There should be absolutely no code change semantic in this commit. If
there is, that's a mistake and it's on me. I only cleaned up the syntax
in the C file which basically was following none of GIMP coding style
(tabs everywhere, brackets at end of lines, nearly no space anywhere so
all the code was a compressed mess which was hard to read, indentation
absolutely wrong everywhere, etc.).
I cleaned it up with a bunch of regexp search-and-replace followed by a
lot of manual cleaning and verification as well.
I also tested with various FLI files found on the web, and they were
loading fine in GIMP. So I believe/hope that I didn't mess up somewhere,
but it looks as the cleaning went all fine.
It is possible to trigger a heap overflow while parsing FLI files. The
RLE decoder is vulnerable to out of boundary writes due to lack of
boundary checks.
The variable "framebuf" points to a memory area which was allocated
with fli_header->width * fli_header->height bytes. The RLE decoder
therefore must never write beyond that limit.
If an illegal frame is detected, the parser won't stop, which means
that the next valid sequence is properly parsed again. This should
allow GIMP to parse FLI files as good as possible even if they are
broken by an attacker or by accident.
While at it, I changed the variable xc to be of type size_t, because
the multiplication of width and height could overflow a 16 bit type.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2009-01-17 Michael Natterer <mitch@gimp.org>
* all files with a GPL header and all COPYING files:
Change licence to GPLv3 (and to LGPLv3 for libgimp).
Cleaned up some copyright headers and regenerated the parsers in
the ImageMap plugin.
svn path=/trunk/; revision=27913
2008-08-11 Michael Natterer <mitch@gimp.org>
* plug-ins/bmp/*
* plug-ins/faxg3/*
* plug-ins/fits/*
* plug-ins/fli/*
* plug-ins/ico/*
* plug-ins/jpeg/*
* plug-ins/psd/*
* plug-ins/sgi/*
* plug-ins/uri/*
* plug-ins/xjt/*: removed these...
* plug-ins/file-bmp/*
* plug-ins/file-faxg3/*
* plug-ins/file-fits/*
* plug-ins/file-fli/*
* plug-ins/file-ico/*
* plug-ins/file-jpeg/*
* plug-ins/file-psd/*
* plug-ins/file-sgi/*
* plug-ins/file-uri/*
* plug-ins/file-xjt/*: and moved them here. Changed executable
names to "file-foo".
* plug-ins/Makefile.am: changed accordingly.
* plug-ins/common/*: rename all file plug-ins to file-foo.c. Get
rid of the names "poppler" and "postscript" and call them
"file-pdf" and "file-ps" because the conflict with standard
autofoo targets is gone.
* plug-ins/common/plugin-defs.pl: changed accordingly.
* plug-ins/common/mkgen.pl: make sure cflags variables are named
"PLUG_IN_NAME_CFLAGS" and not "PLUG-IN-NAME_CFLAGS"
* plug-ins/common/Makefile.am: regenerated.
* configure.in: change folders and variable names to match above
changes.
svn path=/trunk/; revision=26494
Michael Natterer