Bug#868177: imlib2: ARGB loader: invalid free()

2018-01-15 Thread Alexander Volkov 

12.01.2018 23:28, Markus Koschany пишет:

Hello Alexander,

thanks for the additional information. Debian bug #868177 will be 
fixed soon. Do you know whether


https://bugs.debian.org/868151

is fixed as well? To me it seems that there is still no check for the 
return value of sscanf in loader_xpm.c.

Hi.

Yes, it is still not fixed.


By the way, how do you track bugs for imlib2 upstream?
I don't track them. imlib2 is a part of enlightenment and there is a 
bugtracker https://phab.enlightenment.org/maniphest/
But I guess that it would be best to ask about this imlib2 developer Kim 
Woelders.

Bug#868177: imlib2: ARGB loader: invalid free()

2018-01-12 Thread Markus Koschany 
On Mon, 11 Dec 2017 14:24:07 +0300 Alexander Volkov 
 wrote:

> It was fixed by
> 
https://git.enlightenment.org/legacy/imlib2.git/commit/?id=d5ebec2948d93c0c47c249e1506a1a6bdbf27b68

> Please, package imlib2 1.4.10 with the latest commit
> 
https://git.enlightenment.org/legacy/imlib2.git/commit/?id=812a691b160c94de76f4964093e7644c3ae3b9b5

> as a patch.
>


Hello Alexander,

thanks for the additional information. Debian bug #868177 will be fixed 
soon. Do you know whether


https://bugs.debian.org/868151

is fixed as well? To me it seems that there is still no check for the 
return value of sscanf in loader_xpm.c.


By the way, how do you track bugs for imlib2 upstream?

Regards,

Markus

Bug#868177: imlib2: ARGB loader: invalid free()

2017-12-11 Thread Alexander Volkov 
It was fixed by 
https://git.enlightenment.org/legacy/imlib2.git/commit/?id=d5ebec2948d93c0c47c249e1506a1a6bdbf27b68

Please, package imlib2 1.4.10 with the latest commit
https://git.enlightenment.org/legacy/imlib2.git/commit/?id=812a691b160c94de76f4964093e7644c3ae3b9b5
as a patch.

Bug#868177: imlib2: ARGB loader: invalid free()

2017-07-12 Thread Jakub Wilk 

Package: libimlib2
Version: 1.4.8-1
Tags: security

imlib2 crashes when loading the attached file:

   $ debian/tmp/usr/bin/imlib2_conv invalid-free.argb /dev/null
   *** Error in `debian/tmp/usr/bin/imlib2_conv': double free or corruption 
(out): 0x565ff220 ***

Valgrind says it's an invalid free():

   Invalid free() / delete / delete[] / realloc()
  at 0x482F438: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
  by 0x5311A67: load (loader_argb.c:86)
  by 0x4860B16: imlib_save_image (api.c:4606)
  by 0x108939: main (imlib2_conv.c:76)
Address 0x4dd4818 is 8 bytes inside a block of size 16 alloc'd
  at 0x482E27C: malloc (in 
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
  by 0x5311987: load (loader_argb.c:62)
  by 0x4860B16: imlib_save_image (api.c:4606)
  by 0x108939: main (imlib2_conv.c:76)


Found using american fuzzy lop:
http://lcamtuf.coredump.cx/afl/

-- System Information:
Architecture: i386

Versions of packages libimlib2 depends on:
ii  libbz2-1.0   1.0.6-8.1
ii  libc62.24-12
ii  libfreetype6 2.8-0.2
ii  libgif7  5.1.4-0.4
ii  libid3tag0   0.15.1b-12
ii  libjpeg62-turbo  1:1.5.1-2
ii  libpng16-16  1.6.30-2
ii  libtiff5 4.0.8-3
ii  libx11-6 2:1.6.4-3
ii  libxext6 2:1.3.3-1+b2
ii  zlib1g   1:1.2.8.dfsg-5

--
Jakub Wilk
ARGB 2 2