[gimp/gimp-2-6] Bug 676804 - file handling DoS for fit file format
- From: Nils Philippsen <nphilipp src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gimp/gimp-2-6] Bug 676804 - file handling DoS for fit file format
- Date: Mon, 20 Aug 2012 12:42:14 +0000 (UTC)
commit a2fd2c9dedc3d9aeb8b92f9c9a35960e8c422d7c
Author: Michael Natterer <mitch gimp org>
Date: Wed Jun 6 21:21:10 2012 +0200
Bug 676804 - file handling DoS for fit file format
Apply patch from joe reactionis co uk which fixes a buffer overflow on
broken/malicious fits files.
(cherry picked from commit ace45631595e8781a1420842582d67160097163c)
plug-ins/file-fits/fits-io.c | 16 ++++++++++++----
1 files changed, 12 insertions(+), 4 deletions(-)
---
diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c
index 98ff5aa..f292c25 100644
--- a/plug-ins/file-fits/fits-io.c
+++ b/plug-ins/file-fits/fits-io.c
@@ -1055,10 +1055,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr,
hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0);
hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0);
if (hdulist->used.xtension)
- {
- fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
- strcpy (hdulist->xtension, fdat->fstring);
- }
+ {
+ fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
+ if (fdat != NULL)
+ {
+ strcpy (hdulist->xtension, fdat->fstring);
+ }
+ else
+ {
+ strcpy (errmsg, "No valid XTENSION header found.");
+ goto err_return;
+ }
+ }
FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong);
hdulist->naxis = fdat->flong;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]