[gimp/f16] fix crash in fits loader (#834627)
Nils Philippsen
nphilipp at fedoraproject.org
Mon Aug 20 13:35:40 UTC 2012
commit 0fc1477a17527e923a1e620f75f2f8cf449c17a7
Author: Nils Philippsen <nils at redhat.com>
Date: Mon Aug 20 15:09:34 2012 +0200
fix crash in fits loader (#834627)
gimp-2.6.12-fits.patch | 50 ++++++++++++++++++++++++++++++++++++++++++++++++
gimp.spec | 8 ++++++-
2 files changed, 57 insertions(+), 1 deletions(-)
---
diff --git a/gimp-2.6.12-fits.patch b/gimp-2.6.12-fits.patch
new file mode 100644
index 0000000..0bb7880
--- /dev/null
+++ b/gimp-2.6.12-fits.patch
@@ -0,0 +1,50 @@
+From c7ef414a77fb3c8fb4ac8023fc150a6cc3415add Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils at redhat.com>
+Date: Mon, 20 Aug 2012 14:48:36 +0200
+Subject: [PATCH] patch: fits
+
+Squashed commit of the following:
+
+commit 6e8d41593e8900a26cd58502f7c3eb375dc80512
+Author: Michael Natterer <mitch at gimp.org>
+Date: Wed Jun 6 21:21:10 2012 +0200
+
+ Bug 676804 - file handling DoS for fit file format
+
+ Apply patch from joe at reactionis.co.uk which fixes a buffer overflow on
+ broken/malicious fits files.
+ (cherry picked from commit ace45631595e8781a1420842582d67160097163c)
+---
+ plug-ins/file-fits/fits-io.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c
+index 98ff5aa..f292c25 100644
+--- a/plug-ins/file-fits/fits-io.c
++++ b/plug-ins/file-fits/fits-io.c
+@@ -1055,10 +1055,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr,
+ hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0);
+ hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0);
+ if (hdulist->used.xtension)
+- {
+- fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
+- strcpy (hdulist->xtension, fdat->fstring);
+- }
++ {
++ fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
++ if (fdat != NULL)
++ {
++ strcpy (hdulist->xtension, fdat->fstring);
++ }
++ else
++ {
++ strcpy (errmsg, "No valid XTENSION header found.");
++ goto err_return;
++ }
++ }
+
+ FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong);
+ hdulist->naxis = fdat->flong;
+--
+1.7.11.4
+
diff --git a/gimp.spec b/gimp.spec
index e6d77e7..1b075a7 100644
--- a/gimp.spec
+++ b/gimp.spec
@@ -36,7 +36,7 @@ Summary: GNU Image Manipulation Program
Name: gimp
Epoch: 2
Version: 2.6.12
-Release: 1%{?dist}
+Release: 2%{?dist}
%define binver 2.6
%define gimp_lang_ver 20
%define interfacever 2.0
@@ -128,6 +128,8 @@ Patch1: gimp-2.6.7-jpeg-units.patch
# "Dialogs don't get minimized with single image window"
Patch2: gimp-2.6.6-minimize-dialogs.patch
+Patch3: gimp-2.6.12-fits.patch
+
%description
GIMP (GNU Image Manipulation Program) is a powerful image composition and
editing program, which can be extremely useful for creating logos and other
@@ -208,6 +210,7 @@ EOF
%patch0 -p1 -b .xdg-open
%patch1 -p1 -b .jpeg-units
%patch2 -p1 -b .minimize-dialogs
+%patch3 -p1 -b .fits
%build
# Use PIC/PIE because gimp is likely to deal with files coming from untrusted
@@ -473,6 +476,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%{_libdir}/gimp/%{interfacever}/plug-ins/help-browser
%changelog
+* Mon Aug 20 2012 Nils Philippsen <nils at redhat.com> - 2:2.6.12-2
+- fix crash in fits loader (#834627)
+
* Tue Jan 31 2012 Nils Philippsen <nils at redhat.com> - 2:2.6.12-1
- version 2.6.12
More information about the scm-commits
mailing list