GNOME Bugzilla – Bug 477802
missing input validation in the PCX plugin.
Last modified: 2007-09-18 06:27:28 UTC
+++ This bug was initially created as a clone of Bug #453973 +++ Victor Stinner has discovered several flaws in file plug-ins using his fuzzyfier tool "fusil" (http://fusil.hachoir.org/). Several modified image files cause the plug-ins to crash or consume excessive amounts of memory due to insufficient input validation. The PCX plugin still doesn't check if the bytesperline header field is valid, i.e. if a line fits in that number of bytes per plane.
Created attachment 95742 [details] [review] Patch to check the bytesperline header field for bogus (too low) values.
This looks good except for the error message. Please try to come up with something simple as "Invalid file header". The error message you have chosen may be correct but it's just gibberish to the casual user and also for most of our translators.
Created attachment 95747 [details] [review] Updated patch to check the bytesperline header field for bogus (too low) values. Sven, I couldn't raise you on IRC, but Raphael and I came up with: "Invalid number of bytes per line in PCX header (%d < %d)" How does that sound?
Translators are not dumb :)
2007-09-17 Nils Philippsen <nphilipp@redhat.com> * plug-ins/common/pcx.c (load_image): verify that the bytesperline header field (number of bytes to allocate per plane and line) isn't less than the width of the image (bug #477802).