mirror of https://github.com/GNOME/gimp.git
Validate XCF string length
This patch limits the string length to 16 MB. If problems occur in the future because 16 MB is small, increase the limit by modifying MAX_XCF_STRING_LEN.
This commit is contained in:
parent
675a9c3950
commit
4855d433b0
|
@ -27,6 +27,7 @@
|
||||||
|
|
||||||
#include "gimp-intl.h"
|
#include "gimp-intl.h"
|
||||||
|
|
||||||
|
#define MAX_XCF_STRING_LEN (16 * (1L << 20)) /* 16 MB */
|
||||||
|
|
||||||
guint
|
guint
|
||||||
xcf_read_int32 (FILE *fp,
|
xcf_read_int32 (FILE *fp,
|
||||||
|
@ -94,7 +95,13 @@ xcf_read_string (FILE *fp,
|
||||||
|
|
||||||
total += xcf_read_int32 (fp, &tmp, 1);
|
total += xcf_read_int32 (fp, &tmp, 1);
|
||||||
|
|
||||||
if (tmp > 0)
|
if (tmp > MAX_XCF_STRING_LEN)
|
||||||
|
{
|
||||||
|
g_warning ("Maximum string length (%ld bytes) exceeded."
|
||||||
|
" Possibly corrupt XCF file.", MAX_XCF_STRING_LEN);
|
||||||
|
data[i] = NULL;
|
||||||
|
}
|
||||||
|
else if (tmp > 0)
|
||||||
{
|
{
|
||||||
gchar *str;
|
gchar *str;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue