Revert "Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / load_image."
This reverts commit 06d24a79. The CVE is still fixed but now in a different way. Commit 4fa0cd4d passes instead the accurate string length when using the string, hence making it work even when not NUL-terminated. This has the advantage of having the GBR file loaded in the end, despite such file format error. I am personally not persuaded this is the best path since a file with such an error may either be corrupted, or worse may have been constructed on purpose to be harmful, so rejecting it directly may be the safe choice. Nevertheless I may also be too doubtful and maybe trying to save a slightly corrupted file may be the nicest choice indeed.
Showing with 1 addition and 2 deletions