Hi, I would like to point you to the Ubuntu patch that should fix this issue, by (probably) fixing the tests instead of disabling it. https://patches.ubuntu.com/g/gdk-pixbuf/gdk-pixbuf_2.32.2-1ubuntu1.patch
thanks for considering it, Gianfranco On Wed, 16 Mar 2016 21:44:45 +0100 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <[email protected]> wrote: > @lists.openwall.comOn Mon, Mar 14, 2016 at 10:24:24PM +0000, Steven > Chamberlain wrote: > > user [email protected] > > usertags 818233 + kfreebsd > > thanks > > > > Hi, > > > > Moritz Muehlenhoff wrote: > > > gdk-pixbuf on kfreebsd-amd64 is still at version 2.31.5-1 since all > > > later version fail to build. Can someone from the kfreebsd porters > > > look into this? It works on kfreebsd-i386. > > > > I looked at this before but couldn't really decide how to proceed. > > The test for CVE-2015-4491 is IMHO buggy, although that is subjective. > > > > Here's a bug where this test was discussed in some detail: > > https://bugzilla.gnome.org/show_bug.cgi?id=754387 > > though it was marked as fixed after it now "seems fine for the > > architectures we care about". > > > > Here's a more recent upstream bug reporting this on Linux, with no > > response: https://bugzilla.gnome.org/show_bug.cgi?id=758104 > > > > IIRC the test tries to allocate about 16 GiB of heap memory. On > > kfreebsd-amd64 the allocation understandably fails. On kfreebsd-i386 > > ISTR the test is skipped. On Linux, usually the allocations are lazy > > unless non-zero values are written into the buffer, and I guess they're > > not, which is why it succeeds. Except, with MALLOC_PERTURB_ options, > > Dimitri John Ledkov has shown that it still fails in that case: > > https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1519030 > > > > It's kind of odd, that MALLOC_PERTURB_ is supposed to be *already* set > > when running the testsuite, so I would expect it to already fail on the > > Debian linux-amd64 buildds. > > > > The large memory allocation is actually necessary to test that the > > original bug (rescaling an image that has large dimensions) is fixed. > > Though it seems to me this is still a DoS issue that can be triggered on > > FreeBSD and perhaps Linux in some situations. > > > > Maybe I could find a testcase that triggers a crash reliably on Linux, > > and that may attract more interest in fixing this for good. > > > > I commented that the large memory allocation (and the original > > CVE-2015-4491) might have been avoided by falling back to simpler > > rescale methods when handling very large images: > > https://bugzilla.gnome.org/show_bug.cgi?id=754387#c23 > > I think the testcase should simply be skipped on kfreebsd-*. > > Cheers, > Moritz > > > > > >
signature.asc
Description: OpenPGP digital signature
