From ccb3cc3ae8f78d232083aac8c8c2d077f63314d3 Mon Sep 17 00:00:00 2001
From: Alx Sa <cmyk.student@gmail.com>
Date: Sat, 21 Mar 2026 15:57:01 +0000
Subject: [PATCH] plug-ins: Add bounds check for SFW plug-in

Resolves #16075
As noted by chamal, it is possible to cause a buffer overflow
in a crafted SFW file. This patch adds bounds checks to prevent
this from occurring.
---
 plug-ins/common/file-seattle-filmworks.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/plug-ins/common/file-seattle-filmworks.c b/plug-ins/common/file-seattle-filmworks.c
index 0cf46dc4c0..386b3455ce 100644
--- a/plug-ins/common/file-seattle-filmworks.c
+++ b/plug-ins/common/file-seattle-filmworks.c
@@ -287,6 +287,16 @@ load_image (GFile        *file,
 
       while (index < file_size && data[index])
         {
+          if (index          >= (file_size - 0xE0) ||
+              metadata_index >= 2)
+            {
+              g_set_error (error, G_FILE_ERROR,
+                           g_file_error_from_errno (errno),
+                           _("Invalid file."));
+              fclose (fp);
+              return NULL;
+            }
+
           if (data[index] == 0x20)
             metadata_len[metadata_index++] = index;