fix crash in fits loader (#834627)

2012-06-28 14:17:38 +02:00 · 2012-06-28 14:17:38 +02:00 · c8e4afd6ba
commit c8e4afd6ba
parent dd3a655392
2 changed files with 58 additions and 1 deletions
--- a/gimp-2.8.0-fits.patch
+++ b/gimp-2.8.0-fits.patch
@ -0,0 +1,50 @@
+From 202a4d52bcc6a69889c9f475a74a6570081e5cf6 Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils@redhat.com>
+Date: Thu, 28 Jun 2012 13:54:50 +0200
+Subject: [PATCH] patch: fits
+
+Squashed commit of the following:
+
+commit c66982caadfad47db632647bcc19bcf480008bfc
+Author: Michael Natterer <mitch@gimp.org>
+Date:   Wed Jun 6 21:21:10 2012 +0200
+
+    Bug 676804 - file handling DoS for fit file format
+
+    Apply patch from joe@reactionis.co.uk which fixes a buffer overflow on
+    broken/malicious fits files.
+    (cherry picked from commit ace45631595e8781a1420842582d67160097163c)
+---
+ plug-ins/file-fits/fits-io.c |   16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c
+index 03d9652..ed77318 100644
+--- a/plug-ins/file-fits/fits-io.c
+++ b/plug-ins/file-fits/fits-io.c
+@@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr,
+  hdulist->used.simple = (strncmp (hdr->data, "SIMPLE  ", 8) == 0);
+  hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0);
+  if (hdulist->used.xtension)
+- {
+-   fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
+-   strcpy (hdulist->xtension, fdat->fstring);
+- }
+   {
+     fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
+     if (fdat != NULL)
+       {
+         strcpy (hdulist->xtension, fdat->fstring);
+       }
+     else
+       {
+         strcpy (errmsg, "No valid XTENSION header found.");
+         goto err_return;
+       }
+   }
+ 
+  FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong);
+  hdulist->naxis = fdat->flong;
+-- 
+1.7.10.2
+
--- a/gimp.spec
+++ b/gimp.spec
@ -71,7 +71,7 @@ Summary:        GNU Image Manipulation Program
 Name:           gimp
 Epoch:          2
 Version:        2.8.0
-Release:        %{?prerelprefix}2%{dotprerel}%{dotgitrev}%{?dist}.1
+Release:        %{?prerelprefix}3%{dotprerel}%{dotgitrev}%{?dist}

 # Compute some version related macros
 # Ugly hack, you need to get your quoting backslashes/percent signs straight
@ -186,6 +186,8 @@ Source0:        ftp://ftp.gimp.org/pub/gimp/v%{binver}/gimp-%{version}%{dashprer
 Patch0:         gimp-%{version}%{dashprerel}-git%{gitrev}.patch.bz2
 %endif

+Patch1:         gimp-2.8.0-fits.patch
+
 %description
 GIMP (GNU Image Manipulation Program) is a powerful image composition and
 editing program, which can be extremely useful for creating logos and other
@ -267,6 +269,8 @@ EOF
 %patch0 -p1 -b .git%{gitrev}
 %endif

+%patch1 -p1 -b .fits
+
 %build
 %if %{with hardening}
 # Use hardening compiler/linker flags because gimp is likely to deal with files
@ -538,6 +542,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %{_libdir}/gimp/%{lib_api_version}/plug-ins/help-browser

 %changelog
+* Mon Aug 20 2012 Nils Philippsen <nils@redhat.com> - 2:2.8.0-3
+- fix crash in fits loader (#834627)
+
 * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:2.8.0-2.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild