[gimp/gimp-2-8] Bug 789610: invalid gbr brush crashing GIMP
- From: Jehan Pagès <jehanp src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gimp/gimp-2-8] Bug 789610: invalid gbr brush crashing GIMP
- Date: Fri, 5 Jan 2018 20:18:44 +0000 (UTC)
commit 4d4a8cf70fc938426e51cc3b1385b255db22400d
Author: Massimo Valentini <mvalentini src gnome org>
Date: Wed Nov 1 13:50:05 2017 +0100
Bug 789610: invalid gbr brush crashing GIMP
(cherry picked from commit 657a754f98eb9a67d8dcbc8c05a3e3a66fbee44f)
app/core/gimpbrush-load.c | 8 +++++++-
plug-ins/common/file-gbr.c | 6 ++++++
2 files changed, 13 insertions(+), 1 deletions(-)
---
diff --git a/app/core/gimpbrush-load.c b/app/core/gimpbrush-load.c
index f76c35a..682be89 100644
--- a/app/core/gimpbrush-load.c
+++ b/app/core/gimpbrush-load.c
@@ -161,7 +161,7 @@ gimp_brush_load_brush (GimpContext *context,
GError **error)
{
GimpBrush *brush;
- gint bn_size;
+ gsize bn_size;
BrushHeader header;
gchar *name = NULL;
guchar *pixmap;
@@ -260,6 +260,12 @@ gimp_brush_load_brush (GimpContext *context,
return NULL;
}
+ if (header.header_size < sizeof (BrushHeader))
+ {
+ g_message (_("Unsupported brush format"));
+ return NULL;
+ }
+
/* Read in the brush name */
if ((bn_size = (header.header_size - sizeof (header))))
{
diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c
index d3f01d9..a70f291 100644
--- a/plug-ins/common/file-gbr.c
+++ b/plug-ins/common/file-gbr.c
@@ -413,6 +413,12 @@ load_image (const gchar *filename,
/* And we need to rewind the handle, 4 due spacing and 4 due magic */
lseek (fd, -8, SEEK_CUR);
bh.header_size += 8;
+ if (bh.header_size < sizeof (BrushHeader))
+ {
+ g_message (_("Unsupported brush format"));
+ g_object_unref (input);
+ return -1;
+ }
break;
case 3: /* cinepaint brush */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]