After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 62344 - Crash in io-xbm.c
Crash in io-xbm.c
Status: RESOLVED FIXED
Product: gdk-pixbuf
Classification: Platform
Component: general
git master
Other Linux
: Normal normal
: ---
Assigned To: gtk-bugs
gtk-bugs
: 62343 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2001-10-15 10:01 UTC by Thomas Leonard
Modified: 2010-07-10 04:08 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
the patch (466 bytes, patch)
2001-10-15 12:49 UTC, Matthias Clasen 		none Details | Review
the right patch (737 bytes, patch)
2001-10-16 06:53 UTC, Matthias Clasen 		none Details | Review
this patch is even more on topic (475 bytes, patch)
2001-10-16 06:56 UTC, Matthias Clasen 		none Details | Review

Description Thomas Leonard 2001-10-15 10:01:10 UTC 
gdk_pixbuf__xbm_image_load calls gdk_pixbuf__xbm_image_load_real
with context == NULL, but the error handler uses context->tempname,
causing it to crash.
Comment 1 Thomas Leonard 2001-10-15 10:07:30 UTC 
*** Bug 62343 has been marked as a duplicate of this bug. ***
Comment 2 Matthias Clasen 2001-10-15 12:49:00 UTC 
Here is a simple fix:
Comment 3 Matthias Clasen 2001-10-15 12:49:36 UTC 
Created attachment 5824 [details] [review]
the patch
Comment 4 Thomas Leonard 2001-10-15 12:56:31 UTC 
This patch seems to be already applied.

Also, since it's patching the BMP code, and the problem is with
the XBM handler, I don't see how it will help :-/

Here is the problem code (context is allowed to be NULL on entry):

static GdkPixbuf *
gdk_pixbuf__xbm_image_load_real (FILE *f, XBMData *context, GError
**error)
{
	guint w, h;
	int x_hot, y_hot;
	guchar *data, *ptr;
	guchar *pixels;
	guint row_stride;
	int x, y;
	int reg = 0; /* Quiet compiler */
	int bits;

	GdkPixbuf *pixbuf;

	if (!read_bitmap_file_data (f, &w, &h, &data, &x_hot, &y_hot)) {
                g_set_error (error,
                             GDK_PIXBUF_ERROR,
                             GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
                             _("Invalid XBM file: %s"),
                             context->tempname);
		return NULL;
	}

'context' is used in g_set_error, even though it may be NULL.
Comment 5 Matthias Clasen 2001-10-16 06:51:45 UTC 
I attached the wrong patch. How could this happen ?!
Comment 6 Matthias Clasen 2001-10-16 06:53:28 UTC 
Created attachment 5830 [details] [review]
the right patch
Comment 7 Matthias Clasen 2001-10-16 06:54:23 UTC 
Somehow xbm really escapes me. I guess rm -f *.diff is in order.
Comment 8 Matthias Clasen 2001-10-16 06:55:05 UTC 
Somehow xbm really escapes me. I guess rm -f *.diff is in order.
Comment 9 Matthias Clasen 2001-10-16 06:56:35 UTC 
Created attachment 5831 [details] [review]
this patch is even more on topic
Comment 10 Owen Taylor 2001-10-17 20:43:41 UTC 
Looks fine to me. (There is an outstanding win32 patch
that changes the handling of context->tempnam a little
bit, but I don't think it interacts.)