/[packages]/updates/5/gimp/current/SOURCES/Bug-790849-CVE-2017-17789-CVE-2017-17789-Heap-buffer.patch
ViewVC logotype

Contents of /updates/5/gimp/current/SOURCES/Bug-790849-CVE-2017-17789-CVE-2017-17789-Heap-buffer.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1188362 - (show annotations) (download)
Sun Dec 31 16:02:57 2017 UTC (17 months, 2 weeks ago) by luigiwalser
File size: 1448 byte(s)
add patches from debian to fix CVE-2017-1778[4-9]
1 From: Jehan <jehan@girinstud.io>
2 Date: Wed, 20 Dec 2017 16:44:20 +0100
3 Subject: Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer overflow...
4 Origin: https://git.gnome.org/browse/GIMP/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f
5 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17789
6 Bug-Debian: https://bugs.debian.org/884837
7 Bug: https://bugzilla.gnome.org/show_bug.cgi?id=790849
8
9 ... in PSP importer.
10 Check if declared block length is valid (i.e. within the actual file)
11 before going further.
12 Consider the file as broken otherwise and fail loading it.
13
14 (cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8)
15 ---
16 plug-ins/common/file-psp.c | 9 +++++++++
17 1 file changed, 9 insertions(+)
18
19 diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
20 index ac0fff78f0..4cbafe37b1 100644
21 --- a/plug-ins/common/file-psp.c
22 +++ b/plug-ins/common/file-psp.c
23 @@ -1771,6 +1771,15 @@ load_image (const gchar *filename,
24 {
25 block_start = ftell (f);
26
27 + if (block_start + block_total_len > st.st_size)
28 + {
29 + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
30 + _("Could not open '%s' for reading: %s"),
31 + gimp_filename_to_utf8 (filename),
32 + _("invalid block size"));
33 + goto error;
34 + }
35 +
36 if (id == PSP_IMAGE_BLOCK)
37 {
38 if (block_number != 0)
39 --
40 2.15.1
41

  ViewVC Help
Powered by ViewVC 1.1.26