Validate XCF string length

This patch limits the string length to 16 MB. If problems occur in the
future because 16 MB is small, increase the limit by modifying
MAX_XCF_STRING_LEN.
This commit is contained in:
Mukund Sivaraman 2010-10-16 04:04:26 +05:30
parent 675a9c3950
commit 4855d433b0
1 changed files with 8 additions and 1 deletions

View File

@ -27,6 +27,7 @@
#include "gimp-intl.h" #include "gimp-intl.h"
#define MAX_XCF_STRING_LEN (16 * (1L << 20)) /* 16 MB */
guint guint
xcf_read_int32 (FILE *fp, xcf_read_int32 (FILE *fp,
@ -94,7 +95,13 @@ xcf_read_string (FILE *fp,
total += xcf_read_int32 (fp, &tmp, 1); total += xcf_read_int32 (fp, &tmp, 1);
if (tmp > 0) if (tmp > MAX_XCF_STRING_LEN)
{
g_warning ("Maximum string length (%ld bytes) exceeded."
" Possibly corrupt XCF file.", MAX_XCF_STRING_LEN);
data[i] = NULL;
}
else if (tmp > 0)
{ {
gchar *str; gchar *str;