plug-ins: Resolve ZDI-CAN-28813 in ANI loading

Resolves #15968 It is possible to cause a buffer overflow in our ANI loading code by setting the Name or Artist metadata files to 0xFFFFFFFF. This patch changes our allocation code to use g_try_new0 () instead of g_new0 (), and verifies if it is NULL before trying to read data into it.
2026-03-05 23:58:45 +00:00 · 2026-03-05 23:58:45 +00:00 · 09e5459de9
commit 09e5459de9
parent 0587cbbc9b
1 changed files with 20 additions and 2 deletions
--- a/plug-ins/file-ico/ico-load.c
+++ b/plug-ins/file-ico/ico-load.c
@ -893,7 +893,16 @@ ani_load_image (GFile   *file,
              if (inam)
                g_free (inam);

-              inam = g_new0 (gchar, size + 1);
+              inam = g_try_new0 (gchar, size + 1);
+              if (inam == NULL)
+                {
+                  fclose (fp);
+                  g_set_error (error, G_FILE_ERROR,
+                               g_file_error_from_errno (errno),
+                               _("Invalid ANI metadata"));
+                  return NULL;
+                }
+
              n_read = fread (inam, sizeof (gchar), size, fp);
              inam[size] = '\0';
            }
@ -924,7 +933,16 @@ ani_load_image (GFile   *file,
              if (iart)
                g_free (iart);

-              iart = g_new0 (gchar, size + 1);
+              iart = g_try_new0 (gchar, size + 1);
+              if (iart == NULL)
+                {
+                  fclose (fp);
+                  g_set_error (error, G_FILE_ERROR,
+                               g_file_error_from_errno (errno),
+                               _("Invalid ANI metadata"));
+                  return NULL;
+                }
+
              n_read = fread (iart, sizeof (gchar), size, fp);
              iart[size] = '\0';
            }