Michael Vetter
c35ef5f295
- Add gimp-CVE-2026-2239.patch: fix a heap buffer overflow in psd-util.c (bsc#1257959 CVE-2026-2239 glgo#GNOME/gimp#15812). OBS-URL: https://build.opensuse.org/request/show/1332528 OBS-URL: https://build.opensuse.org/package/show/graphics/gimp?expand=0&rev=104
38 lines
1.2 KiB
Diff
38 lines
1.2 KiB
Diff
From 8cf2772f5631719ae0e4e701bd7ef793b1f59cfa Mon Sep 17 00:00:00 2001
|
|
From: Jacob Boerema <jgboerema@gmail.com>
|
|
Date: Fri, 6 Feb 2026 15:56:07 -0500
|
|
Subject: [PATCH] plug-ins: fix #15812 PSD loader: heap-buffer-overflow ...
|
|
|
|
in fread_pascal_string
|
|
|
|
In plug-ins/file-psd/psd-util.c, the function fread_pascal_string()
|
|
allocates a buffer with g_malloc(len) and reads len bytes from the file
|
|
into it. The buffer is not null-terminated, but is assumed to be in
|
|
later code.
|
|
This causes it to read past the end of its allocated region with a
|
|
specially crafted PSD, causing a heap-buffer-overflow.
|
|
|
|
Fix this by alloocating one more byte than its length and set that
|
|
to '\0'.
|
|
---
|
|
plug-ins/file-psd/psd-util.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/plug-ins/file-psd/psd-util.c b/plug-ins/file-psd/psd-util.c
|
|
index e0cca2b4db..734155c57a 100644
|
|
--- a/plug-ins/file-psd/psd-util.c
|
|
+++ b/plug-ins/file-psd/psd-util.c
|
|
@@ -274,7 +274,8 @@ fread_pascal_string (gint32 *bytes_read,
|
|
return NULL;
|
|
}
|
|
|
|
- str = g_malloc (len);
|
|
+ str = g_malloc (len + 1);
|
|
+ str[len] = '\0';
|
|
if (psd_read (input, str, len, error) < len)
|
|
{
|
|
psd_set_error (error);
|
|
--
|
|
2.53.0
|
|
|