| From 32ae0f83e5748299641cceaabe3f80f1b3afd03e Mon Sep 17 00:00:00 2001 |
| From: Nils Philippsen <nils@redhat.com> |
| Date: Thu, 14 Nov 2013 14:29:01 +0100 |
| Subject: file-xwd: sanity check colormap size (CVE-2013-1913) |
| |
| |
| diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c |
| index c8e1a6e..343129a 100644 |
| --- a/plug-ins/common/file-xwd.c |
| +++ b/plug-ins/common/file-xwd.c |
| @@ -466,6 +466,17 @@ load_image (const gchar *filename, |
| /* Position to start of XWDColor structures */ |
| fseek (ifp, (long)xwdhdr.l_header_size, SEEK_SET); |
| |
| + /* Guard against insanely huge color maps -- gimp_image_set_colormap() only |
| + * accepts colormaps with 0..256 colors anyway. */ |
| + if (xwdhdr.l_colormap_entries > 256) |
| + { |
| + g_message (_("'%s':\nIllegal number of colormap entries: %ld"), |
| + gimp_filename_to_utf8 (filename), |
| + (long)xwdhdr.l_colormap_entries); |
| + fclose (ifp); |
| + return -1; |
| + } |
| + |
| if (xwdhdr.l_colormap_entries > 0) |
| { |
| xwdcolmap = g_new (L_XWDCOLOR, xwdhdr.l_colormap_entries); |
| -- |
| cgit v0.10.1 |
| |