This service will be undergoing maintenance at 20:00 UTC, 2017-04-03. It is expected to last about 30 minutes
Bug 140815 - GIMP will not save in .xpm format
GIMP will not save in .xpm format
Product: Fedora
Classification: Fedora
Component: xorg-x11 (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Kristian Høgsberg
David Lawrence
: Security
: 141047 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2004-11-24 23:32 EST by Guy Thomas
Modified: 2007-11-30 17:10 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-12-02 14:20:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Guy Thomas 2004-11-24 23:32:19 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041111 Firefox/1.0

Description of problem:
FC3 with Gimp gimp-2.0.5-5

Gimp will not save in .xpm format


Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce: gimp any graphics file
3. try to save in .xpm format

Actual Results:  Plug-in could not save image.

(duplicated by ignacio as well)

Expected Results:  saved image as .xpm

Additional info:

this prevents not only all .xpm image saves, but modifying the grub
boot image especially.
Comment 1 Javier Torres Heredia 2004-11-25 11:14:05 EST
Yes, even when i create a new image, gimp refuse to save in all colour
modes (RGB,INDEXED,etc.)
Comment 2 Nils Philippsen 2004-11-25 11:21:11 EST
Could reproduce this with gimp-2.2-pre2.

I dug a little bit into this and found that the culprit is the libXpm library or
more precisely the new security fixes that went into it:

In xc/extras/Xpm/lib/WrFFrI.c you find this gem:

    if(len == 0                        ||
       filename[0] == '/'              ||
       strstr(filename, "../") != NULL ||
       filename[len-1] == '/')

The second line checks whether filename is an absolute path and aborts with
XpmOpenFailed in that case. Of course this is rather not wanted, i.e. this way
you can't really use the libXpm functions to write an Xpm file from an app like
the GIMP which tend to reference files by their absolute names.

Mike, Kristian dou you have an idea? I think I know the intention of the lines
in question ("prevent to overwrite /etc/passwd with XPM data"), but surely this
check should go into the app using libXpm otherwise we could just as well scrap
the writing functions as only being able to write files with relative pathnames
is kind of pointless...
Comment 3 Mike A. Harris 2004-11-25 12:29:22 EST
Great catch Nils.  This seems rather serious to me.  I've added it to my
agenda for our next development meeting.  Could you please file this as a
bug at X.Org also, so that it will be fixed for 6.8.2? 'xorg' component

Please paste URL here, so we can keep track of both bugs, and keep them
in sync.

Thanks in advance.
Comment 4 Nils Philippsen 2004-11-26 04:29:06 EST
Comment 6 Jef Spaleta 2004-11-26 16:25:36 EST
im getting a similiar error in gimp saving tif format.

Comment 7 Jef Spaleta 2004-11-26 17:58:25 EST
crap.. after a reboot i can't reproduce the tiff error any longer.
Sorry, take that last comment with a large grain of salt and a shot of

Comment 8 Nils Philippsen 2004-11-29 05:42:17 EST
*** Bug 141047 has been marked as a duplicate of this bug. ***
Comment 10 Mike A. Harris 2004-12-02 14:20:28 EST
Fixed in xorg-x11-6.8.1-12.FC3.21 erratum release for FC3.
Comment 11 Adam Pribyl 2004-12-02 15:19:47 EST
What about FC2? There is no plan to fix that there too?
Comment 12 Kristian Høgsberg 2004-12-02 15:28:34 EST
There will be a FC2 update shortly.
Comment 13 Mike A. Harris 2004-12-03 12:09:28 EST
In reply to comment #11:

Yes, as Kristian mentions, we will be releasing updates for FC2,
and also for our supported RHEL releases, which resolve this issue
as well.

Should be released before Monday if all goes well.
Comment 14 Fedora Update System 2005-08-26 13:49:32 EDT
From User-Agent: XML-RPC

ntp-4.2.0.a.20040617-5.FC3 has been pushed for FC3, which should resolve this issue.

If these issues are still present in this version, then please re-open this bug.
Comment 15 Fedora Update System 2005-08-26 13:50:13 EDT
From User-Agent: XML-RPC

subversion-1.2.3-2.1 has been pushed for FC4, which should resolve this issue.

If these issues are still present in this version, then please re-open this bug.
Comment 16 Fedora Update System 2005-08-26 13:52:00 EDT
From User-Agent: XML-RPC

lesstif-0.93-36-6.FC3.2 has been pushed for FC3, which should resolve this issue.

If these issues are still present in this version, then please re-open this bug.

Note You need to log in before you can comment on or make changes to this bug.