-
-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EOM crashes when trying to open a large PNG file #93
Comments
Hello, I wonder whether this issue is connected to the one I am having: I also found a possibly related bug on Eye of Gnome: |
Yes, please post it so we can try reproducing the issue - I don't have such huge images around 😄 |
Unfortunately GitHub doesn't let me upload the Image. Please check this link here: At the bottom you see "27000_27000_1437947845.png". |
Thanks, now I can confirm eom 1.10.3 indeed crashes on this file. |
Firefox also fails with it... |
Backtrace from eom 1.10.3 in LMDE 2 (based on Debian Jessie):
|
I really don't get it... the crash happens here, during
The backtrace shows us the values:
Then Hmm... Looks like upper 32 bits got screwed up...
|
Sorry if I sound too noobish, but to me it seems the problem is in integer types of variables height and cairo_stride. According to your source code, both are 32-bit signed integers. That means an overflow during the multiplication, which will result in 27000*108000 = -1378967296. This will then get cast into unsigned long for g_malloc, resulting in 0xffffffffadcea100, which is the humongous number. Making cairo_stride unsigned or increasing the byte size should fix it. |
Ah dammit, they're indeed signed 32-bit ones, I completely overlooked that 😆 |
Ok, filed this bug report in order to get the patch into Debian Jessie. |
Ah, forgot to add: after applying that patch to GTK+2 and trying eom with the large image again, I had my desktop almost frozen... I could alt-tab and see window borders, but no window contents, and everything was horribly slow. Looks very close to what's described in that Ubuntu bug report mentioned above. |
What is the status of this bug? It has now CVE-2013-7447 assigned. |
Thank you. I indeed concerned about eom code. Now it gets fixed by Mate part it is all ok. |
Ok, GTK+2 is now patched in almost all current Debian and Ubuntu releases. The fix is also applied upstream and will be available in the next GTK+2 release. So, eom shouldn't crash anymore on opening some large files. However, you still might get some issues (slowdowns, blank window, etc.) while displaying these files. These issues are separate from this one. Please leave your comments at #88 or #105, depending on the issue. |
Hello,
I would like to report a bug concerning EOM version 1.8.0
When trying to open a large PNG file 27.000px x 27.000px) EOM crashes.
Environment:
Debian 8.1 x64
EOM 1.8.0
I've been able to catch a backtrace using gdb:
Please let me know if you need the test file.
Best regards
The text was updated successfully, but these errors were encountered: