Your message dated Tue, 10 Feb 2026 22:58:36 -0500
with message-id
<CAAajCMYM3vtew0zg0_Ku4zqgHuYFfA4jUjG2a2PjT=tnt2_...@mail.gmail.com>
and subject line Re: gdk-pixbuf: OOM during CVE-2015-4491/original test
has caused the Debian Bug report #845248,
regarding gdk-pixbuf: OOM during CVE-2015-4491/original test
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
845248: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845248
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gdk-pixbuf
Version: 2.36.0-1
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu zesty ubuntu-patch
Dear Maintainer,
In Ubuntu, we only have one small delta with Debian: unsetting MALLOC_PERTURB_
for the /pixbuf/cve-2015-4491/original test. It caused OOM failures on our
builders.
I see that you already have 01-disable-oom-test.patch for FreeBSD. I'm not
sure what architectures we hit the OOM with. But the attached patch was our
solution. Can't hurt, might help with other non-FreeBSD architectures.
Patch originally by Dimitri John Ledkov (xnox). Thanks for considering it.
-- System Information:
Debian Release: stretch/sid
APT prefers xenial-updates
APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500,
'xenial'), (100, 'xenial-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.4.0-47-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru gdk-pixbuf-2.36.0/debian/patches/series gdk-pixbuf-2.36.0/debian/patches/series
--- gdk-pixbuf-2.36.0/debian/patches/series 2016-09-13 10:04:26.000000000 -0400
+++ gdk-pixbuf-2.36.0/debian/patches/series 2016-11-21 12:19:03.000000000 -0500
@@ -1 +1,2 @@
01-disable-oom-test.patch
+skip-perturb-for-cve-2015-4491-original-test.patch
diff -Nru gdk-pixbuf-2.36.0/debian/patches/skip-perturb-for-cve-2015-4491-original-test.patch gdk-pixbuf-2.36.0/debian/patches/skip-perturb-for-cve-2015-4491-original-test.patch
--- gdk-pixbuf-2.36.0/debian/patches/skip-perturb-for-cve-2015-4491-original-test.patch 1969-12-31 19:00:00.000000000 -0500
+++ gdk-pixbuf-2.36.0/debian/patches/skip-perturb-for-cve-2015-4491-original-test.patch 2016-11-21 12:19:03.000000000 -0500
@@ -0,0 +1,39 @@
+Description: Unset MALLOC_PERTURB_ for the /pixbuf/cve-2015-4491/original
+ as it fails with OOM, or gets OOM killed.
+Author: Dimitri John Ledkov <[email protected]>
+
+--- a/tests/cve-2015-4491.c
++++ b/tests/cve-2015-4491.c
+@@ -18,6 +18,8 @@
+ * Author: Benjamin Otte
+ */
+
++#include <malloc.h>
++
+ #include <gdk-pixbuf.h>
+
+ #include "test-common.h"
+@@ -28,11 +30,23 @@
+ GdkPixbuf* buf;
+ int size = 32;
+ GError* err = NULL;
++ gint64 perturbv = 0;
++
++ const gchar * perturb = NULL;
++ perturb = g_getenv("MALLOC_PERTURB_");
++ if (perturb != NULL) {
++ perturbv = g_ascii_strtoll (perturb, NULL, 0);
++ mallopt(M_PERTURB, 0);
++ }
+
+ buf = gdk_pixbuf_new_from_resource_at_scale ("/test/resource/cve-2015-4491.bmp", size, size, FALSE, &err);
+ if (skip_if_insufficient_memory (&err))
+ return;
+
++ if (perturbv > 0) {
++ mallopt(M_PERTURB, perturbv);
++ }
++
+ g_assert_no_error (err);
+
+ g_object_unref (buf);
--- End Message ---
--- Begin Message ---
I'm closing this bug since it seems long obsolete. Ubuntu's gdk-pixbuf
packaging is synced with Debian's and we don't use this patch anymore.
Thank you,
Jeremy BĂcha
--- End Message ---
