@lists.openwall.comOn Mon, Mar 14, 2016 at 10:24:24PM +0000, Steven Chamberlain wrote: > user debian-...@lists.debian.org > usertags 818233 + kfreebsd > thanks > > Hi, > > Moritz Muehlenhoff wrote: > > gdk-pixbuf on kfreebsd-amd64 is still at version 2.31.5-1 since all > > later version fail to build. Can someone from the kfreebsd porters > > look into this? It works on kfreebsd-i386. > > I looked at this before but couldn't really decide how to proceed. > The test for CVE-2015-4491 is IMHO buggy, although that is subjective. > > Here's a bug where this test was discussed in some detail: > https://bugzilla.gnome.org/show_bug.cgi?id=754387 > though it was marked as fixed after it now "seems fine for the > architectures we care about". > > Here's a more recent upstream bug reporting this on Linux, with no > response: https://bugzilla.gnome.org/show_bug.cgi?id=758104 > > IIRC the test tries to allocate about 16 GiB of heap memory. On > kfreebsd-amd64 the allocation understandably fails. On kfreebsd-i386 > ISTR the test is skipped. On Linux, usually the allocations are lazy > unless non-zero values are written into the buffer, and I guess they're > not, which is why it succeeds. Except, with MALLOC_PERTURB_ options, > Dimitri John Ledkov has shown that it still fails in that case: > https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1519030 > > It's kind of odd, that MALLOC_PERTURB_ is supposed to be *already* set > when running the testsuite, so I would expect it to already fail on the > Debian linux-amd64 buildds. > > The large memory allocation is actually necessary to test that the > original bug (rescaling an image that has large dimensions) is fixed. > Though it seems to me this is still a DoS issue that can be triggered on > FreeBSD and perhaps Linux in some situations. > > Maybe I could find a testcase that triggers a crash reliably on Linux, > and that may attract more interest in fixing this for good. > > I commented that the large memory allocation (and the original > CVE-2015-4491) might have been avoided by falling back to simpler > rescale methods when handling very large images: > https://bugzilla.gnome.org/show_bug.cgi?id=754387#c23
I think the testcase should simply be skipped on kfreebsd-*. Cheers, Moritz