File gimp-bsc1073627-CVE-2017-17789.patch of Package gimp

Overview Repositories Revisions Requests Users Attributes Meta

File gimp-bsc1073627-CVE-2017-17789.patch of Package gimp

From 28e95fbeb5720e6005a088fa811f5bf3c1af48b8 Mon Sep 17 00:00:00 2001
From: Jehan <jehan@girinstud.io>
Date: Wed, 20 Dec 2017 16:44:20 +0100
Subject: [PATCH] Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer
 overflow...

... in PSP importer.
Check if declared block length is valid (i.e. within the actual file)
before going further.
Consider the file as broken otherwise and fail loading it.
---
 plug-ins/common/file-psp.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
index d975e13725..c25beceffc 100644
--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
@@ -1792,6 +1792,15 @@ load_image (const gchar  *filename,
     {
       block_start = ftell (f);
 
+      if (block_start + block_total_len > st.st_size)
+        {
+          g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+                       _("Could not open '%s' for reading: %s"),
+                       gimp_filename_to_utf8 (filename),
+                       _("invalid block size"));
+          goto error;
+        }
+
       if (id == PSP_IMAGE_BLOCK)
         {
           if (block_number != 0)
-- 
GitLab

Places

File gimp-bsc1073627-CVE-2017-17789.patch of Package gimp

Places