Bug 394190 – crash when opening a gif with a manipulated header

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 394190 - crash when opening a gif with a manipulated header


Summary:	crash when opening a gif with a manipulated header


Status:	RESOLVED FIXED

Product:	gdk-pixbuf
Classification:	Platform
Component:	general
Version:	git master
Hardware:	Other All

Importance:	High critical
Target Milestone:	---
Assigned To:	gtk-bugs
QA Contact:	gtk-bugs

URL:
Whiteboard:

Duplicates:	373107 (view as bug list)
Depends on:
Blocks:

Reported:	2007-01-08 10:36 UTC by uell61
Modified:	2010-07-10 04:07 UTC

See Also:
GNOME target:	---
GNOME version:	2.15/2.16

Attachments
test tool (1.23 KB, text/x-csrc) 2007-01-20 17:35 UTC, Felix Riemann	Details

Description uell61 2007-01-08 10:36:11 UTC

Version: 2.16.1

What were you doing when the application crashed?
Ein von mir manipuliertes .gif Bild geöffnet. (Header manipuliert)
http://www.cs.uni-magdeburg.de/~mhaupt/example.gif.gz.


Distribution: Gentoo Base System version 1.12.6
Gnome Release: 2.16.1 2006-11-01 (Gentoo)
BugBuddy Version: 2.16.0

Memory status: size: 60092416 vsize: 0 resident: 60092416 share: 0 rss: 15630336 rss_rlim: 0
CPU usage: start_time: 1168255308 rtime: 0 utime: 294 stime: 0 cutime:253 cstime: 0 timeout: 41 it_real_value: 0 frequency: 0

Backtrace was generated from '/usr/bin/eog'

(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1226495808 (LWP 6187)]
[New Thread -1256764528 (LWP 6195)]
0xffffe410 in __kernel_vsyscall ()

+ Trace 100397

Comment 1 Claudio Saavedra 2007-01-14 20:30:51 UTC

Eog-ERROR **: file eog-image.c: line 757 (eog_image_real_load): assertion failed: (priv->image != NULL)

+ Trace 102201

#0 ??
#1 ??
#2 ??
#3 ??
#4 raise
from /lib/tls/i686/cmov/libc.so.6
#5 abort
from /lib/tls/i686/cmov/libc.so.6
#6 IA__g_logv
#7 IA__g_log
#8 IA__g_assert_warning
at gmessages.c line 552
#9 eog_image_real_load
at eog-image.c line 757
#10 eog_image_load
at eog-image.c line 874
#11 job_prepare_model_do
at main.c line 394
#12 eog_job_call_action
at eog-job.c line 385
#13 thread_start_func
at eog-job-manager.c line 86
#14 g_thread_create_proxy
at gthread.c line 582
#15 start_thread
from /lib/tls/i686/cmov/libpthread.so.0
#16 clone
from /lib/tls/i686/cmov/libc.so.6

Comment 2 Felix Riemann 2007-01-16 22:06:28 UTC

It looks like the error somehow gets lost in GdkPixbufLoader as the error is still NULL after gdk_pixbuf_loader_close(). A test script using gdk_pixbuf_new_from_file() errors correctly.

So I am moving this over to gdk-pixbuf.

Comment 3 Felix Riemann 2007-01-20 17:29:51 UTC

*** Bug 373107 has been marked as a duplicate of this bug. ***

Comment 4 Felix Riemann 2007-01-20 17:35:28 UTC

Created attachment 80762 [details]
test tool

This is a test tool. It loads the image into an GdkPixbufLoader. If you try to open the image linked above you will notice that it will crash at the assertion not at the prior error checks. If you load the same image with gdk_pixbuf_new_from_file it will error (and crash) correctly.

Please note that bug 384023 contains a link to another example image. This time a PPM. The missing error message there: "Premature end-of-file encountered"

Comment 5 Matthias Clasen 2007-01-21 17:30:06 UTC

2007-01-21  Matthias Clasen  <mclasen@redhat.com>

        * io-gif.c (gdk_pixbuf__gif_image_stop_load): Return an
        error if we didn't successfully load a frame.  (#394190,
        Felix Riemann)