[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Bug Watch Updater]

** Changed in: gtk+2.0 (Debian)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Released
Status in gtk+3.0 package in Ubuntu:
  Fix Released
Status in gtk+2.0 source package in Precise:
  Fix Released
Status in gtk+3.0 source package in Precise:
  Fix Released
Status in gtk+2.0 source package in Trusty:
  Fix Released
Status in gtk+3.0 source package in Trusty:
  Fix Released
Status in gtk+2.0 source package in Wily:
  Fix Released
Status in gtk+3.0 source package in Wily:
  Fix Released
Status in gtk+2.0 source package in Xenial:
  Fix Released
Status in gtk+3.0 source package in Xenial:
  Fix Released
Status in gtk+2.0 package in Debian:
  Fix Released

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Bug Watch Updater]

** Changed in: gtk+2.0 (Debian)
   Status: Confirmed => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Released
Status in gtk+3.0 package in Ubuntu:
  Fix Released
Status in gtk+2.0 source package in Precise:
  Fix Released
Status in gtk+3.0 source package in Precise:
  Fix Released
Status in gtk+2.0 source package in Trusty:
  Fix Released
Status in gtk+3.0 source package in Trusty:
  Fix Released
Status in gtk+2.0 source package in Wily:
  Fix Released
Status in gtk+3.0 source package in Wily:
  Fix Released
Status in gtk+2.0 source package in Xenial:
  Fix Released
Status in gtk+3.0 source package in Xenial:
  Fix Released
Status in gtk+2.0 package in Debian:
  Fix Committed

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Launchpad Bug Tracker]

** Branch linked: lp:~ubuntu-desktop/gtk/ubuntu

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Released
Status in gtk+3.0 package in Ubuntu:
  Fix Released
Status in gtk+2.0 source package in Precise:
  Fix Released
Status in gtk+3.0 source package in Precise:
  Fix Released
Status in gtk+2.0 source package in Trusty:
  Fix Released
Status in gtk+3.0 source package in Trusty:
  Fix Released
Status in gtk+2.0 source package in Wily:
  Fix Released
Status in gtk+3.0 source package in Wily:
  Fix Released
Status in gtk+2.0 source package in Xenial:
  Fix Released
Status in gtk+3.0 source package in Xenial:
  Fix Released
Status in gtk+2.0 package in Debian:
  Confirmed

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Launchpad Bug Tracker]

This bug was fixed in the package gtk+2.0 - 2.24.28-1ubuntu1.1

---
gtk+2.0 (2.24.28-1ubuntu1.1) wily-security; urgency=medium

  * gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
of memory in gdk_cairo_set_source_pixbuf. (LP: #1540811)
- CVE-2013-7447

 -- Vlad Orlov   Tue, 22 Sep 2015 13:27:04 +0300

** Changed in: gtk+2.0 (Ubuntu Wily)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Released
Status in gtk+3.0 package in Ubuntu:
  Fix Released
Status in gtk+2.0 source package in Precise:
  Fix Released
Status in gtk+3.0 source package in Precise:
  Fix Released
Status in gtk+2.0 source package in Trusty:
  Fix Released
Status in gtk+3.0 source package in Trusty:
  Fix Released
Status in gtk+2.0 source package in Wily:
  Fix Released
Status in gtk+3.0 source package in Wily:
  Fix Released
Status in gtk+2.0 source package in Xenial:
  Fix Released
Status in gtk+3.0 source package in Xenial:
  Fix Released
Status in gtk+2.0 package in Debian:
  Confirmed

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Launchpad Bug Tracker]

This bug was fixed in the package gtk+2.0 - 2.24.10-0ubuntu6.3

---
gtk+2.0 (2.24.10-0ubuntu6.3) precise-security; urgency=low

  * gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
of memory in gdk_cairo_set_source_pixbuf. (LP: #1540811)
- CVE-2013-7447

 -- Vlad Orlov   Tue, 22 Sep 2015 09:51:11 +0300

** Changed in: gtk+2.0 (Ubuntu Precise)
   Status: Confirmed => Fix Released

** Changed in: gtk+2.0 (Ubuntu Trusty)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Released
Status in gtk+3.0 package in Ubuntu:
  Fix Released
Status in gtk+2.0 source package in Precise:
  Fix Released
Status in gtk+3.0 source package in Precise:
  Fix Released
Status in gtk+2.0 source package in Trusty:
  Fix Released
Status in gtk+3.0 source package in Trusty:
  Fix Released
Status in gtk+2.0 source package in Wily:
  Confirmed
Status in gtk+3.0 source package in Wily:
  Fix Released
Status in gtk+2.0 source package in Xenial:
  Fix Released
Status in gtk+3.0 source package in Xenial:
  Fix Released
Status in gtk+2.0 package in Debian:
  Confirmed

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Launchpad Bug Tracker]

This bug was fixed in the package gtk+2.0 - 2.24.23-0ubuntu1.4

---
gtk+2.0 (2.24.23-0ubuntu1.4) trusty-security; urgency=medium

  * gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
of memory in gdk_cairo_set_source_pixbuf. (LP: #1540811)
- CVE-2013-7447

 -- Vlad Orlov   Tue, 22 Sep 2015 11:09:21 +0300

** Changed in: gtk+3.0 (Ubuntu Precise)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Released
Status in gtk+3.0 package in Ubuntu:
  Fix Released
Status in gtk+2.0 source package in Precise:
  Fix Released
Status in gtk+3.0 source package in Precise:
  Fix Released
Status in gtk+2.0 source package in Trusty:
  Fix Released
Status in gtk+3.0 source package in Trusty:
  Fix Released
Status in gtk+2.0 source package in Wily:
  Confirmed
Status in gtk+3.0 source package in Wily:
  Fix Released
Status in gtk+2.0 source package in Xenial:
  Fix Released
Status in gtk+3.0 source package in Xenial:
  Fix Released
Status in gtk+2.0 package in Debian:
  Confirmed

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Launchpad Bug Tracker]

This bug was fixed in the package gtk+3.0 - 3.4.2-0ubuntu0.9

---
gtk+3.0 (3.4.2-0ubuntu0.9) precise-security; urgency=medium

  * SECURITY UPDATE: integer overflow via large sized image (LP: #1540811)
- debian/patches/CVE-2013-7447.patch: use g_malloc_n in
  gdk_cairo_set_source_pixbuf in gdk/gdkcairo.c.
- CVE-2013-7447

 -- Marc Deslauriers   Fri, 12 Feb 2016
08:37:18 -0500

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Released
Status in gtk+3.0 package in Ubuntu:
  Fix Released
Status in gtk+2.0 source package in Precise:
  Fix Released
Status in gtk+3.0 source package in Precise:
  Fix Released
Status in gtk+2.0 source package in Trusty:
  Fix Released
Status in gtk+3.0 source package in Trusty:
  Fix Released
Status in gtk+2.0 source package in Wily:
  Confirmed
Status in gtk+3.0 source package in Wily:
  Fix Released
Status in gtk+2.0 source package in Xenial:
  Fix Released
Status in gtk+3.0 source package in Xenial:
  Fix Released
Status in gtk+2.0 package in Debian:
  Confirmed

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Mathew Hodson]

** Changed in: gtk+3.0 (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: gtk+3.0 (Ubuntu Wily)
   Importance: Undecided => Medium

** Changed in: gtk+3.0 (Ubuntu Xenial)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Released
Status in gtk+3.0 package in Ubuntu:
  Fix Released
Status in gtk+2.0 source package in Precise:
  Confirmed
Status in gtk+3.0 source package in Precise:
  Confirmed
Status in gtk+2.0 source package in Trusty:
  Confirmed
Status in gtk+3.0 source package in Trusty:
  Fix Released
Status in gtk+2.0 source package in Wily:
  Confirmed
Status in gtk+3.0 source package in Wily:
  Fix Released
Status in gtk+2.0 source package in Xenial:
  Fix Released
Status in gtk+3.0 source package in Xenial:
  Fix Released
Status in gtk+2.0 package in Debian:
  Confirmed

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Marc Deslauriers]

Since this is a security update, I'll sponsor these as security updates,
and not as SRUs.

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7447

** Also affects: gtk+2.0 (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: gtk+2.0 (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: gtk+2.0 (Ubuntu Wily)
   Importance: Undecided
   Status: New

** Also affects: gtk+2.0 (Ubuntu Xenial)
   Importance: High
   Status: Fix Released

** Changed in: gtk+2.0 (Ubuntu Precise)
   Status: New => Confirmed

** Changed in: gtk+2.0 (Ubuntu Trusty)
   Status: New => Confirmed

** Changed in: gtk+2.0 (Ubuntu Wily)
   Status: New => Confirmed

** Changed in: gtk+2.0 (Ubuntu Precise)
   Importance: Undecided => Medium

** Changed in: gtk+2.0 (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: gtk+2.0 (Ubuntu Wily)
   Importance: Undecided => Medium

** Changed in: gtk+2.0 (Ubuntu Precise)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: gtk+2.0 (Ubuntu Trusty)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: gtk+2.0 (Ubuntu Wily)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Released
Status in gtk+2.0 source package in Precise:
  Confirmed
Status in gtk+2.0 source package in Trusty:
  Confirmed
Status in gtk+2.0 source package in Wily:
  Confirmed
Status in gtk+2.0 source package in Xenial:
  Fix Released
Status in gtk+2.0 package in Debian:
  New

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Bug Watch Updater]

** Changed in: gtk+2.0 (Debian)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Released
Status in gtk+3.0 package in Ubuntu:
  Fix Released
Status in gtk+2.0 source package in Precise:
  Confirmed
Status in gtk+3.0 source package in Precise:
  Confirmed
Status in gtk+2.0 source package in Trusty:
  Confirmed
Status in gtk+3.0 source package in Trusty:
  Fix Released
Status in gtk+2.0 source package in Wily:
  Confirmed
Status in gtk+3.0 source package in Wily:
  Fix Released
Status in gtk+2.0 source package in Xenial:
  Fix Released
Status in gtk+3.0 source package in Xenial:
  Fix Released
Status in gtk+2.0 package in Debian:
  Confirmed

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Marc Deslauriers]

** Also affects: gtk+3.0 (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: gtk+3.0 (Ubuntu Precise)
   Importance: Undecided => Medium

** Changed in: gtk+3.0 (Ubuntu Precise)
   Status: New => Confirmed

** Changed in: gtk+3.0 (Ubuntu Precise)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: gtk+3.0 (Ubuntu Trusty)
   Status: New => Fix Released

** Changed in: gtk+3.0 (Ubuntu Wily)
   Status: New => Fix Released

** Changed in: gtk+3.0 (Ubuntu Xenial)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Released
Status in gtk+3.0 package in Ubuntu:
  Fix Released
Status in gtk+2.0 source package in Precise:
  Confirmed
Status in gtk+3.0 source package in Precise:
  Confirmed
Status in gtk+2.0 source package in Trusty:
  Confirmed
Status in gtk+3.0 source package in Trusty:
  Fix Released
Status in gtk+2.0 source package in Wily:
  Confirmed
Status in gtk+3.0 source package in Wily:
  Fix Released
Status in gtk+2.0 source package in Xenial:
  Fix Released
Status in gtk+3.0 source package in Xenial:
  Fix Released
Status in gtk+2.0 package in Debian:
  New

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Launchpad Bug Tracker]

This bug was fixed in the package gtk+2.0 - 2.24.29-1ubuntu2

---
gtk+2.0 (2.24.29-1ubuntu2) xenial; urgency=medium

  * gdkcairo-Avoid-integer-overflow.patch: new patch. Cherry-pick upstream
commit from GTK+3 to avoid integer overflow when allocating a large block
of memory in gdk_cairo_set_source_pixbuf. (lp: #1540811)

 -- Vlad Orlov   Tue, 02 Feb 2016 10:52:16 +0300

** Changed in: gtk+2.0 (Ubuntu)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Released
Status in gtk+2.0 package in Debian:
  New

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Seth Arnold]

I've requested CVEs here http://www.openwall.com/lists/oss-
security/2016/02/10/2

It appears this flaw was copy-pasted to a lot of programs.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Committed
Status in gtk+2.0 package in Debian:
  New

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Sebastien Bacher]

Thank you for your work. I've sponsored the xenial update (with a
modified changelog, we don't have designed maintainers/NMUs in Ubuntu,
also I tweaked the version number to not be .1 and listed the bug
reference).

Once the update gets some testing in xenial we can look at the SRUs

Note that it would be nice to suggest to upstream that they backport the
change to gtk-2-24 since they still roll updates to gtk2 sometimes and
it could benefit users of other distros that way

** Changed in: gtk+2.0 (Ubuntu)
   Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Committed
Status in gtk+2.0 package in Debian:
  New

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Seth Arnold]

Do you know if this issue has a CVE assigned yet? I didn't see one in
the linked bug reports but those references may not have migrated to
those sources yet.

Thanks

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Fix Committed
Status in gtk+2.0 package in Debian:
  New

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Mathew Hodson]

** Changed in: gtk+2.0 (Ubuntu)
   Importance: Undecided => High

** Changed in: gtk+2.0 (Ubuntu)
   Status: New => Triaged

** Bug watch added: GNOME Bug Tracker #703220
   https://bugzilla.gnome.org/show_bug.cgi?id=703220

** Also affects: gtk via
   https://bugzilla.gnome.org/show_bug.cgi?id=703220
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Unknown
Status in gtk+2.0 package in Ubuntu:
  Triaged
Status in gtk+2.0 package in Debian:
  New

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Bug Watch Updater]

** Changed in: gtk
   Status: Unknown => Fix Released

** Changed in: gtk
   Importance: Unknown => Low

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in GTK+:
  Fix Released
Status in gtk+2.0 package in Ubuntu:
  Triaged
Status in gtk+2.0 package in Debian:
  New

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Monsta]

** Attachment added: "debdiff with the fix for Xenial"
   
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561950/+files/gtk2-gdk-xenial-debdiff

** Bug watch added: Debian Bug tracker #799275
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275

** Also affects: gtk+2.0 (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in gtk+2.0 package in Ubuntu:
  New
Status in gtk+2.0 package in Debian:
  Unknown

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Monsta]

** Attachment added: "debdiff with the fix for Trusty"
   
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561947/+files/gtk2-gdk-trusty-debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in gtk+2.0 package in Ubuntu:
  New
Status in gtk+2.0 package in Debian:
  Unknown

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Monsta]

** Attachment added: "debdiff with the fix for Precise"
   
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561946/+files/gtk2-gdk-precise-debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in gtk+2.0 package in Ubuntu:
  New
Status in gtk+2.0 package in Debian:
  Unknown

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Monsta]

** Attachment added: "debdiff with the fix for Wily"
   
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561948/+files/gtk2-gdk-wily-debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in gtk+2.0 package in Ubuntu:
  New
Status in gtk+2.0 package in Debian:
  Unknown

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Bug Watch Updater]

** Changed in: gtk+2.0 (Debian)
   Status: Unknown => New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in gtk+2.0 package in Ubuntu:
  New
Status in gtk+2.0 package in Debian:
  New

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1540811] Re: [GDK] patch - avoid integer overflow when allocating a large block of memory

[Ubuntu Foundations Team Bug Bot]

The attachment "debdiff with the fix for Precise" seems to be a debdiff.
The ubuntu-sponsors team has been subscribed to the bug report so that
they can review and hopefully sponsor the debdiff.  If the attachment
isn't a patch, please remove the "patch" flag from the attachment,
remove the "patch" tag, and if you are member of the ~ubuntu-sponsors,
unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in gtk+2.0 package in Ubuntu:
  New
Status in gtk+2.0 package in Debian:
  New

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp