and suggest to re-save the file because the plug-in still loads
the legacy format.
- don't include <gdk-pixbuf/gdk-pixbuf.h> in headers in app/
- instead, include it in many .c files instead of <glib-object.h>,
finally acknowledging the fact that app/ depends on gdk-pixbuf almost
globally
- fix up includes as if libgimpbase depended in GIO, which it soon will
Fix the places that passed the color by either temp_buf_data_clear()
or memset(), and assign x and y manually, they are going to vanish
completely soon.
2009-01-17 Michael Natterer <mitch@gimp.org>
* all files with a GPL header and all COPYING files:
Change licence to GPLv3 (and to LGPLv3 for libgimp).
Cleaned up some copyright headers and regenerated the parsers in
the ImageMap plugin.
svn path=/trunk/; revision=27913
2007-06-04 Michael Natterer <mitch@gimp.org>
* app/core/gimpbrush-load.c: applied patch from Eric Lamarque
which adds support for ABR v6 brushes. Did some minor cleanups in
the patch, reordered functions and generally fixed error handling
of the ABR parsers. Fixes bug #377016.
svn path=/trunk/; revision=22699
2007-05-04 Sven Neumann <sven@gimp.org>
* app/core/gimpbrush-load.c: applied slightly modified patch from
Eric Lamarque that adds support for loading .abr v2 Photoshop
brushes (bug #435635).
svn path=/trunk/; revision=22411
2005-06-08 Sven Neumann <sven@gimp.org>
Removed "stingy-memory-use" all over the place. This feature was
really not that useful anymore. The GUI for the preference option
was already removed for GIMP 2.2. Fixes bug #306617.
* app/config/gimpbaseconfig.[ch]: set IGNORE flag on
"stingy-memory-use".
* app/config/gimpcoreconfig.h: added a comment that the
font_path_writable variable is unused.
* app/base/temp-buf.[ch]: removed code that used to deal with
swapping temp-bufs to disk.
* app/base/base.c: made base_config a static variable.
* app/core/gimpdata.[ch]
* app/core/gimpdatafactory.[ch]: removed stingy_memory_use
parameter from data construction methods.
* app/core/gimp-gradients.c
* app/core/gimpbrush-load.[ch]
* app/core/gimpbrush.[ch]
* app/core/gimpbrushgenerated.[ch]
* app/core/gimpbrushpipe.[ch]
* app/core/gimpcontext.c
* app/core/gimpgradient-load.[ch]
* app/core/gimpgradient.[ch]
* app/core/gimppalette-import.c
* app/core/gimppalette.[ch]
* app/core/gimppattern.[ch]: changed accordingly.
2005-05-26 Sven Neumann <sven@gimp.org>
* app/core/gimpdata.[ch]: added MIME type as a construct property
to GimpData.
* app/core/gimpbrush-load.c
* app/core/gimpbrushgenerated.c
* app/core/gimpbrushpipe.c
* app/core/gimpgradient-load.c
* app/core/gimppalette.c
* app/core/gimppattern.c: set the MIME type when loading a data
object from file. MIME types needs review and GimpPalette isn't
quite done yet...
* app/core/gimpdashpattern.c: cosmetics.
2005-04-15 Michael Natterer <mitch@gimp.org>
Added loading of Photoshop brushes. Fixes bug #163047:
* app/core/Makefile.am
* app/core/gimpbrush-load.[ch]: new files holding all brush
loading code. Added .abr loader based on a patch by Adrian
Likins. Didn't add a new brush subclass as in the original patch,
but only a loading function which loads the brushes into standard
GimpBrush objects. Did misc fixes to the code, needs further
cleanup.
* app/core/gimpbrush.[ch]: removed brush loading code here.
* app/core/gimpbrushpipe.c: changed #includes accordingly.
* app/core/gimp.c (gimp_real_initialize): register the new load
functions and their extensions with the brush factory.
* app/core/gimpbrush.c: don't ask for preview with
zero width or height, fixes bug #162232.
* app/base/brush-scale.c: remove tabs and trailing
whitespace.
2004-08-01 Simon Budig <simon@gimp.org>
* app/core/core-enums.h
* app/core/gimpbrushgenerated.[ch]: Implement three different
brush shapes for generated brushes.
* app/core/gimpbrush.c: changed accordingly.
* app/core/core-enums.c: regenerated.
* app/widgets/gimpbrusheditor.[ch]: Add toggles for the shape.
* themes/Default/images/stock-brush-generated-*-16.png: New stock
icons for the brush shapes.
* themes/Default/images/Makefile.am
* libgimpwidgets/gimpstock.[ch]: changed accordingly
untabified the files touched.
2004-07-26 Michael Natterer <mitch@gimp.org>
* app/core/gimpdatafactory.h: added "gboolean writable" to the
GimpDataFactoryLoaderEntry struct. Return a GList* instead of
GimpData* from GimpDataLoadFunc so it's possible to load more than
one data object from one file.
* app/core/gimpdatafactory.c (gimp_data_factory_load_data):
changed accordingly: add all items of the returned lists to the
data factory. Make the data object writable only if it's in the
writable path *and* its loader entry says it's a writable format
*and* the returned list contains exactly one element.
* app/core/gimp.c (gimp_real_initialize): declare all loader
entries as writable where we have code to read and write exactly
one object per file; all others are not writable.
* app/core/gimpbrush.[ch]
* app/core/gimpbrushgenerated.[ch]
* app/core/gimpbrushpipe.[ch]
* app/core/gimpgradient-load.[ch]
* app/core/gimppalette.[ch]
* app/core/gimppattern.[ch] (all load functions): return a list
containing the loaded object instead of the object itself.
2004-06-25 Michael Natterer <mitch@gimp.org>
* app/core/gimpbrushgenerated.[ch]: reordered parameters and
members to be consistent with other places where generated
brushes are used. Check for errors when loading a brush and
utf8-validate its name. Cleanup.
* app/core/gimpbrush.c
* app/core/gimpbrushpipe.c: cleanup.
2004-02-18 Michael Natterer <mitch@gimp.org>
Some code review:
* app/config/gimpconfig-deserialize.c
* app/config/gimpconfig-serialize.c: removed obsolete code which
made sure serialize_property()/deserialize_property() are only
called for properties of the correct class. We do it the right way
for quite a while now and clear the inherited function pointers in
gimp_config_iface_base_init().
* app/config/gimprc.c (gimp_rc_dispose): don't forget to chain up.
* app/base/gimplut.c
* app/base/lut-funcs.c
* app/config/gimpconfig-deserialize.c
* app/config/gimpconfig-serialize.c
* app/config/gimpconfig-types.c
* app/config/gimprc.c
* app/core/gimp-modules.c
* app/core/gimpbrush.c
* app/core/gimpcontainer.c
* app/core/gimpdocumentlist.c
* app/core/gimpitem.c
* app/gui/about-dialog.c
* app/gui/color-notebook.c
* app/gui/gui.c
* app/gui/tips-dialog.c
* app/paint/gimppaintcore.c
* app/paint-funcs/paint-funcs.c
* app/widgets/gimpcolorpanel.c
* app/widgets/gimpcontainergridview.c
* app/widgets/gimpcontainermenuimpl.c
* app/widgets/gimpselectioneditor.c: removed I/O includes from
files which don't use lowlevel APIs any more. Also removes
a whole bunch of G_OS_WIN32 special casing. Removed trailing
whitespace. Misc tiny cleanups.
2004-02-13 Michael Natterer <mitch@gimp.org>
Fixed GimpData's default "writable" and "deletable" behaviour:
* app/core/gimpdata.c (gimp_data_init): default to writable and
deletable == TRUE (something that has no filename was never loaded
from disk and can't be undeletable or read-only).
Fixes bug #134274.
* app/core/gimpdata.[ch]: added new function
gimp_data_make_internal() which frees the filename and sets the
data's flags accordingly.
* app/core/gimp-gradients.c (gimp_gradients_add_gradient)
* app/core/gimpbrush.c (gimp_brush_get_standard)
* app/core/gimpgradient.c (gimp_gradient_get_standard)
* app/core/gimppalette.c (gimp_palette_get_standard)
* app/core/gimppattern.c (gimp_pattern_get_standard): use the
new function for internal data objects.
* app/core/gimpdata.c (gimp_data_save, gimp_data_delete_from_disk)
* app/core/gimpdatafactory.c (gimp_data_factory_save_single):
bail out with g_return_if_fail() is the data is not writable
or deletable.
* app/widgets/gimpdataeditor.c
* app/widgets/gimpdatafactoryview.c: changed accordingly.
2004-01-29 Michael Natterer <mitch@gimp.org>
GimpData code review:
* app/core/gimpdata.c (gimp_data_init): default to
writable = FALSE and dirty = TRUE.
* app/core/gimpbrushgenerated.[ch]: added "const gchar *name" to
gimp_brush_generated_new().
* app/core/gimpbrush.c
* app/core/gimpbrushgenerated.c
* app/core/gimpbrushpipe.c
* app/core/gimpgradient.c
* app/core/gimppalette.c
* app/core/gimppattern.c: set all standard datas to clean and
internal, check for g_path_is_absolute() in all load functions,
pass the data's name as construct property to g_object_new()
instead of calling gimp_object_set_name() after creation, fixed
some UTF-8 handling, spacing, indentation, coding style, general
cleanup.
