Additional fixes for DDS Import (!1133) · Merge requests · GNOME / GIMP

Alx Sa requested to merge alxsa-more-dds-fixes into master Oct 28, 2023

@Wormnest noted remaining regressions after 8faad92e.

The second fread() only runs if the DDSD_PITCH flag is set, so the error handling check should also be conditional.

Additionally, the ZDI-CAN-22093 exploit no longer runs but still could cause a plug-in crash. This patch adds an additional check to ensure the buffer size was within bounds.

Additional fixes for DDS Import

Merge request reports