fix(psd): fixes against corrupt files with better validation#5089
Open
lgritz wants to merge 1 commit intoAcademySoftwareFoundation:mainfrom
Open
fix(psd): fixes against corrupt files with better validation#5089lgritz wants to merge 1 commit intoAcademySoftwareFoundation:mainfrom
lgritz wants to merge 1 commit intoAcademySoftwareFoundation:mainfrom
Conversation
1. Validate channel count against color mode to prevent heap buffer overflow. 2. Corrupted PSD files can declare a color mode (e.g. RGB, needing 3 channels) with transparency (needing +1) but report fewer channels in the header. This caused an out-of-bounds read in read_native_scanline when setup() built channel pointer arrays using mode_channel_count, which exceeded the actual m_image_data.channel_info size. 3. Additional buffer overflow protection, error checking and propragation. 4. Avoid leak by properly freeing z_stream resources in decompress_zip Used Claude Code / Opus 4.6 to help narrow down and confirm the bugs 1 and 2. Signed-off-by: Larry Gritz <lg@larrygritz.com> Assisted-by: Claude Opus 4.6 <noreply@anthropic.com>
Collaborator
Author
|
Amended with more PSD fixes. In its final form now. |
jessey-git
approved these changes
Mar 17, 2026
Contributor
jessey-git
left a comment
jessey-git
left a comment
There was a problem hiding this comment.
These changes look alright. As for additional concerns, it looks like PSD v2 files (Large Document Format) allow widths/heights up to 300'000 which will overflow in some places (I think just the ones that do row_length * height)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Validate channel count against color mode to prevent heap buffer
overflow.
Corrupted PSD files can declare a color mode (e.g. RGB, needing 3
channels) with transparency (needing +1) but report fewer channels
in the header. This caused an out-of-bounds read in
read_native_scanline when setup() built channel pointer arrays
using mode_channel_count, which exceeded the actual
m_image_data.channel_info size.
Additional buffer overflow protection, error checking and propagation.
Avoid leak by properly freeing z_stream resources in decompress_zip.
Used Claude Code / Opus 4.6 to help narrow down and confirm the bugs 1 and 2.
Assisted-by: Claude Opus 4.6 noreply@anthropic.com