mirror of https://github.com/GNOME/gimp.git
Revert "Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / load_image."
This reverts commit06d24a79af
. The CVE is still fixed but now in a different way. Commit4fa0cd4dcf
passes instead the accurate string length when using the string, hence making it work even when not NUL-terminated. This has the advantage of having the GBR file loaded in the end, despite such file format error. I am personally not persuaded this is the best path since a file with such an error may either be corrupted, or worse may have been constructed on purpose to be harmful, so rejecting it directly may be the safe choice. Nevertheless I may also be too doubtful and maybe trying to save a slightly corrupted file may be the nicest choice indeed.
This commit is contained in:
parent
4fa0cd4dcf
commit
ba759fbcfd
|
@ -463,8 +463,7 @@ load_image (GFile *file,
|
||||||
|
|
||||||
if (! g_input_stream_read_all (input, temp, size,
|
if (! g_input_stream_read_all (input, temp, size,
|
||||||
&bytes_read, NULL, error) ||
|
&bytes_read, NULL, error) ||
|
||||||
bytes_read != size ||
|
bytes_read != size)
|
||||||
temp[size - 1] != '\0')
|
|
||||||
{
|
{
|
||||||
g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
|
g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
|
||||||
_("Error in GIMP brush file '%s'"),
|
_("Error in GIMP brush file '%s'"),
|
||||||
|
|
Loading…
Reference in New Issue