GNOME Bugzilla – Bug 700952
invalid offset used when decoding certain BMP images
Last modified: 2018-05-22 13:14:33 UTC
There's a testsuite for BMP images available under the following URL: http://entropymine.com/jason/bmpsuite/bmpsuite/html/bmpsuite.html Gdk-pixbuf fails to decode the following picture classified as "good" correctly: http://entropymine.com/jason/bmpsuite/bmpsuite/g/rgb16-565pal.bmp Of those pictures classified as "questionable", decoding the following fails: http://entropymine.com/jason/bmpsuite/bmpsuite/q/pal8offs.bmp My guess is that the "bfOffBits" field at offset 10 of the "BITMAPFILEHEADER" gets ignored. You could validate its value based on the total file size. Regards, Andreas
(In reply to comment #0) > Gdk-pixbuf fails to decode the following picture classified as "good" > correctly: > http://entropymine.com/jason/bmpsuite/bmpsuite/g/rgb16-565pal.bmp With gdk-pixbuf 2.31 it shows the bottom as gnawed slightly. > Of those pictures classified as "questionable", decoding the following fails: > http://entropymine.com/jason/bmpsuite/bmpsuite/q/pal8offs.bmp That one completely fails.
Created attachment 342621 [details] [review] tests: Add test for bug 700952
Created attachment 342622 [details] [review] tests: Add another test for bug 700952 This time for a file that completely fails to load, rather than display incorrectly.
I don't understand the state machine in BMP loader, but the problem is that BufferPadding is not handled in the "State->Compressed == BI_BITFIELDS" case in DecodeHeader().
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gdk-pixbuf/issues/37.