51 lines
1.6 KiB
Diff
51 lines
1.6 KiB
Diff
From 202a4d52bcc6a69889c9f475a74a6570081e5cf6 Mon Sep 17 00:00:00 2001
|
|
From: Nils Philippsen <nils@redhat.com>
|
|
Date: Thu, 28 Jun 2012 13:54:50 +0200
|
|
Subject: [PATCH] patch: fits
|
|
|
|
Squashed commit of the following:
|
|
|
|
commit c66982caadfad47db632647bcc19bcf480008bfc
|
|
Author: Michael Natterer <mitch@gimp.org>
|
|
Date: Wed Jun 6 21:21:10 2012 +0200
|
|
|
|
Bug 676804 - file handling DoS for fit file format
|
|
|
|
Apply patch from joe@reactionis.co.uk which fixes a buffer overflow on
|
|
broken/malicious fits files.
|
|
(cherry picked from commit ace45631595e8781a1420842582d67160097163c)
|
|
---
|
|
plug-ins/file-fits/fits-io.c | 16 ++++++++++++----
|
|
1 file changed, 12 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c
|
|
index 03d9652..ed77318 100644
|
|
--- a/plug-ins/file-fits/fits-io.c
|
|
+++ b/plug-ins/file-fits/fits-io.c
|
|
@@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr,
|
|
hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0);
|
|
hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0);
|
|
if (hdulist->used.xtension)
|
|
- {
|
|
- fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
|
|
- strcpy (hdulist->xtension, fdat->fstring);
|
|
- }
|
|
+ {
|
|
+ fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
|
|
+ if (fdat != NULL)
|
|
+ {
|
|
+ strcpy (hdulist->xtension, fdat->fstring);
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ strcpy (errmsg, "No valid XTENSION header found.");
|
|
+ goto err_return;
|
|
+ }
|
|
+ }
|
|
|
|
FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong);
|
|
hdulist->naxis = fdat->flong;
|
|
--
|
|
1.7.10.2
|
|
|