From 592d80b282f3bf09e8e4e07a2ccdb57c6a9a0a0b Mon Sep 17 00:00:00 2001
From: Masahiro Matsuya <mmatsuya@redhat.com>
Date: Thu, 25 Jan 2024 13:34:59 +0900
Subject: [PATCH] plug-ins: Fix vulnerability in file-psd

This patch adds a missing break statement after an error condition
is detected to prevent the code from continuing afterwards.
Fixes CVE-2023-44442

upstream commit: 985c0a20e18b5b3b8a48ee9cb12287b1d5732d3d

---
 plug-ins/file-psd/psd-util.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/plug-ins/file-psd/psd-util.c b/plug-ins/file-psd/psd-util.c
index 661d17e..9452e04 100644
--- a/plug-ins/file-psd/psd-util.c
+++ b/plug-ins/file-psd/psd-util.c
@@ -389,6 +389,7 @@ decode_packbits (const gchar *src,
             {
               IFDBG(2) g_debug ("Overrun in packbits replicate of %d chars", n - unpack_left);
               error_code = 2;
+              break;
             }
           dat = *src;
           for (; n > 0; --n)
-- 
2.43.0