1
From 32ae0f83e5748299641cceaabe3f80f1b3afd03e Mon Sep 17 00:00:00 2001
2
From: Nils Philippsen <nils@redhat.com>
3
Date: Thu, 14 Nov 2013 13:29:01 +0000
4
Subject: file-xwd: sanity check colormap size (CVE-2013-1913)
7
Index: gimp-2.8.6/plug-ins/common/file-xwd.c
8
===================================================================
9
--- gimp-2.8.6.orig/plug-ins/common/file-xwd.c 2013-12-06 13:16:41.718812351 -0500
10
+++ gimp-2.8.6/plug-ins/common/file-xwd.c 2013-12-06 13:16:41.714812331 -0500
12
/* Position to start of XWDColor structures */
13
fseek (ifp, (long)xwdhdr.l_header_size, SEEK_SET);
15
+ /* Guard against insanely huge color maps -- gimp_image_set_colormap() only
16
+ * accepts colormaps with 0..256 colors anyway. */
17
+ if (xwdhdr.l_colormap_entries > 256)
19
+ g_message (_("'%s':\nIllegal number of colormap entries: %ld"),
20
+ gimp_filename_to_utf8 (filename),
21
+ (long)xwdhdr.l_colormap_entries);
26
if (xwdhdr.l_colormap_entries > 0)
28
xwdcolmap = g_new (L_XWDCOLOR, xwdhdr.l_colormap_entries);