31 lines
1.0 KiB
Plaintext
31 lines
1.0 KiB
Plaintext
From 32ae0f83e5748299641cceaabe3f80f1b3afd03e Mon Sep 17 00:00:00 2001
|
|
From: Nils Philippsen <nils@redhat.com>
|
|
Date: Thu, 14 Nov 2013 13:29:01 +0000
|
|
Subject: file-xwd: sanity check colormap size (CVE-2013-1913)
|
|
|
|
---
|
|
diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c
|
|
index c8e1a6e..343129a 100644
|
|
--- a/plug-ins/common/file-xwd.c
|
|
+++ b/plug-ins/common/file-xwd.c
|
|
@@ -466,6 +466,17 @@ load_image (const gchar *filename,
|
|
/* Position to start of XWDColor structures */
|
|
fseek (ifp, (long)xwdhdr.l_header_size, SEEK_SET);
|
|
|
|
+ /* Guard against insanely huge color maps -- gimp_image_set_colormap() only
|
|
+ * accepts colormaps with 0..256 colors anyway. */
|
|
+ if (xwdhdr.l_colormap_entries > 256)
|
|
+ {
|
|
+ g_message (_("'%s':\nIllegal number of colormap entries: %ld"),
|
|
+ gimp_filename_to_utf8 (filename),
|
|
+ (long)xwdhdr.l_colormap_entries);
|
|
+ fclose (ifp);
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
if (xwdhdr.l_colormap_entries > 0)
|
|
{
|
|
xwdcolmap = g_new (L_XWDCOLOR, xwdhdr.l_colormap_entries);
|
|
--
|
|
cgit v0.9.2
|