[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
** Changed in: gtk+2.0 (Debian) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+3.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Precise: Fix Released Status in gtk+3.0 source package in Precise: Fix Released Status in gtk+2.0 source package in Trusty: Fix Released Status in gtk+3.0 source package in Trusty: Fix Released Status in gtk+2.0 source package in Wily: Fix Released Status in gtk+3.0 source package in Wily: Fix Released Status in gtk+2.0 source package in Xenial: Fix Released Status in gtk+3.0 source package in Xenial: Fix Released Status in gtk+2.0 package in Debian: Fix Released Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
** Changed in: gtk+2.0 (Debian) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+3.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Precise: Fix Released Status in gtk+3.0 source package in Precise: Fix Released Status in gtk+2.0 source package in Trusty: Fix Released Status in gtk+3.0 source package in Trusty: Fix Released Status in gtk+2.0 source package in Wily: Fix Released Status in gtk+3.0 source package in Wily: Fix Released Status in gtk+2.0 source package in Xenial: Fix Released Status in gtk+3.0 source package in Xenial: Fix Released Status in gtk+2.0 package in Debian: Fix Committed Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
** Branch linked: lp:~ubuntu-desktop/gtk/ubuntu -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+3.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Precise: Fix Released Status in gtk+3.0 source package in Precise: Fix Released Status in gtk+2.0 source package in Trusty: Fix Released Status in gtk+3.0 source package in Trusty: Fix Released Status in gtk+2.0 source package in Wily: Fix Released Status in gtk+3.0 source package in Wily: Fix Released Status in gtk+2.0 source package in Xenial: Fix Released Status in gtk+3.0 source package in Xenial: Fix Released Status in gtk+2.0 package in Debian: Confirmed Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
This bug was fixed in the package gtk+2.0 - 2.24.28-1ubuntu1.1 --- gtk+2.0 (2.24.28-1ubuntu1.1) wily-security; urgency=medium * gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream commit from GTK+3 to avoid integer overflow when allocating a large block of memory in gdk_cairo_set_source_pixbuf. (LP: #1540811) - CVE-2013-7447 -- Vlad OrlovTue, 22 Sep 2015 13:27:04 +0300 ** Changed in: gtk+2.0 (Ubuntu Wily) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+3.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Precise: Fix Released Status in gtk+3.0 source package in Precise: Fix Released Status in gtk+2.0 source package in Trusty: Fix Released Status in gtk+3.0 source package in Trusty: Fix Released Status in gtk+2.0 source package in Wily: Fix Released Status in gtk+3.0 source package in Wily: Fix Released Status in gtk+2.0 source package in Xenial: Fix Released Status in gtk+3.0 source package in Xenial: Fix Released Status in gtk+2.0 package in Debian: Confirmed Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
This bug was fixed in the package gtk+2.0 - 2.24.10-0ubuntu6.3 --- gtk+2.0 (2.24.10-0ubuntu6.3) precise-security; urgency=low * gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream commit from GTK+3 to avoid integer overflow when allocating a large block of memory in gdk_cairo_set_source_pixbuf. (LP: #1540811) - CVE-2013-7447 -- Vlad OrlovTue, 22 Sep 2015 09:51:11 +0300 ** Changed in: gtk+2.0 (Ubuntu Precise) Status: Confirmed => Fix Released ** Changed in: gtk+2.0 (Ubuntu Trusty) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+3.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Precise: Fix Released Status in gtk+3.0 source package in Precise: Fix Released Status in gtk+2.0 source package in Trusty: Fix Released Status in gtk+3.0 source package in Trusty: Fix Released Status in gtk+2.0 source package in Wily: Confirmed Status in gtk+3.0 source package in Wily: Fix Released Status in gtk+2.0 source package in Xenial: Fix Released Status in gtk+3.0 source package in Xenial: Fix Released Status in gtk+2.0 package in Debian: Confirmed Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
This bug was fixed in the package gtk+2.0 - 2.24.23-0ubuntu1.4 --- gtk+2.0 (2.24.23-0ubuntu1.4) trusty-security; urgency=medium * gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream commit from GTK+3 to avoid integer overflow when allocating a large block of memory in gdk_cairo_set_source_pixbuf. (LP: #1540811) - CVE-2013-7447 -- Vlad OrlovTue, 22 Sep 2015 11:09:21 +0300 ** Changed in: gtk+3.0 (Ubuntu Precise) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+3.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Precise: Fix Released Status in gtk+3.0 source package in Precise: Fix Released Status in gtk+2.0 source package in Trusty: Fix Released Status in gtk+3.0 source package in Trusty: Fix Released Status in gtk+2.0 source package in Wily: Confirmed Status in gtk+3.0 source package in Wily: Fix Released Status in gtk+2.0 source package in Xenial: Fix Released Status in gtk+3.0 source package in Xenial: Fix Released Status in gtk+2.0 package in Debian: Confirmed Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
This bug was fixed in the package gtk+3.0 - 3.4.2-0ubuntu0.9 --- gtk+3.0 (3.4.2-0ubuntu0.9) precise-security; urgency=medium * SECURITY UPDATE: integer overflow via large sized image (LP: #1540811) - debian/patches/CVE-2013-7447.patch: use g_malloc_n in gdk_cairo_set_source_pixbuf in gdk/gdkcairo.c. - CVE-2013-7447 -- Marc DeslauriersFri, 12 Feb 2016 08:37:18 -0500 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+3.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Precise: Fix Released Status in gtk+3.0 source package in Precise: Fix Released Status in gtk+2.0 source package in Trusty: Fix Released Status in gtk+3.0 source package in Trusty: Fix Released Status in gtk+2.0 source package in Wily: Confirmed Status in gtk+3.0 source package in Wily: Fix Released Status in gtk+2.0 source package in Xenial: Fix Released Status in gtk+3.0 source package in Xenial: Fix Released Status in gtk+2.0 package in Debian: Confirmed Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
** Changed in: gtk+3.0 (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: gtk+3.0 (Ubuntu Wily) Importance: Undecided => Medium ** Changed in: gtk+3.0 (Ubuntu Xenial) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+3.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Precise: Confirmed Status in gtk+3.0 source package in Precise: Confirmed Status in gtk+2.0 source package in Trusty: Confirmed Status in gtk+3.0 source package in Trusty: Fix Released Status in gtk+2.0 source package in Wily: Confirmed Status in gtk+3.0 source package in Wily: Fix Released Status in gtk+2.0 source package in Xenial: Fix Released Status in gtk+3.0 source package in Xenial: Fix Released Status in gtk+2.0 package in Debian: Confirmed Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
Since this is a security update, I'll sponsor these as security updates, and not as SRUs. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-7447 ** Also affects: gtk+2.0 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: gtk+2.0 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: gtk+2.0 (Ubuntu Wily) Importance: Undecided Status: New ** Also affects: gtk+2.0 (Ubuntu Xenial) Importance: High Status: Fix Released ** Changed in: gtk+2.0 (Ubuntu Precise) Status: New => Confirmed ** Changed in: gtk+2.0 (Ubuntu Trusty) Status: New => Confirmed ** Changed in: gtk+2.0 (Ubuntu Wily) Status: New => Confirmed ** Changed in: gtk+2.0 (Ubuntu Precise) Importance: Undecided => Medium ** Changed in: gtk+2.0 (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: gtk+2.0 (Ubuntu Wily) Importance: Undecided => Medium ** Changed in: gtk+2.0 (Ubuntu Precise) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: gtk+2.0 (Ubuntu Trusty) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: gtk+2.0 (Ubuntu Wily) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Precise: Confirmed Status in gtk+2.0 source package in Trusty: Confirmed Status in gtk+2.0 source package in Wily: Confirmed Status in gtk+2.0 source package in Xenial: Fix Released Status in gtk+2.0 package in Debian: New Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
** Changed in: gtk+2.0 (Debian) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+3.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Precise: Confirmed Status in gtk+3.0 source package in Precise: Confirmed Status in gtk+2.0 source package in Trusty: Confirmed Status in gtk+3.0 source package in Trusty: Fix Released Status in gtk+2.0 source package in Wily: Confirmed Status in gtk+3.0 source package in Wily: Fix Released Status in gtk+2.0 source package in Xenial: Fix Released Status in gtk+3.0 source package in Xenial: Fix Released Status in gtk+2.0 package in Debian: Confirmed Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
** Also affects: gtk+3.0 (Ubuntu) Importance: Undecided Status: New ** Changed in: gtk+3.0 (Ubuntu Precise) Importance: Undecided => Medium ** Changed in: gtk+3.0 (Ubuntu Precise) Status: New => Confirmed ** Changed in: gtk+3.0 (Ubuntu Precise) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: gtk+3.0 (Ubuntu Trusty) Status: New => Fix Released ** Changed in: gtk+3.0 (Ubuntu Wily) Status: New => Fix Released ** Changed in: gtk+3.0 (Ubuntu Xenial) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+3.0 package in Ubuntu: Fix Released Status in gtk+2.0 source package in Precise: Confirmed Status in gtk+3.0 source package in Precise: Confirmed Status in gtk+2.0 source package in Trusty: Confirmed Status in gtk+3.0 source package in Trusty: Fix Released Status in gtk+2.0 source package in Wily: Confirmed Status in gtk+3.0 source package in Wily: Fix Released Status in gtk+2.0 source package in Xenial: Fix Released Status in gtk+3.0 source package in Xenial: Fix Released Status in gtk+2.0 package in Debian: New Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
This bug was fixed in the package gtk+2.0 - 2.24.29-1ubuntu2 --- gtk+2.0 (2.24.29-1ubuntu2) xenial; urgency=medium * gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream commit from GTK+3 to avoid integer overflow when allocating a large block of memory in gdk_cairo_set_source_pixbuf. (lp: #1540811) -- Vlad OrlovTue, 02 Feb 2016 10:52:16 +0300 ** Changed in: gtk+2.0 (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Released Status in gtk+2.0 package in Debian: New Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
I've requested CVEs here http://www.openwall.com/lists/oss- security/2016/02/10/2 It appears this flaw was copy-pasted to a lot of programs. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Committed Status in gtk+2.0 package in Debian: New Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
Thank you for your work. I've sponsored the xenial update (with a modified changelog, we don't have designed maintainers/NMUs in Ubuntu, also I tweaked the version number to not be .1 and listed the bug reference). Once the update gets some testing in xenial we can look at the SRUs Note that it would be nice to suggest to upstream that they backport the change to gtk-2-24 since they still roll updates to gtk2 sometimes and it could benefit users of other distros that way ** Changed in: gtk+2.0 (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Committed Status in gtk+2.0 package in Debian: New Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
Do you know if this issue has a CVE assigned yet? I didn't see one in the linked bug reports but those references may not have migrated to those sources yet. Thanks ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Fix Committed Status in gtk+2.0 package in Debian: New Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
** Changed in: gtk+2.0 (Ubuntu) Importance: Undecided => High ** Changed in: gtk+2.0 (Ubuntu) Status: New => Triaged ** Bug watch added: GNOME Bug Tracker #703220 https://bugzilla.gnome.org/show_bug.cgi?id=703220 ** Also affects: gtk via https://bugzilla.gnome.org/show_bug.cgi?id=703220 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Unknown Status in gtk+2.0 package in Ubuntu: Triaged Status in gtk+2.0 package in Debian: New Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
** Changed in: gtk Status: Unknown => Fix Released ** Changed in: gtk Importance: Unknown => Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: Triaged Status in gtk+2.0 package in Debian: New Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
** Attachment added: "debdiff with the fix for Xenial" https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561950/+files/gtk2-gdk-xenial-debdiff ** Bug watch added: Debian Bug tracker #799275 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275 ** Also affects: gtk+2.0 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in gtk+2.0 package in Ubuntu: New Status in gtk+2.0 package in Debian: Unknown Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
** Attachment added: "debdiff with the fix for Trusty" https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561947/+files/gtk2-gdk-trusty-debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in gtk+2.0 package in Ubuntu: New Status in gtk+2.0 package in Debian: Unknown Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
** Attachment added: "debdiff with the fix for Precise" https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561946/+files/gtk2-gdk-precise-debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in gtk+2.0 package in Ubuntu: New Status in gtk+2.0 package in Debian: Unknown Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
** Attachment added: "debdiff with the fix for Wily" https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561948/+files/gtk2-gdk-wily-debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in gtk+2.0 package in Ubuntu: New Status in gtk+2.0 package in Debian: Unknown Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
** Changed in: gtk+2.0 (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in gtk+2.0 package in Ubuntu: New Status in gtk+2.0 package in Debian: New Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory
The attachment "debdiff with the fix for Precise" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1540811 Title: [GDK] patch - avoid integer overflow when allocating a large block of memory Status in gtk+2.0 package in Ubuntu: New Status in gtk+2.0 package in Debian: New Bug description: [Impact] Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app that called it, for example, eom [1]. This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the mentioned function still crash when trying to allocate a lot of memory. An example of such app is eom (Eye of MATE), an image viewer, which crashes when trying to load a large image. I propose fixing it in current Ubuntu releases with the patch which fixes the crash. The debdiffs are in the attachments in the comments below. [Test Case] Steps to reproduce: 1. Have a 64-bit installation of Ubuntu. 2. Install eom if it isn't installed. 3. Download the archive from the attachment of this post and unpack it. (Firefox doesn't allow me to upload image as is - tries to make thumbnail of it right in the file open dialog, then crashes.) 4. Open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom crashes. The full backtrace is at [3]. You'll also see an error message: "failed to allocate 18446744072330584320 bytes". This huge number appears due to overflow during multiplication of two 32-bit signed integers. In the patch, this error is avoided by using a different memory allocation function. [Regression Potential] After several months of testing the patch in Debian Jessie, Debian Testing and Ubuntu 14.04, I haven't noticed any regressions. [1] https://github.com/mate-desktop/eom/issues/93 [2] https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp