[gimp] fix crash in fits loader (#834627)
Nils Philippsen
nphilipp at fedoraproject.org
Mon Aug 20 12:30:41 UTC 2012
commit c8e4afd6ba74768779ee59dce68071ca5c6f417c
Author: Nils Philippsen <nils at redhat.com>
Date: Thu Jun 28 14:17:38 2012 +0200
fix crash in fits loader (#834627)
gimp-2.8.0-fits.patch | 50 +++++++++++++++++++++++++++++++++++++++++++++++++
gimp.spec | 9 +++++++-
2 files changed, 58 insertions(+), 1 deletions(-)
---
diff --git a/gimp-2.8.0-fits.patch b/gimp-2.8.0-fits.patch
new file mode 100644
index 0000000..fbf3207
--- /dev/null
+++ b/gimp-2.8.0-fits.patch
@@ -0,0 +1,50 @@
+From 202a4d52bcc6a69889c9f475a74a6570081e5cf6 Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils at redhat.com>
+Date: Thu, 28 Jun 2012 13:54:50 +0200
+Subject: [PATCH] patch: fits
+
+Squashed commit of the following:
+
+commit c66982caadfad47db632647bcc19bcf480008bfc
+Author: Michael Natterer <mitch at gimp.org>
+Date: Wed Jun 6 21:21:10 2012 +0200
+
+ Bug 676804 - file handling DoS for fit file format
+
+ Apply patch from joe at reactionis.co.uk which fixes a buffer overflow on
+ broken/malicious fits files.
+ (cherry picked from commit ace45631595e8781a1420842582d67160097163c)
+---
+ plug-ins/file-fits/fits-io.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c
+index 03d9652..ed77318 100644
+--- a/plug-ins/file-fits/fits-io.c
++++ b/plug-ins/file-fits/fits-io.c
+@@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr,
+ hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0);
+ hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0);
+ if (hdulist->used.xtension)
+- {
+- fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
+- strcpy (hdulist->xtension, fdat->fstring);
+- }
++ {
++ fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
++ if (fdat != NULL)
++ {
++ strcpy (hdulist->xtension, fdat->fstring);
++ }
++ else
++ {
++ strcpy (errmsg, "No valid XTENSION header found.");
++ goto err_return;
++ }
++ }
+
+ FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong);
+ hdulist->naxis = fdat->flong;
+--
+1.7.10.2
+
diff --git a/gimp.spec b/gimp.spec
index 1f401ca..663084c 100644
--- a/gimp.spec
+++ b/gimp.spec
@@ -71,7 +71,7 @@ Summary: GNU Image Manipulation Program
Name: gimp
Epoch: 2
Version: 2.8.0
-Release: %{?prerelprefix}2%{dotprerel}%{dotgitrev}%{?dist}.1
+Release: %{?prerelprefix}3%{dotprerel}%{dotgitrev}%{?dist}
# Compute some version related macros
# Ugly hack, you need to get your quoting backslashes/percent signs straight
@@ -186,6 +186,8 @@ Source0: ftp://ftp.gimp.org/pub/gimp/v%{binver}/gimp-%{version}%{dashprer
Patch0: gimp-%{version}%{dashprerel}-git%{gitrev}.patch.bz2
%endif
+Patch1: gimp-2.8.0-fits.patch
+
%description
GIMP (GNU Image Manipulation Program) is a powerful image composition and
editing program, which can be extremely useful for creating logos and other
@@ -267,6 +269,8 @@ EOF
%patch0 -p1 -b .git%{gitrev}
%endif
+%patch1 -p1 -b .fits
+
%build
%if %{with hardening}
# Use hardening compiler/linker flags because gimp is likely to deal with files
@@ -538,6 +542,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%{_libdir}/gimp/%{lib_api_version}/plug-ins/help-browser
%changelog
+* Mon Aug 20 2012 Nils Philippsen <nils at redhat.com> - 2:2.8.0-3
+- fix crash in fits loader (#834627)
+
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2:2.8.0-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
More information about the scm-commits
mailing list