Issues #10071, #10072: Fix vulnerabilities in file-psp
This patch attempts to resolve the vulnerabilities in #10071 and #10072.
-
buf = g_malloc ()
is raised from 127 to 128 to match the largest amount that can be read into that buffer. - Adds check when loading palettes to make sure the count doesn't exceed the largest possible unsigned 32 bit integer value when multiplied by 4 (since each palette is represented by a 4 byte RGBA value).
@ZDI: Hi! I think these fix the two problems you noted - but if there are further issues with the patches, let me know.
(Note that the vulnerability in #10071 is actually quite old, and was noted in GIMP 2.6 in 2011)
If approved, these can be easily backported to 2.10
.