Bug 553374 – gdk_pixdata_from_pixbuf fails for some images with use_rle set to TRUE

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 553374 - gdk_pixdata_from_pixbuf fails for some images with use_rle set to TRUE


Summary:	gdk_pixdata_from_pixbuf fails for some images with use_rle set to TRUE


Status:	RESOLVED FIXED

Product:	gdk-pixbuf
Classification:	Platform
Component:	general
Version:	git master
Hardware:	Other All

Importance:	Normal critical
Target Milestone:	---
Assigned To:	gtk-bugs
QA Contact:	gtk-bugs

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2008-09-23 08:27 UTC by Stephane Delcroix
Modified:	2010-07-10 04:05 UTC

See Also:
GNOME target:	---
GNOME version:	2.21/2.22

Attachments
small gif that triggers the bug (799 bytes, image/gif) 2008-09-23 08:28 UTC, Stephane Delcroix	Details

Description Stephane Delcroix 2008-09-23 08:27:38 UTC

Steps to reproduce:
with both the inlined test case or the gdk-pixbuf-csource tool, I got a crash on run-length-encoding (at least for the attached small gif):

** GdkPixbuf:ERROR:(gdk-pixdata.c:253):rl_encode_rgbx: assertion failed: (ip < ilimit)

--SNIP
#include <gtk/gtk.h>
#include <gdk-pixbuf/gdk-pixbuf.h>
#include <gdk-pixbuf/gdk-pixdata.h>

int
main ()
{
        GdkPixbuf *pixbuf;
        GdkPixdata pixdata;

        g_type_init ();
        pixbuf = gdk_pixbuf_new_from_file ("gif.gif", NULL);
        gdk_pixdata_from_pixbuf (&pixdata, pixbuf, TRUE);
        return 0;
}
--SNAP



Stack trace:


Other information:
seting use_rle to FALSE or passing the --raw option to gdk-pixbuf-csource does not trigger that bug

Comment 1 Stephane Delcroix 2008-09-23 08:28:11 UTC

Created attachment 119211 [details]
small gif that triggers the bug

Comment 2 Stephane Delcroix 2008-09-23 09:55:37 UTC

here's my patch...

Index: gdk-pixbuf/gdk-pixdata.c
===================================================================
--- gdk-pixbuf/gdk-pixdata.c	(revision 21494)
+++ gdk-pixbuf/gdk-pixdata.c	(working copy)
@@ -250,7 +250,7 @@
 
   while (ip < limit)
     {
-      g_assert (ip < ilimit); /* paranoid */
+      g_assert (ip <= ilimit); /* paranoid */
 
       if (diff2_pix (ip))
 	{

Comment 3 Tim Janik 2008-09-23 11:32:55 UTC

(In reply to comment #2)
> here's my patch...
> @@ -250,7 +250,7 @@

Thanks, please create patches with diff -up in the future.

>    while (ip < limit)
>      {
> -      g_assert (ip < ilimit); /* paranoid */
> +      g_assert (ip <= ilimit); /* paranoid */

This is unfortunately not the right fix. The assertion is there because the comparison operator in the RLE encoder needs 2 pixels, so changing just the assertion causes invalid memory accesses. I've committed another fix now that simple prevents RLE encoding of 1x1 pixel images.