blob: 17bebe9e5fe8f80bf8421a3221196ec92449eaad (
plain)
1 From 32ae0f83e5748299641cceaabe3f80f1b3afd03e Mon Sep 17 00:00:00 2001
2 From: Nils Philippsen <nils@redhat.com>
3 Date: Thu, 14 Nov 2013 13:29:01 +0000
4 Subject: file-xwd: sanity check colormap size (CVE-2013-1913)
5
6 ---
7 diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c
8 index c8e1a6e..343129a 100644
9 --- a/plug-ins/common/file-xwd.c
10 +++ b/plug-ins/common/file-xwd.c
11 @@ -466,6 +466,17 @@ load_image (const gchar *filename,
12 /* Position to start of XWDColor structures */
13 fseek (ifp, (long)xwdhdr.l_header_size, SEEK_SET);
14
15 + /* Guard against insanely huge color maps -- gimp_image_set_colormap() only
16 + * accepts colormaps with 0..256 colors anyway. */
17 + if (xwdhdr.l_colormap_entries > 256)
18 + {
19 + g_message (_("'%s':\nIllegal number of colormap entries: %ld"),
20 + gimp_filename_to_utf8 (filename),
21 + (long)xwdhdr.l_colormap_entries);
22 + fclose (ifp);
23 + return -1;
24 + }
25 +
26 if (xwdhdr.l_colormap_entries > 0)
27 {
28 xwdcolmap = g_new (L_XWDCOLOR, xwdhdr.l_colormap_entries);
29 --
30 cgit v0.9.2
|
