plug-ins: Fix PSP vulnerability (ZDI-CAN-22097)

Resolves #10071. When reading RLE compressed data, a buffer was allocated to 127 bytes. However, it can potentially be used to read 128 bytes, leading to a off-by-one vulnerability. This patch allocates 128 bytes to the buffer to prevent this from occurring.
2025-10-06 05:22:40 +02:00 · 2023-09-23 02:16:24 +00:00
parent 5211a2c3e8
commit e1bfd87195
1 changed files with 1 additions and 1 deletions
--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
@@ -1649,7 +1649,7 @@ read_channel_data (FILE        *f,
        else
          endq = q + line_width * height;

-        buf = g_malloc (127);
+        buf = g_malloc (128);
        while (q < endq)
          {
            fread (&runcount, 1, 1, f);