Commit 28e95fbe authored by Jehan's avatar Jehan

Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer overflow...

... in PSP importer.
Check if declared block length is valid (i.e. within the actual file)
before going further.
Consider the file as broken otherwise and fail loading it.
parent 3d5732e2
......@@ -1792,6 +1792,15 @@ load_image (const gchar *filename,
{
block_start = ftell (f);
if (block_start + block_total_len > st.st_size)
{
g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
_("Could not open '%s' for reading: %s"),
gimp_filename_to_utf8 (filename),
_("invalid block size"));
goto error;
}
if (id == PSP_IMAGE_BLOCK)
{
if (block_number != 0)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment