diff options
| author | CoprDistGit <infra@openeuler.org> | 2024-08-02 07:11:29 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2024-08-02 07:11:29 +0000 |
| commit | 8f19e3926566d3cdbb6578dc2b5f80e8b96eb2fb (patch) | |
| tree | 84963b53db4f011d94b3908e520d971e552ba462 /gimp-CVE-2022-30067.patch | |
| parent | ab01ef3595b68a226145d5485e85382b61a9f8cf (diff) | |
automatic import of gimpopeneuler24.03_LTSopeneuler23.09
Diffstat (limited to 'gimp-CVE-2022-30067.patch')
| -rw-r--r-- | gimp-CVE-2022-30067.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/gimp-CVE-2022-30067.patch b/gimp-CVE-2022-30067.patch new file mode 100644 index 0000000..94e29d2 --- /dev/null +++ b/gimp-CVE-2022-30067.patch @@ -0,0 +1,60 @@ +From 4f99f1fcfd892ead19831b5adcd38a99d71214b6 Mon Sep 17 00:00:00 2001 +From: Jacob Boerema <jgboerema@gmail.com> +Date: Fri, 29 Apr 2022 16:40:32 -0400 +Subject: [PATCH] app: fix #8120 GIMP 2.10.30 crashed when allocate large + memory + +GIMP could crash if the information regarding old path properties read +from XCF was incorrect. It did not check if xcf_old_path succeeded and +kept trying to load more paths even if the last one failed to load. + +Instead we now stop loading paths as soon as that function fails. +In case we have a failure here we also try to skip to the next property +based on the size of the path property, in hopes that the only problem +was this property. +--- + app/xcf/xcf-load.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/app/xcf/xcf-load.c b/app/xcf/xcf-load.c +index ac9c4ea248..67bc766390 100644 +--- a/app/xcf/xcf-load.c ++++ b/app/xcf/xcf-load.c +@@ -1168,7 +1168,12 @@ xcf_load_image_props (XcfInfo *info, + break; + + case PROP_PATHS: +- xcf_load_old_paths (info, image); ++ { ++ goffset base = info->cp; ++ ++ if (! xcf_load_old_paths (info, image)) ++ xcf_seek_pos (info, base + prop_size, NULL); ++ } + break; + + case PROP_USER_UNIT: +@@ -3035,8 +3040,11 @@ xcf_load_old_paths (XcfInfo *info, + xcf_read_int32 (info, &last_selected_row, 1); + xcf_read_int32 (info, &num_paths, 1); + ++ GIMP_LOG (XCF, "Number of old paths: %u", num_paths); ++ + while (num_paths-- > 0) +- xcf_load_old_path (info, image); ++ if (! xcf_load_old_path (info, image)) ++ return FALSE; + + active_vectors = + GIMP_VECTORS (gimp_container_get_child_by_index (gimp_image_get_vectors (image), +@@ -3087,7 +3095,7 @@ xcf_load_old_path (XcfInfo *info, + } + else if (version != 1) + { +- g_printerr ("Unknown path type. Possibly corrupt XCF file"); ++ g_printerr ("Unknown path type (version: %u). Possibly corrupt XCF file.\n", version); + + g_free (name); + return FALSE; +-- +GitLab |