Your message dated Wed, 26 Jul 2017 19:04:14 +0000 with message-id <e1darbs-000j3n...@fasolo.debian.org> and subject line Bug#838654: fixed in inkscape 0.92.2~pre0-1 has caused the Debian Bug report #838654, regarding inkscape: rowstride integer overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 838654: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838654 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: inkscape Version: 0.91-5~bpo8+1 Severity: normal Tags: upstream patch Dear Mattia, I open a new bug, since #838486 is rather different. The same idiom, however, appears in the latest version of drawing-image.cpp. With the patch attached, and some other patches in pixman (#838650) and cairo (#838648) i was able to edit a large file, save a pdf copy of it, and view it with evince :-) I don't know how epidemic the idiom is. Best Ale -- System Information: Debian Release: 8.6 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages inkscape depends on: ii gconf-service 3.2.6-3 ii libaspell15 0.60.7~20110707-1.3 ii libatk1.0-0 2.14.0-1 ii libatkmm-1.6-1 2.22.7-2.1 ii libc6 2.19-18+deb8u6 ii libcairo2 1.14.0-2.1+deb8u1 ii libcairomm-1.0-1 1.10.0-1.1 ii libcdr-0.1-1 0.1.0-3 ii libexif12 0.6.21-2 ii libfontconfig1 2.11.0-6.3+deb8u1 ii libfreetype6 2.5.2-3+deb8u1 ii libgc1c2 1:7.2d-6.4 ii libgcc1 1:4.9.2-10 ii libgconf-2-4 3.2.6-3 ii libgdk-pixbuf2.0-0 2.31.1-2+deb8u5 ii libglib2.0-0 2.42.1-1+b1 ii libglibmm-2.4-1c2a 2.42.0-1 ii libgnomevfs2-0 1:2.24.4-6+b1 ii libgomp1 4.9.2-10 ii libgsl0ldbl 1.16+dfsg-2 ii libgtk2.0-0 2.24.25-3+deb8u1 ii libgtkmm-2.4-1c2a 1:2.24.4-1.1 ii libgtkspell0 2.0.16-1.1 ii libjpeg8 8d-1+deb7u1 ii liblcms2-2 2.6-3+b3 ii libmagick++-6.q16-5 8:6.8.9.9-5+deb8u4 ii libmagickcore-6.q16-2 8:6.8.9.9-5+deb8u4 ii libmagickwand-6.q16-2 8:6.8.9.9-5+deb8u4 ii libpango-1.0-0 1.36.8-3 ii libpangocairo-1.0-0 1.36.8-3 ii libpangoft2-1.0-0 1.36.8-3 ii libpangomm-1.4-1 2.34.0-1.1 ii libpng12-0 1.2.50-2+deb8u2 ii libpoppler-glib8 0.26.5-2+deb8u1 ii libpoppler46 0.26.5-2+deb8u1 ii libpopt0 1.16-10 ii librevenge-0.0-0 0.0.1-3 ii libsigc++-2.0-0c2a 2.4.0-1 ii libstdc++6 4.9.2-10 ii libvisio-0.1-1 0.1.0-2 ii libwpg-0.3-3 0.3.0-3 ii libx11-6 2:1.6.2-3 ii libxml2 2.9.1+dfsg1-5+deb8u3 ii libxslt1.1 1.1.28-2+deb8u1 pn python:any <none> ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages inkscape recommends: ii aspell 0.60.7~20110707-1.3 ii imagemagick 8:6.8.9.9-5+deb8u4 ii libgnomevfs2-extra 1:2.24.4-6+b1 ii libimage-magick-perl 8:6.8.9.9-5+deb8u4 ii libwmf-bin 0.2.8.4-10.3+deb8u1 ii pstoedit 3.62-2+b1 ii python-lxml 3.4.0-1 ii python-numpy 1:1.8.2-2 ii transfig 1:3.2.5.e-4 Versions of packages inkscape suggests: ii dia 0.97.3-1 ii dia-gnome 0.97.3-1 ii libsvg-perl 2.59-1 ii libxml-xql-perl 0.68-6 ii python-uniconvertor 1.1.4-1+b2 ii ruby 1:2.1.5+deb8u2 ii ruby1.8 [ruby] 1.8.7.358-7.1+deb7u3 -- no debconf informationDescription: rowstride should be size_t it is wrong to compute offsets like so: int rowstride = something; char *buffer = base_ptr + y*rowstride + x*4; That idiom fails in 64bit architectures where integers are 32 bit. Consider for example an A0 poster at 600 dpi brings a 19860x28080 image. While width and heights are 16 bit numbers, their product multiplied by a bpp of 4 results in a negative integer. Stride should be size_t, or, if it can be negative, long integer. --- inkscape-0.91.orig/src/display/drawing-image.cpp +++ inkscape-0.91/src/display/drawing-image.cpp @@ -209,9 +209,9 @@ DrawingImage::_pickItem(Geom::Point cons } else { unsigned char *const pixels = _pixbuf->pixels(); - int width = _pixbuf->width(); - int height = _pixbuf->height(); - int rowstride = _pixbuf->rowstride(); + unsigned width = _pixbuf->width(); + unsigned height = _pixbuf->height(); + unsigned rowstride = _pixbuf->rowstride(); Geom::Point tp = p * _ctm.inverse(); Geom::Rect r = bounds(); @@ -221,13 +221,13 @@ DrawingImage::_pickItem(Geom::Point cons double vw = width * _scale[Geom::X]; double vh = height * _scale[Geom::Y]; - int ix = floor((tp[Geom::X] - _origin[Geom::X]) / vw * width); - int iy = floor((tp[Geom::Y] - _origin[Geom::Y]) / vh * height); + unsigned ix = floor((tp[Geom::X] - _origin[Geom::X]) / vw * width); + unsigned iy = floor((tp[Geom::Y] - _origin[Geom::Y]) / vh * height); - if ((ix < 0) || (iy < 0) || (ix >= width) || (iy >= height)) + if ((ix >= width) || (iy >= height)) return NULL; - unsigned char *pix_ptr = pixels + iy * rowstride + ix * 4; + unsigned char *pix_ptr = pixels + (unsigned long)iy * rowstride + ix * 4UL; // pick if the image is less than 99% transparent guint32 alpha = 0; if (_pixbuf->pixelFormat() == Inkscape::Pixbuf::PF_CAIRO) {
--- End Message ---
--- Begin Message ---Source: inkscape Source-Version: 0.92.2~pre0-1 We believe that the bug you reported is fixed in the latest version of inkscape, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 838...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mattia Rizzolo <mat...@debian.org> (supplier of updated inkscape package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Jul 2017 16:07:58 +0200 Source: inkscape Binary: inkscape Architecture: source Version: 0.92.2~pre0-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Mattia Rizzolo <mat...@debian.org> Description: inkscape - vector-based drawing program Closes: 838654 853453 Changes: inkscape (0.92.2~pre0-1) unstable; urgency=medium . * New upstream version 0.92.2~pre0. http://wiki.inkscape.org/wiki/index.php/Release_notes/0.92.2 + Fix an integer overflow. Closes: #838654 + Fix compilation with GCC 7. Closes: #853453 * d/dirs: remove, useless. * d/patches: drop 15484 patch, applied upstream. * d/control: bump Standards-Version to 4.0.0, no changes needed. Checksums-Sha1: 64b506614e1915fa1186c3e3301a8e5e20333e4c 2913 inkscape_0.92.2~pre0-1.dsc 4722d20ed970fda59c26600e68f5afcb2c436b88 31265103 inkscape_0.92.2~pre0.orig.tar.bz2 7e8b423272bcb0e693b71bfaac3ead532a4d19b1 181 inkscape_0.92.2~pre0.orig.tar.bz2.asc d414d4be5df1afb393fd6d1ea42191eefdddf634 27108 inkscape_0.92.2~pre0-1.debian.tar.xz 117b606702e97f6d65d22a9852ac5c5cb3a0f4fa 15666 inkscape_0.92.2~pre0-1_amd64.buildinfo Checksums-Sha256: 08560a608bc430ae1cce0e1749e92abba6c1e97fca55a51f1c7509bd52b96c04 2913 inkscape_0.92.2~pre0-1.dsc 51afdf9677276f17ccd15ebde911fde7e2eb54021dccebfc858c73237b38842c 31265103 inkscape_0.92.2~pre0.orig.tar.bz2 20e57e6d4fa7769908d7f20bcc82f89c32c167632bb8789529a28b3c6165ad95 181 inkscape_0.92.2~pre0.orig.tar.bz2.asc af0db6fc2d60fc9bc2a661cc2719de8a0b462e400b1bb83c25cc4f3d5ec2cf5c 27108 inkscape_0.92.2~pre0-1.debian.tar.xz 91b5781bf51c6bdf1273e38f82e642f44f4ba8eb29be6934eb4dbb52f05979a5 15666 inkscape_0.92.2~pre0-1_amd64.buildinfo Files: 096ffa2b7646864ef477b7366a58aaec 2913 graphics optional inkscape_0.92.2~pre0-1.dsc 6330f21de5b59fdac327c03f3423c2eb 31265103 graphics optional inkscape_0.92.2~pre0.orig.tar.bz2 cb2a2bf05c0e409419fec4eb760114d6 181 graphics optional inkscape_0.92.2~pre0.orig.tar.bz2.asc 8249f41728c6df545eb9515c299e5636 27108 graphics optional inkscape_0.92.2~pre0-1.debian.tar.xz 3bee61d045362dc28f10a75f570ea06b 15666 graphics optional inkscape_0.92.2~pre0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAll45jgACgkQCBa54Yx2 K62DWA/9HlbU7ofA3Q474KTxO6vdXF7MfUnUdD0bqzyV1t9IgWOGZOARV78FqIJa hglBu8qf/+yw09ngjr/4ziWoCGcvplBbHHqP6c211nX8FwzYs1pMZy0O6aOCd0Fn cw2ZpjMj9PTsuzq6v0N3Wih/2zYubM0zf4HlD3IiUlPfdk0CrWc/z11LkvP76Xed Hs4lrl4VDE4FZIYIh4r1LlUGZZUNBc7sp8AgXy4rgo0w5ewyXQsCDqIFMGwg2rdF KxmWYCdK26I61snWtkT9RsxALkkadVVkNhNbWmZ6Yp91ZWd+zIjo5QqbWB3vidp1 v3EGDwjXa6ZJpGL4hpZIAvpzn0PR6XeFQj+7Q4z6Clq8Gu+9s+9hBv4un0sqtqXy ojkcxMzo3KhWqHs4MBYwSQgPYiptxkhmsIr+S/O4N6oKRd76D9O3w6EFbG2UOjnO swVQb0rnUkVYQPABK4pxe7RwF1Ry70/POhbVKVPPCys8rXBFs5O79/Ww36jeQiLT LXd2QxIdQ3b2flS0xxYfd0vthF49D3LXPal/6QBLwVGo54syPJ4HXdyAKf4jQ8rh Lx/9PrhlmHK8bBsXiLlapbgnIbdknEqNJiqk6H+06pdkiMKP5IKL4d5tPfvYCx6B UjJBrZHU2itM4RV8l0BgpCcC0pJp6RiduFgD5xKOAOsxBCoaAYQ= =x6FL -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
