Package: gdk-pixbuf Version: 2.36.0-1 Severity: normal Tags: patch User: [email protected] Usertags: origin-ubuntu zesty ubuntu-patch
Dear Maintainer, In Ubuntu, we only have one small delta with Debian: unsetting MALLOC_PERTURB_ for the /pixbuf/cve-2015-4491/original test. It caused OOM failures on our builders. I see that you already have 01-disable-oom-test.patch for FreeBSD. I'm not sure what architectures we hit the OOM with. But the attached patch was our solution. Can't hurt, might help with other non-FreeBSD architectures. Patch originally by Dimitri John Ledkov (xnox). Thanks for considering it. -- System Information: Debian Release: stretch/sid APT prefers xenial-updates APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 'xenial'), (100, 'xenial-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.0-47-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
diff -Nru gdk-pixbuf-2.36.0/debian/patches/series gdk-pixbuf-2.36.0/debian/patches/series --- gdk-pixbuf-2.36.0/debian/patches/series 2016-09-13 10:04:26.000000000 -0400 +++ gdk-pixbuf-2.36.0/debian/patches/series 2016-11-21 12:19:03.000000000 -0500 @@ -1 +1,2 @@ 01-disable-oom-test.patch +skip-perturb-for-cve-2015-4491-original-test.patch diff -Nru gdk-pixbuf-2.36.0/debian/patches/skip-perturb-for-cve-2015-4491-original-test.patch gdk-pixbuf-2.36.0/debian/patches/skip-perturb-for-cve-2015-4491-original-test.patch --- gdk-pixbuf-2.36.0/debian/patches/skip-perturb-for-cve-2015-4491-original-test.patch 1969-12-31 19:00:00.000000000 -0500 +++ gdk-pixbuf-2.36.0/debian/patches/skip-perturb-for-cve-2015-4491-original-test.patch 2016-11-21 12:19:03.000000000 -0500 @@ -0,0 +1,39 @@ +Description: Unset MALLOC_PERTURB_ for the /pixbuf/cve-2015-4491/original + as it fails with OOM, or gets OOM killed. +Author: Dimitri John Ledkov <[email protected]> + +--- a/tests/cve-2015-4491.c ++++ b/tests/cve-2015-4491.c +@@ -18,6 +18,8 @@ + * Author: Benjamin Otte + */ + ++#include <malloc.h> ++ + #include <gdk-pixbuf.h> + + #include "test-common.h" +@@ -28,11 +30,23 @@ + GdkPixbuf* buf; + int size = 32; + GError* err = NULL; ++ gint64 perturbv = 0; ++ ++ const gchar * perturb = NULL; ++ perturb = g_getenv("MALLOC_PERTURB_"); ++ if (perturb != NULL) { ++ perturbv = g_ascii_strtoll (perturb, NULL, 0); ++ mallopt(M_PERTURB, 0); ++ } + + buf = gdk_pixbuf_new_from_resource_at_scale ("/test/resource/cve-2015-4491.bmp", size, size, FALSE, &err); + if (skip_if_insufficient_memory (&err)) + return; + ++ if (perturbv > 0) { ++ mallopt(M_PERTURB, perturbv); ++ } ++ + g_assert_no_error (err); + + g_object_unref (buf);
