Hi, this is embarrassing: there is a buffer overflow in the Application Manager that is triggered when dealing with package icons that are larger than 2048 bytes after base64 decoding.
The overflow happens when there is a repository in /etc/apt/sources.list that contains such a icon in one of its packages, or when you have installed a .deb file with such an icon. The bug is present in all versions of osso-appliction-manager less than 4.36, except 4.22.1. Version 4.36 will appear in Sardine soonish, and 4.22.1 will be in the next maintenance release of IT 2006. The overfull does usually not result in a crash, tho. The icon will usually be treated as corrupted and the default icon will be shown. If you maintain a repository, it would be good to check the packages in it for icons that are too large. Also, it would be a good idea to reject packages whose icons are too large. You can use the attached script as a starting point. I will check the repositories listed on maemo.org. Limiting icons to 2k seems reasonable to me; almost all of them are smaller than that. So while this is a unfortunate situation, I don't think disallowing icons larger than 2k for packages that are meant for IT 2006 will be that bad. Sorry for the bad news, but please spread them.
#! /bin/sh # Usage: check-icon-overflow DEB # # Checks whether the maemo icon in DEB triggers the buffer overflow in # the Application Manager. set -e if [ $# != 1 ]; then echo "usage: check-icon-overflow DEB" >&2 exit 2 fi size=`dpkg-deb -f "$1" Maemo-Icon-26 | base64-decode | wc -c` if [ "$size" -gt 2048 ]; then echo "Icon in $1 is larger than 2048 bytes." echo " Some versions of the Application Manager might crash" echo " when trying to handle it." exit 1 fi echo "(Icon of `basename $1` is $size bytes.)" exit 0
_______________________________________________ maemo-developers mailing list maemo-developers@maemo.org https://maemo.org/mailman/listinfo/maemo-developers
