calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a98c9b7f40'
${ noResults }
gentoo-overlay/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784....

33 lines
1.1 KiB
Raw Blame History

From c57f9dcf1934a9ab0cd67650f2dea18cb0902270 Mon Sep 17 00:00:00 2001
From: Jehan <jehan@girinstud.io>
Date: Thu, 21 Dec 2017 12:25:32 +0100
Subject: Bug 790784 - (CVE-2017-17784) heap overread in gbr parser /
load_image.
We were assuming the input name was well formed, hence was
nul-terminated. As any data coming from external input, this has to be
thorougly checked.
Similar to commit 06d24a79af94837d615d0024916bb95a01bf3c59 but adapted
to older gimp-2-8 code.
---
plug-ins/common/file-gbr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c
index b028100..d3f01d9 100644
--- a/plug-ins/common/file-gbr.c
+++ b/plug-ins/common/file-gbr.c
@@ -443,7 +443,8 @@ load_image (const gchar *filename,
{
gchar *temp = g_new (gchar, bn_size);
- if ((read (fd, temp, bn_size)) < bn_size)
+ if ((read (fd, temp, bn_size)) < bn_size ||
+ temp[bn_size - 1] != '\0')
{
g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
_("Error in GIMP brush file '%s'"),
--
cgit v0.12
Reference in new issue View Git Blame Copy Permalink