/[packages]/updates/5/gimp/current/SOURCES/Bug-790784-CVE-2017-17784-heap-overread-in-gbr-parse.patch
ViewVC logotype

Annotation of /updates/5/gimp/current/SOURCES/Bug-790784-CVE-2017-17784-heap-overread-in-gbr-parse.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1188362 - (hide annotations) (download)
Sun Dec 31 16:02:57 2017 UTC (6 years, 2 months ago) by luigiwalser
File size: 1327 byte(s)
add patches from debian to fix CVE-2017-1778[4-9]
1 luigiwalser 1188362 From: Jehan <jehan@girinstud.io>
2     Date: Thu, 21 Dec 2017 12:25:32 +0100
3     Subject: Bug 790784 - (CVE-2017-17784) heap overread in gbr parser /
4     load_image.
5     Origin: https://git.gnome.org/browse/GIMP/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270
6     Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17784
7     Bug-Debian: https://bugs.debian.org/884925
8     Bug: https://bugzilla.gnome.org/show_bug.cgi?id=790784
9    
10     We were assuming the input name was well formed, hence was
11     nul-terminated. As any data coming from external input, this has to be
12     thorougly checked.
13     Similar to commit 06d24a79af94837d615d0024916bb95a01bf3c59 but adapted
14     to older gimp-2-8 code.
15     ---
16     plug-ins/common/file-gbr.c | 3 ++-
17     1 file changed, 2 insertions(+), 1 deletion(-)
18    
19     diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c
20     index b028100bef..d3f01d9c56 100644
21     --- a/plug-ins/common/file-gbr.c
22     +++ b/plug-ins/common/file-gbr.c
23     @@ -443,7 +443,8 @@ load_image (const gchar *filename,
24     {
25     gchar *temp = g_new (gchar, bn_size);
26    
27     - if ((read (fd, temp, bn_size)) < bn_size)
28     + if ((read (fd, temp, bn_size)) < bn_size ||
29     + temp[bn_size - 1] != '\0')
30     {
31     g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
32     _("Error in GIMP brush file '%s'"),
33     --
34     2.15.1
35    

  ViewVC Help
Powered by ViewVC 1.1.30