summaryrefslogtreecommitdiff
path: root/uselessPorts/gimp/cve-2013-1913
blob: 17bebe9e5fe8f80bf8421a3221196ec92449eaad (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
From 32ae0f83e5748299641cceaabe3f80f1b3afd03e Mon Sep 17 00:00:00 2001
From: Nils Philippsen <nils@redhat.com>
Date: Thu, 14 Nov 2013 13:29:01 +0000
Subject: file-xwd: sanity check colormap size (CVE-2013-1913)

---
diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c
index c8e1a6e..343129a 100644
--- a/plug-ins/common/file-xwd.c
+++ b/plug-ins/common/file-xwd.c
@@ -466,6 +466,17 @@ load_image (const gchar  *filename,
   /* Position to start of XWDColor structures */
   fseek (ifp, (long)xwdhdr.l_header_size, SEEK_SET);
 
+  /* Guard against insanely huge color maps -- gimp_image_set_colormap() only
+   * accepts colormaps with 0..256 colors anyway. */
+  if (xwdhdr.l_colormap_entries > 256)
+    {
+      g_message (_("'%s':\nIllegal number of colormap entries: %ld"),
+                 gimp_filename_to_utf8 (filename),
+                 (long)xwdhdr.l_colormap_entries);
+      fclose (ifp);
+      return -1;
+    }
+
   if (xwdhdr.l_colormap_entries > 0)
     {
       xwdcolmap = g_new (L_XWDCOLOR, xwdhdr.l_colormap_entries);
--
cgit v0.9.2