...format version 10.
Simply allow the parser to read version 10, seems to work
with the brushes in issue #2862.
(cherry picked from commit c39d8fde33)
Only seek back to after the end of the actual brush if a following
pattern was *not* found. Got this logic wrong in the original port of
the plug-in code.
(cherry picked from commit 40863bffdd)
gimp_brush_load_brush(): support legacy gpb brushes, and port a check
for gsize overflow what was added to the plug-in.
(cherry picked from commit 619f999280)
Introduce GIMP_PATTERN_MAX_SIZE (10000) and GIMP_PATTERN_MAX_NAME (256)
and validate pattern dimensions and pattern name length against them.
Add GIMP_BRUSH_MAX_NAME and validate that too.
Also make sure that the names are properly terminated, and some
cleanup.
(cherry picked from commit 9b56ca8c1d)
GIMP_BRUSH_MAX_SIZE was already defined (as 10.000 pixels per dimension,
which is big for a brush) in gimpbrush.h. Let's just use this to
validate the size returned by the header.
(cherry picked from commit b3de0bb7a5)
Fix the crashes from the third zip:
- forgot to guard the other writing place in the RLE decoder
- one byte after the buffer is still one byte too much
- protect against seeking to bogus offsets
Add brush dimension/depth/compression sanity checks for v6 brushes,
and make sure we don't overrun the RLE decoder's destination buffer.
This properly rejects all brushes from the second zip in the bug.
...in brushes user directory
Consider 8bim section size unsigned, to avoid seeking backward when a
malicious brush includes an 8bim section unknown to GIMP.
This avoids the possibility to start an infinite loop on GIMP start.
Found just a water drop in the ocean, GIMP is still not secure.
Mitch: Added more sanity checks on the Abr's width/height/bytes so now
all brushes in the zip attached to the bug are properly rejected
instead of crashing GIMP.
The file formats GBR and PAT contain names which are supposed to be
NUL-terminated within the files. If no such terminating NUL byte
exists, the parsers of GBR and PAT trigger an out of boundary read
during utf-8 conversion.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
The obsolete .gbp format had a 3-byte pattern following a 1-byte
brush, when embedded in a brush pipe, the current code tries to load
that pattern as a brush, and encounters the '3' in the header. Detect
that and suggest to re-save the file because the plug-in still loads
the legacy format.
- don't include <gdk-pixbuf/gdk-pixbuf.h> in headers in app/
- instead, include it in many .c files instead of <glib-object.h>,
finally acknowledging the fact that app/ depends on gdk-pixbuf almost
globally
- fix up includes as if libgimpbase depended in GIO, which it soon will
Fix the places that passed the color by either temp_buf_data_clear()
or memset(), and assign x and y manually, they are going to vanish
completely soon.
2009-01-17 Michael Natterer <mitch@gimp.org>
* all files with a GPL header and all COPYING files:
Change licence to GPLv3 (and to LGPLv3 for libgimp).
Cleaned up some copyright headers and regenerated the parsers in
the ImageMap plugin.
svn path=/trunk/; revision=27913
2007-06-04 Michael Natterer <mitch@gimp.org>
* app/core/gimpbrush-load.c: applied patch from Eric Lamarque
which adds support for ABR v6 brushes. Did some minor cleanups in
the patch, reordered functions and generally fixed error handling
of the ABR parsers. Fixes bug #377016.
svn path=/trunk/; revision=22699
2007-05-04 Sven Neumann <sven@gimp.org>
* app/core/gimpbrush-load.c: applied slightly modified patch from
Eric Lamarque that adds support for loading .abr v2 Photoshop
brushes (bug #435635).
svn path=/trunk/; revision=22411
2005-06-08 Sven Neumann <sven@gimp.org>
Removed "stingy-memory-use" all over the place. This feature was
really not that useful anymore. The GUI for the preference option
was already removed for GIMP 2.2. Fixes bug #306617.
* app/config/gimpbaseconfig.[ch]: set IGNORE flag on
"stingy-memory-use".
* app/config/gimpcoreconfig.h: added a comment that the
font_path_writable variable is unused.
* app/base/temp-buf.[ch]: removed code that used to deal with
swapping temp-bufs to disk.
* app/base/base.c: made base_config a static variable.
* app/core/gimpdata.[ch]
* app/core/gimpdatafactory.[ch]: removed stingy_memory_use
parameter from data construction methods.
* app/core/gimp-gradients.c
* app/core/gimpbrush-load.[ch]
* app/core/gimpbrush.[ch]
* app/core/gimpbrushgenerated.[ch]
* app/core/gimpbrushpipe.[ch]
* app/core/gimpcontext.c
* app/core/gimpgradient-load.[ch]
* app/core/gimpgradient.[ch]
* app/core/gimppalette-import.c
* app/core/gimppalette.[ch]
* app/core/gimppattern.[ch]: changed accordingly.
2005-05-26 Sven Neumann <sven@gimp.org>
* app/core/gimpdata.[ch]: added MIME type as a construct property
to GimpData.
* app/core/gimpbrush-load.c
* app/core/gimpbrushgenerated.c
* app/core/gimpbrushpipe.c
* app/core/gimpgradient-load.c
* app/core/gimppalette.c
* app/core/gimppattern.c: set the MIME type when loading a data
object from file. MIME types needs review and GimpPalette isn't
quite done yet...
* app/core/gimpdashpattern.c: cosmetics.
2005-04-15 Michael Natterer <mitch@gimp.org>
Added loading of Photoshop brushes. Fixes bug #163047:
* app/core/Makefile.am
* app/core/gimpbrush-load.[ch]: new files holding all brush
loading code. Added .abr loader based on a patch by Adrian
Likins. Didn't add a new brush subclass as in the original patch,
but only a loading function which loads the brushes into standard
GimpBrush objects. Did misc fixes to the code, needs further
cleanup.
* app/core/gimpbrush.[ch]: removed brush loading code here.
* app/core/gimpbrushpipe.c: changed #includes accordingly.
* app/core/gimp.c (gimp_real_initialize): register the new load
functions and their extensions with the brush factory.
* app/core/gimpbrush.c: don't ask for preview with
zero width or height, fixes bug #162232.
* app/base/brush-scale.c: remove tabs and trailing
whitespace.
2004-08-01 Simon Budig <simon@gimp.org>
* app/core/core-enums.h
* app/core/gimpbrushgenerated.[ch]: Implement three different
brush shapes for generated brushes.
* app/core/gimpbrush.c: changed accordingly.
* app/core/core-enums.c: regenerated.
* app/widgets/gimpbrusheditor.[ch]: Add toggles for the shape.
* themes/Default/images/stock-brush-generated-*-16.png: New stock
icons for the brush shapes.
* themes/Default/images/Makefile.am
* libgimpwidgets/gimpstock.[ch]: changed accordingly
untabified the files touched.
2004-07-26 Michael Natterer <mitch@gimp.org>
* app/core/gimpdatafactory.h: added "gboolean writable" to the
GimpDataFactoryLoaderEntry struct. Return a GList* instead of
GimpData* from GimpDataLoadFunc so it's possible to load more than
one data object from one file.
* app/core/gimpdatafactory.c (gimp_data_factory_load_data):
changed accordingly: add all items of the returned lists to the
data factory. Make the data object writable only if it's in the
writable path *and* its loader entry says it's a writable format
*and* the returned list contains exactly one element.
* app/core/gimp.c (gimp_real_initialize): declare all loader
entries as writable where we have code to read and write exactly
one object per file; all others are not writable.
* app/core/gimpbrush.[ch]
* app/core/gimpbrushgenerated.[ch]
* app/core/gimpbrushpipe.[ch]
* app/core/gimpgradient-load.[ch]
* app/core/gimppalette.[ch]
* app/core/gimppattern.[ch] (all load functions): return a list
containing the loaded object instead of the object itself.
2004-06-25 Michael Natterer <mitch@gimp.org>
* app/core/gimpbrushgenerated.[ch]: reordered parameters and
members to be consistent with other places where generated
brushes are used. Check for errors when loading a brush and
utf8-validate its name. Cleanup.
* app/core/gimpbrush.c
* app/core/gimpbrushpipe.c: cleanup.
