https://bugs.kde.org/show_bug.cgi?id=413801
nyanpasu64 <nyanpas...@tuta.io> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |nyanpas...@tuta.io
--- Comment #3 from nyanpasu64 <nyanpas...@tuta.io> ---
Created attachment 153532
--> https://bugs.kde.org/attachment.cgi?id=153532&action=edit
.zip file containing a file triggering a Dolphin hang
Worse yet, it doesn't take a malicious file to trigger kioslave5 to eat all
system memory. When making SNES music, I generate .brr files which are
unheadered SNES samples, effectively raw binary data. Because these files are
unstructured and can take up near-arbitrary values, file and Dolphin misdetects
one of them as a 61935 x 58476 Targa file. When I open Dolphin to a directory
containing this file, or the parent directory showing subdirectory icons,
kioslave5 eats up all available system memory, requiring killing the process or
Alt+SysRq+F if you even have that enabled.
This is a nasty bug to occur, particularly because this file doesn't even have
a .tga extension but .brr, but Dolphin first guesses the file type from magic
numbers inside, then tries generating a thumbnail for a file without an image
extension, then doesn't bail out when the image is 3 billion pixels large
despite being 101 bytes long (not containing practically any of the actual
pixels inside).
The workaround I have is creating a custom .brr MIME type so Dolphin won't try
to generate a thumbnail (and I can assign proper file associations to open it
in a hex editor). But out of the box, merely opening a folder *containing* a
folder holding the bad file can lock up your entire system, likely
irrecoverably if your distro disables Alt+SysRq out of the box.
--
You are receiving this mail because:
You are watching all bug changes.
