GNOME Bugzilla – Bug 753908
cve-2015-4491 test seems broken, uses all available memory on the system
Last modified: 2015-08-22 16:03:14 UTC
Created attachment 309787 [details] test-suite.log download gdk-pixbuf-2.31.6 tarball. ./configure make cd tests make check make[3]: Entering directory '/home/tetromino/tmpfs/gdk-pixbuf-2.31.6/tests' PASS: animation 1 /animation/gif PASS: animation 2 /animation/ani PASS: cve-2015-4491 1 /pixbuf/cve-2015-4491/original PASS: cve-2015-4491 2 /pixbuf/cve-2015-4491/scale-overflow At this point, after a few seconds, ./cve-2015-4491 exhausts all memory on the machine and needs to be taken out via kill -9. This happens even when gdk-pixbuf-2.31.6 is already installed systemwide (so it's not an issue of build-directory vs. systemwide plugins).
commit 3df91dc6c6f8d1421e9c8756959280de792af77a Author: Benjamin Otte <otte@redhat.com> Date: Sat Aug 22 17:57:23 2015 +0200 pixops: Chane variable type n_weights is used to do overflow checks. So by reducing the size to 32 bits signed we overflow earlier. This is necessary because further down the code lots of code uses int variables to iterate over this variable and we don't want those to overflow. The correct fix would be to make all those variables gsize too, but that's way more invasive and requires different checks in different places so I'm not gonna do that now. And as long as scale factors are not expected to reach G_MAXINT it's not really necessary to do this change anyway.