dnrops
/
gimp
mirror of https://github.com/GNOME/gimp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #1731: gbr file that crashes gimp-2.10. 

GIMP_BRUSH_MAX_SIZE was already defined (as 10.000 pixels per dimension,
which is big for a brush) in gimpbrush.h. Let's just use this to
validate the size returned by the header.
This commit is contained in:
Jehan 2018-06-28 17:25:57 +02:00
parent 19f4abbbd6
commit b3de0bb7a5
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/core/gimpbrush-load.c
View File

@ -34,7 +34,6 @@
#include "gimp-intl.h"
/* stuff from abr2gbr Copyright (C) 2001 Marco Lamberto <lm@sunnyspot.org> */
/* the above is GPL see http://the.sunnyspot.org/gimp/ */
@ -189,6 +188,15 @@ gimp_brush_load_brush (GimpContext *context,
return NULL;
}
if (header.width > GIMP_BRUSH_MAX_SIZE ||
header.height > GIMP_BRUSH_MAX_SIZE)
{
g_set_error (error, GIMP_DATA_ERROR, GIMP_DATA_ERROR_READ,
_("Fatal parse error in brush file: %dx%d over max size."),
header.width, header.height);
return NULL;
}
switch (header.version)
{
case 1: