| Fix for CVE-2012-2763 for GIMP 2.6.x by mancha. Based on commit |
| 76155d79df8d497. Thanks to muks, Kevin, and Ankh for identifying |
| the relevant code change. |
| |
| Ref: Fixed potential buffer overflow in readstr_upto(). |
| |
| ================================================ |
| |
| --- a/plug-ins/script-fu/tinyscheme/scheme.c.orig 2012-06-30 |
| +++ b/plug-ins/script-fu/tinyscheme/scheme.c 2012-06-30 |
| @@ -1727,7 +1727,8 @@ static char *readstr_upto(scheme *sc, ch |
| c = inchar(sc); |
| len = g_unichar_to_utf8(c, p); |
| p += len; |
| - } while (c && !is_one_of(delim, c)); |
| + } while ((p - sc->strbuff < sizeof(sc->strbuff)) && |
| + (c && !is_one_of(delim, c))); |
| |
| if(p==sc->strbuff+2 && c_prev=='\\') |
| *p = '\0'; |