1 |
luigiwalser |
1188362 |
From: Jehan <jehan@girinstud.io> |
2 |
|
|
Date: Wed, 20 Dec 2017 16:44:20 +0100 |
3 |
|
|
Subject: Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer overflow... |
4 |
|
|
Origin: https://git.gnome.org/browse/GIMP/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f |
5 |
|
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17789 |
6 |
|
|
Bug-Debian: https://bugs.debian.org/884837 |
7 |
|
|
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=790849 |
8 |
|
|
|
9 |
|
|
... in PSP importer. |
10 |
|
|
Check if declared block length is valid (i.e. within the actual file) |
11 |
|
|
before going further. |
12 |
|
|
Consider the file as broken otherwise and fail loading it. |
13 |
|
|
|
14 |
|
|
(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8) |
15 |
|
|
--- |
16 |
|
|
plug-ins/common/file-psp.c | 9 +++++++++ |
17 |
|
|
1 file changed, 9 insertions(+) |
18 |
|
|
|
19 |
|
|
diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c |
20 |
|
|
index ac0fff78f0..4cbafe37b1 100644 |
21 |
|
|
--- a/plug-ins/common/file-psp.c |
22 |
|
|
+++ b/plug-ins/common/file-psp.c |
23 |
|
|
@@ -1771,6 +1771,15 @@ load_image (const gchar *filename, |
24 |
|
|
{ |
25 |
|
|
block_start = ftell (f); |
26 |
|
|
|
27 |
|
|
+ if (block_start + block_total_len > st.st_size) |
28 |
|
|
+ { |
29 |
|
|
+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, |
30 |
|
|
+ _("Could not open '%s' for reading: %s"), |
31 |
|
|
+ gimp_filename_to_utf8 (filename), |
32 |
|
|
+ _("invalid block size")); |
33 |
|
|
+ goto error; |
34 |
|
|
+ } |
35 |
|
|
+ |
36 |
|
|
if (id == PSP_IMAGE_BLOCK) |
37 |
|
|
{ |
38 |
|
|
if (block_number != 0) |
39 |
|
|
-- |
40 |
|
|
2.15.1 |
41 |
|
|
|