[Desktop-packages] [Bug 1296786] Re: Use of Uninitialized variable, when loading certain png files.

Mon, 31 Mar 2014 15:31:32 -0700 

** Branch linked: lp:debian/libgdiplus

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libgdiplus in Ubuntu.
https://bugs.launchpad.net/bugs/1296786

Title:
  Use of Uninitialized variable, when loading certain png files.

Status in “libgdiplus” package in Ubuntu:
  New

Bug description:
  Png details that causes this crash:

  Find Dictionary.png...
    Image Width: 16 Image Length: 16
    Bitdepth (Bits/Sample): 8
    Channels (Samples/Pixel): 1
    Pixel depth (Pixel Depth): 8
    Colour Type (Photometric Interpretation): PALETTED COLOUR with alpha (256 
colours, 1 transparent) 
    Image filter: Single row per byte filter 
    Interlacing: No interlacing 
    Compression Scheme: Deflate method 8, 32k window
    Resolution: 2834, 2834 (pixels per meter)
    FillOrder: msb-to-lsb
    Byte Order: Network (Big Endian)
    Number of text strings: 0 of 0

  Problem code is:

  File: pngcode.c 
  Function: gdip_load_png_image_from_file_or_stream
  Problem: use of a call to png_get_tRNS without checking return value.
  For this png return value is 0 (fail), and this causes use of a uninitialized 
variables  trans_color and num_trans.
  This causes seg fault if trans_color or num_trans. happen to be certian 
values.

  I will a minimal test case that can be build using mono.

  I will also attach a suggested patch, that checks return value of
  png_get_tRNS, and doesn't attempt to use unitilized variables.

  StackTrace looks like this:

   at <unknown> <0xffffffff>
    at (wrapper managed-to-native) 
System.Drawing.GDIPlus.GdipLoadImageFromDelegate_linux 
(System.Drawing.GDIPlus/StreamGetHeaderDelegate,System.Drawing.GDIPlus/StreamGetBytesDelegate,System.Drawing.GDIPlus/StreamPutBytesDelegate,System.Drawing.GDIPlus/StreamSeekDelegate,System.Drawing.GDIPlus/StreamCloseDelegate,System.Drawing.GDIPlus/StreamSizeDelegate,intptr&)
 <0xffffffff>
    at System.Drawing.Image.InitFromStream (System.IO.Stream) <0x001b3>
    at System.Drawing.Image..ctor 
(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)
 <0x0010f>
    at System.Drawing.Bitmap..ctor 
(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)
 <0x0002f>
    at (wrapper runtime-invoke) 
<Module>.runtime_invoke_void__this___object_StreamingContext 
(object,intptr,intptr,intptr) <0xffffffff>
    at <unknown> <0xffffffff>
    at (wrapper managed-to-native) System.Reflection.MonoCMethod.InternalInvoke 
(System.Reflection.MonoCMethod,object,object[],System.Exception&) <0xffffffff>
    at System.Reflection.MonoCMethod.InternalInvoke (object,object[]) <0x0003f>
    at System.Reflection.MonoCMethod.DoInvoke 
(object,System.Reflection.BindingFlags,System.Reflection.Binder,object[],System.Globalization.CultureInfo)
 <0x00103>
    at System.Reflection.MonoCMethod.Invoke 
(object,System.Reflection.BindingFlags,System.Reflection.Binder,object[],System.Globalization.CultureInfo)
 <0x00083>
    at System.Reflection.MethodBase.Invoke (object,object[]) <0x00032>
    at System.Runtime.Serialization.ObjectRecord.LoadData 
(System.Runtime.Serialization.ObjectManager,System.Runtime.Serialization.ISurrogateSelector,System.Runtime.Serialization.StreamingContext)
 <0x002ff>
    at System.Runtime.Serialization.ObjectManager.DoFixups () <0x0015f>
    at 
System.Runtime.Serialization.Formatters.Binary.ObjectReader.ReadNextObject 
(System.IO.BinaryReader) <0x00051>
    at 
System.Runtime.Serialization.Formatters.Binary.ObjectReader.ReadObjectGraph 
(System.Runtime.Serialization.Formatters.Binary.BinaryElement,System.IO.BinaryReader,bool,object&,System.Runtime.Remoting.Messaging.Header[]&)
 <0x0010b>
    at 
System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.NoCheckDeserialize
 (System.IO.Stream,System.Runtime.Remoting.Messaging.HeaderHandler) <0x00143>
    at 
System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize 
(System.IO.Stream) <0x0001f>
    at System.Resources.ResourceReader.ReadNonPredefinedValue (System.Type) 
<0x0003f>
    at System.Resources.ResourceReader.ReadValueVer2 (int) <0x00443>
    at System.Resources.ResourceReader.LoadResourceValues 
(System.Resources.ResourceReader/ResourceCacheItem[]) <0x0021f>
    at System.Resources.ResourceReader/ResourceEnumerator.FillCache () <0x0009b>
    at System.Resources.ResourceReader/ResourceEnumerator..ctor 
(System.Resources.ResourceReader) <0x00053>
    at System.Resources.ResourceReader.GetEnumerator () <0x00033>
    at System.Resources.ResourceSet.ReadResources () <0x0008d>
    at System.Resources.ResourceSet.GetObjectInternal (string,bool) <0x0006b>
    at System.Resources.ResourceSet.GetObject (string,bool) <0x00027>
    at System.Resources.RuntimeResourceSet.GetObject (string,bool) <0x00033>
    at System.Resources.ResourceManager.GetObject 
(string,System.Globalization.CultureInfo) <0x000a1>
    at PngTest.MainClass.Main (string[]) <0x0007c>
    at (wrapper runtime-invoke) <Module>.runtime_invoke_void_object 
(object,intptr,intptr,intptr) <0xffffffff>

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libgdiplus/+bug/1296786/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to