[gimp] Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / load_image.

From: Jehan Pagès <jehanp src gnome org>
To: commits-list gnome org
Cc:
Subject: [gimp] Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / load_image.
Date: Thu, 21 Dec 2017 11:17:51 +0000 (UTC)

commit 06d24a79af94837d615d0024916bb95a01bf3c59
Author: Jehan <jehan girinstud io>
Date:   Thu Dec 21 12:15:34 2017 +0100

    Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / load_image.
    
    We were assuming the input name was well formed, hence was
    nul-terminated. As any data coming from external input, this has to be
    thorougly checked.

 plug-ins/common/file-gbr.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)
---
diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c
index b8933e7..585e74a 100644
--- a/plug-ins/common/file-gbr.c
+++ b/plug-ins/common/file-gbr.c
@@ -456,7 +456,8 @@ load_image (GFile   *file,
 
       if (! g_input_stream_read_all (input, temp, size,
                                      &bytes_read, NULL, error) ||
-          bytes_read != size)
+          bytes_read != size                                   ||
+          temp[size - 1] != '\0')
         {
           g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
                        _("Error in GIMP brush file '%s'"),

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]