check for invalid number of channels in a layer.

2007-07-05 Raphael Quinet <raphael@gimp.org> * plug-ins/common/psd-load.c (do_layer_record): check for invalid number of channels in a layer. * plug-ins/common/pcx.c (load_image): check for invalid image width or height. * plug-ins/bmp/bmpread.c: check for invalid image width or height, return if the image could not be read instead of trying to set the resolution or to flip a non-existing image. svn path=/trunk/; revision=22877
2007-07-05 17:01:41 +00:00 · 2007-07-05 17:01:41 +00:00 · 3ab6e2b560
parent 5a41fd121a
commit 3ab6e2b560
4 changed files with 49 additions and 0 deletions
--- a/12
+++ b/12
@ -1,3 +1,15 @@
+2007-07-05  Raphaël Quinet  <raphael@gimp.org>
+
+	* plug-ins/common/psd-load.c (do_layer_record): check for invalid
+	number of channels in a layer.
+
+	* plug-ins/common/pcx.c (load_image): check for invalid image
+	width or height.
+
+	* plug-ins/bmp/bmpread.c: check for invalid image width or height,
+	return if the image could not be read instead of trying to set the
+	resolution or to flip a non-existing image.
+
 2007-07-05  Sven Neumann  <sven@gimp.org>

 	* app/widgets/gimperrordialog.c (gimp_error_dialog_add): don't
--- a/plug-ins/bmp/bmpread.c
+++ b/plug-ins/bmp/bmpread.c
@ -438,6 +438,9 @@ ReadBMP (const gchar *name)
                        Grey,
                        masks);

+  if (image_ID < 0)
+    return -1;
+
  if (Bitmap_Head.biXPels > 0 && Bitmap_Head.biYPels > 0)
    {
      /* Fixed up from scott@asofyet's changes last year, njl195 */
@ -542,6 +545,16 @@ ReadImage (FILE     *fd,
      return -1;
    }

+  if ((width < 0) || (width > GIMP_MAX_IMAGE_SIZE))
+    {
+      g_message (_("Unsupported or invalid image width: %d"), width);
+      return -1;
+    }
+  if ((height < 0) || (height > GIMP_MAX_IMAGE_SIZE))
+    {
+      g_message (_("Unsupported or invalid image height: %d"), height);
+      return -1;
+    }
  image = gimp_image_new (width, height, base_type);
  layer = gimp_layer_new (image, _("Background"),
                          width, height,
--- a/plug-ins/common/pcx.c
+++ b/plug-ins/common/pcx.c
@ -333,6 +333,23 @@ load_image (const gchar *filename)
  width = qtohs (pcx_header.x2) - offset_x + 1;
  height = qtohs (pcx_header.y2) - offset_y + 1;

+  if ((width < 0) || (width > GIMP_MAX_IMAGE_SIZE))
+    {
+      g_message (_("Unsupported or invalid image width: %d"), width);
+      return -1;
+    }
+  if ((height < 0) || (height > GIMP_MAX_IMAGE_SIZE))
+    {
+      g_message (_("Unsupported or invalid image height: %d"), height);
+      return -1;
+    }
+  if (qtohs (pcx_header.bytesperline) <= 0)
+    {
+      g_message (_("Invalid number of bytes per line: %hd"),
+                 qtohs (pcx_header.bytesperline));
+      return -1;
+    }
+
  if (pcx_header.planes == 3 && pcx_header.bpp == 8)
    {
      image= gimp_image_new (width, height, GIMP_RGB);
--- a/plug-ins/common/psd-load.c
+++ b/plug-ins/common/psd-load.c
@ -1056,6 +1056,13 @@ do_layer_record (FILE    *fd,
  IFDBG printf("\t\t\t\tNumber of channels: %d\n",
               (int)layer->num_channels);

+  if ((layer->num_channels < 0) || (layer->num_channels > 56))
+    {
+      g_message ("Error: invalid number of channels in layer %d: %d",
+                 layernum, layer->num_channels);
+      gimp_quit();
+    }
+
  if (layer->num_channels)
    {
      layer->channel = g_new(PSDchannel, layer->num_channels);