Commit 3eaeff31 authored by Jehan's avatar Jehan

Revert "Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / load_image."

This reverts commit c57f9dcf.

The CVE is still fixed but now in a different way. Commit 4fa0cd4d
passes instead the accurate string length when using the string, hence
making it work even when not NUL-terminated. This has the advantage of
having the GBR file loaded in the end, despite such file format error. I
am personally not persuaded this is the best path since a file with such
an error may either be corrupted, or worse may have been constructed on
purpose to be harmful, so rejecting it directly may be the safe choice.
Nevertheless I may also be too doubtful and maybe trying to save a
slightly corrupted file may be the nicest choice indeed.
parent 208a2e6d
......@@ -450,8 +450,7 @@ load_image (const gchar *filename,
{
gchar *temp = g_new (gchar, bn_size);
if ((read (fd, temp, bn_size)) < bn_size ||
temp[bn_size - 1] != '\0')
if ((read (fd, temp, bn_size)) < bn_size)
{
g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
_("Error in GIMP brush file '%s'"),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment