plug-ins: fix GIMP becoming unresponsive due to corrupt image

Image m2-d0f86ab189cbe900ec389ca6d7464713.tif from the imagetestsuite is a fuzzed image with an invalid very high number for the channel count. This causes GIMP to become unresponsive for a very long time. Possibly trying to allocate memory for all channels or another cause related to the high number of channels. Let's go for a more "reasonable" limit of 99 channels like we also do for Photoshop images and show a message when we find an image with more channels.
2022-08-22 19:05:22 -04:00 · 2022-08-22 19:05:22 -04:00 · 18d466df7f
parent 853e9d5cb4
commit 18d466df7f
1 changed files with 11 additions and 0 deletions
--- a/plug-ins/file-tiff/file-tiff-load.c
+++ b/plug-ins/file-tiff/file-tiff-load.c
@ -1508,6 +1508,17 @@ load_image (GFile        *file,
      else
        load_paths (tif, *image, cols, rows, 0, 0);

+      if (extra > 99)
+        {
+          /* Validate number of channels to the same maximum as we use for
+           * Photoshop. A higher number most likely means a corrupt image
+           * and can cause GIMP to become unresponsive and/or stuck.
+           * See m2-d0f86ab189cbe900ec389ca6d7464713.tif from imagetestsuite
+           */
+          g_message (_("Suspicious number of extra channels: %d. Possibly corrupt image."), extra);
+          extra = 99;
+        }
+
      /* Allocate ChannelData for all channels, even the background layer */
      channel = g_new0 (ChannelData, extra + 1);