dallasgroot/Gimp
dallasgroot/Gimp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

plug-ins: Fix algorithm check for PAA import

Browse source 
Resolves #16151
The original implementation mixed up the variable that
needed to be used for boundary checks - it should be
"estimated_size" and not "flags". This patch fixes the issue
to prevent a buffer overflow.
This commit is contained in:
Alx Sa 2026-04-02 14:02:28 +00:00
parent 3e21884883
commit 55256210f8
1 changed files with 2 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
plug-ins/common/file-paa.c
View file

@ -487,7 +487,6 @@ decode_lzss (guchar *raw_data,
gint flag = 0;
gint raw_index = 0;
gint data_index = 0;
/*guchar pixel = 0;*/
if (estimated_size <= 0)
return FALSE;
@ -504,8 +503,6 @@ decode_lzss (guchar *raw_data,
{
guchar value = raw_data[raw_index++];
/*pixel += (gchar) value;*/
uncompressed_data[data_index++] = value;
estimated_size--;
@ -523,15 +520,13 @@ decode_lzss (guchar *raw_data,
gint offset = index - b3;
gint end_offset = b4 + offset;
if ((b4 + 1) > (guint32) flag)
if ((b4 + 1) > (guint32) estimated_size)
return FALSE;
for (; offset <=end_offset; offset++)
for (; offset <= end_offset; offset++)
{
gint value = (gint) char_array[offset & 4095];
/*pixel += (gchar) value;*/
uncompressed_data[data_index++] = (guchar) value;
estimated_size--;