touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #133582
[Bug 1540811] [NEW] [GDK] patch - avoid integer overflow when allocating a large block of memory
Public bug reported:
[Impact]
Due to a logic error, an attempt to allocate a large block of memory
fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that
called it, for example, eom [1].
This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
mentioned function still crash when trying to allocate a lot of memory.
An example of such app is eom (Eye of MATE), an image viewer, which
crashes when trying to load a large image.
I propose fixing it in current Ubuntu releases with the patch which fixes the crash.
The debdiffs are in the attachments in the comments below.
[Test Case]
Steps to reproduce:
1. Have a 64-bit installation of Ubuntu.
2. Install eom if it isn't installed.
3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.)
4. Open the unpacked image (27000_27000_1437947845.png) in eom.
5. eom crashes. The full backtrace is at [3].
You'll also see an error message: "failed to allocate
18446744072330584320 bytes". This huge number appears due to overflow
during multiplication of two 32-bit signed integers. In the patch, this
error is avoided by using a different memory allocation function.
[Regression Potential]
After several months of testing the patch in Debian Jessie, Debian
Testing and Ubuntu 14.04, I haven't noticed any regressions.
[1] https://github.com/mate-desktop/eom/issues/93
[2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
[3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799
** Affects: gtk+2.0 (Ubuntu)
Importance: Undecided
Status: New
** Affects: gtk+2.0 (Debian)
Importance: Unknown
Status: Unknown
** Tags: precise trusty wily xenial
** Attachment added: "large image for reproducing the issue"
https://bugs.launchpad.net/bugs/1540811/+attachment/4561945/+files/image.tar
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811
Title:
[GDK] patch - avoid integer overflow when allocating a large block of
memory
Status in gtk+2.0 package in Ubuntu:
New
Status in gtk+2.0 package in Debian:
Unknown
Bug description:
[Impact]
Due to a logic error, an attempt to allocate a large block of memory
fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
that called it, for example, eom [1].
This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
mentioned function still crash when trying to allocate a lot of
memory. An example of such app is eom (Eye of MATE), an image viewer,
which crashes when trying to load a large image.
I propose fixing it in current Ubuntu releases with the patch which fixes the crash.
The debdiffs are in the attachments in the comments below.
[Test Case]
Steps to reproduce:
1. Have a 64-bit installation of Ubuntu.
2. Install eom if it isn't installed.
3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.)
4. Open the unpacked image (27000_27000_1437947845.png) in eom.
5. eom crashes. The full backtrace is at [3].
You'll also see an error message: "failed to allocate
18446744072330584320 bytes". This huge number appears due to overflow
during multiplication of two 32-bit signed integers. In the patch,
this error is avoided by using a different memory allocation function.
[Regression Potential]
After several months of testing the patch in Debian Jessie, Debian
Testing and Ubuntu 14.04, I haven't noticed any regressions.
[1] https://github.com/mate-desktop/eom/issues/93
[2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
[3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+subscriptions
Follow ups
-
[Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
From: Seth Arnold, 2016-02-08
-
[Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
From: Sebastien Bacher, 2016-02-08
-
[Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
From: Bug Watch Updater, 2016-02-02
-
[Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
From: Mathew Hodson, 2016-02-02
-
[Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
From: Ubuntu Foundations Team Bug Bot, 2016-02-02
-
[Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
From: Bug Watch Updater, 2016-02-02
-
[Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
From: Monsta, 2016-02-02
-
[Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
From: Monsta, 2016-02-02
-
[Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
From: Monsta, 2016-02-02
-
[Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
From: Monsta, 2016-02-02