blob: f3e89842c19b11889bdc6d51c1ec95a12fe037fc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
$NetBSD: patch-ae,v 1.6.6.1 2007/07/04 13:17:12 lkundrak Exp $
Fix for CVE-2007-2949 heap overflow from upstream.
--- plug-ins/common/psd.c.orig 2007-07-04 15:11:22.000000000 +0200
+++ plug-ins/common/psd.c
@@ -1202,6 +1202,12 @@ seek_to_and_unpack_pixeldata(FILE* fd, g
width = channel->width;
height = channel->height;
+ if (width > G_MAXINT16 || height > G_MAXINT16)
+ {
+ g_message ("Error: Invalid channel dimensions");
+ gimp_quit ();
+ }
+
IFDBG
{
printf("\t\t\tLayer (%d) Channel (%d:%d) Compression: %d (%s)\n",
|