Bug 762027 – >=gnome-photos-3.16 is affected by CVE-2013-7447

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 762027 - >=gnome-photos-3.16 is affected by CVE-2013-7447


Summary:	>=gnome-photos-3.16 is affected by CVE-2013-7447


Status:	RESOLVED FIXED

Product:	gnome-photos
Classification:	Applications
Component:	general
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	GNOME photos maintainer(s)
QA Contact:	GNOME photos maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-02-14 12:23 UTC by Pacho Ramos
Modified:	2016-03-11 22:06 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Fix possible integer overflow (1021 bytes, patch) 2016-03-11 13:45 UTC, Rafael Fonseca	none	Details \| Review
Fix possible integer overflow (3.57 KB, patch) 2016-03-11 14:11 UTC, Rafael Fonseca	committed	Details \| Review

Description Pacho Ramos 2016-02-14 12:23:40 UTC

As reported in:
https://bugs.gentoo.org/show_bug.cgi?id=574372
https://bugs.gentoo.org/show_bug.cgi?id=574378

gnome-photos is affected by CVE-2013-7447 (bug #703220). In 3.18 I see:
$ grep -r "cairo_pixels" -- *
src/photos-print-preview.c:  guchar *cairo_pixels;
src/photos-print-preview.c:  cairo_pixels = g_malloc (height * cairo_stride);
src/photos-print-preview.c:  surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
src/photos-print-preview.c:			       cairo_pixels, (cairo_destroy_func_t)g_free);
src/photos-print-preview.c:      guchar *q = cairo_pixels;
src/photos-print-preview.c:      cairo_pixels += cairo_stride;


Thanks

Comment 1 Rafael Fonseca 2016-03-11 13:45:06 UTC

Created attachment 323708 [details] [review]
Fix possible integer overflow

Comment 2 Rafael Fonseca 2016-03-11 14:11:45 UTC

Created attachment 323713 [details] [review]
Fix possible integer overflow

Better fix: use gdk provided function to create the surface.

Comment 3 Debarshi Ray 2016-03-11 17:49:28 UTC

Review of attachment 323713 [details] [review]:

Looks perfect. Thanks.

Comment 4 André Klapper 2016-03-11 19:00:35 UTC

@Debarshi: Should an email be sent to https://mail.gnome.org/mailman/listinfo/distributor-list to recommend backporting?

Comment 5 Debarshi Ray 2016-03-11 22:06:33 UTC

(In reply to André Klapper from comment #4)
> @Debarshi: Should an email be sent to
> https://mail.gnome.org/mailman/listinfo/distributor-list to recommend
> backporting?

Good point.

Initially I thought that this isn't that important to warrant another 3.18.x release, but I now see that eog did make a new 3.18.x with this patch. So, I have now cherry-picked it to gnome-3-18. Will spin a new tarball over the weekend.

Thanks for the poke. :)