After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 769170 - ico loader crashes when loading crafted file
ico loader crashes when loading crafted file
Status: RESOLVED FIXED
Product: gdk-pixbuf
Classification: Platform
Component: loaders
unspecified
Other Linux
: Normal critical
: ---
Assigned To: gdk-pixbuf-maint
gdk-pixbuf-maint
Depends on:
Blocks:
 
 
Reported: 2016-07-25 23:27 UTC by Emilio Pozuelo Monfort
Modified: 2016-08-03 16:48 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
ico test file (158 bytes, application/gzip)
2016-07-25 23:29 UTC, Emilio Pozuelo Monfort 		Details

Description Emilio Pozuelo Monfort 2016-07-25 23:27:29 UTC 
There's a crash when loading specially crafted ico files.

See http://seclists.org/oss-sec/2016/q3/61

I have reproduced this with 2.30.7, 2.31.1 and 2.35.2. It doesn't happen with 2.26.1. It's easily reproducible with tests/pixbuf-read.

Here's the backtrace for 2.35.2:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff54ea414 in OneLine32 (context=0x611f50) at io-ico.c:596
596	                Pixels[X * 4 + 0] = context->LineBuf[X * 4 + 2];
(gdb) bt

+ Trace 236484

  • #0 gdk_pixbuf__ico_image_load_increment
    at io-ico.c line 596
  • #1 gdk_pixbuf__ico_image_load_increment
    at io-ico.c line 807
  • #2 gdk_pixbuf__ico_image_load_increment
    at io-ico.c line 898
  • #3 gdk_pixbuf_loader_load_module
    at gdk-pixbuf-loader.c line 443
  • #4 gdk_pixbuf_loader_close
    at gdk-pixbuf-loader.c line 808
  • #5 main
    at pixbuf-read.c line 35
  • #6 main
    at pixbuf-read.c line 75 






Comment 1


Emilio Pozuelo Monfort





          2016-07-25 23:29:01 UTC
        



Created attachment 332123 [details]
ico test file

Attached (compressed) test file.