An infinite loop has been found in the gdk-pixbuf BMP image loader. http://bugzilla.gnome.org/show_bug.cgi?id=150601 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130455 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130441 ------- Additional Comments From dwb7.edu 2004-08-31 08:32:37 ---- Welp, this is the patch mentioned in the gnome bug report. Doesn't look anything like what is in DoCompressed in the version of gdk-pixbuf in rh7.3 Index: io-bmp.c =================================================================== RCS file: /cvs/gnome/gtk+/gdk-pixbuf/io-bmp.c,v retrieving revision 1.41 diff -u -p -r1.41 io-bmp.c --- io-bmp.c 13 Aug 2004 02:26:57 -0000 1.41 +++ io-bmp.c 20 Aug 2004 00:18:14 -0000 @@ -876,8 +876,10 @@ DoCompressed(struct bmp_progressive_stat guchar c; gint idx; - if (context->compr.y >= context->Header.height) + if (context->compr.y >= context->Header.height) { + context->BufferDone = 0; return TRUE; + } y = context->compr.y; ------- Additional Comments From peak.mff.cuni.cz 2004-09-15 12:53:25 ---- gdk-pixbuf 0.14 is too old. RHEL AS 2.1 was upgraded to 0.22 in March 2004 (RHSA-2004:103-05) It might be possible to backport the fix to 0.14 but 0.14's version of io-bmp.c appears to be 1. unreadable (compared to 0.22), 2. ripe with other bugs (including a nasty buffer overflow (different from CAN-2004-0111) fixed in 0.22), ergo I think it would be a total waste of time to try to fix 0.14. ------- Additional Comments From michal 2004-09-15 13:22:21 ---- Created an attachment (id=840) A patch to fix CAN-2004-0782, CAN-2004-0783 RHSA-2004:447-23 from 2004-09-15 includes patches for the original CAN-2004-0753 but also for CAN-2004-0782, CAN-2004-0783 (a heap overflow in the XPM image decoder) and CAN-2004-0788 (an integer overflow in the ICO image decoder). Looking at the source code I cannot tell if the original, CAN-2004-0753, affects gdk-pixbuf-0.14.0 or not; but at least two patches from the quoted advisory apply on the top of gdk-pixbuf-0.14.0-9.legacy.2.src.rpm. Here is one for loaders. ------- Additional Comments From michal 2004-09-15 13:25:08 ---- Created an attachment (id=841) a patch for gdk-pixbuf.m4 Another patch from RHSA-2004:447-23 advisory ------- Additional Comments From michal 2004-09-15 13:34:29 ---- Created an attachment (id=842) A patch needed for gdk-pixbuf-0.22.0-11.1.2E.src.rpm to work on RH7.3 RHEL 2.1AS also used originally gdk-pixbuf-0.14.0 and it switched some time ago to gdk-pixbuf-0.22.0. We can follow that suit. gdk-pixbuf-0.22.0-11.1.2E.src.rpm recompiles without any problems on RH7.3 system but there is a catch. A loaders patch introduces undefined g_try_malloc function and bad things happen if you will try to load an xpm file. Replacing it with g_malloc restores an order and everything works fine again. I strongly suspect that RHEL 2, as opposed to 3, will have the same problem. This patch make this minor substitution. ------- Additional Comments From michal 2004-09-15 17:52:37 ---- Ah, not so long after my remarks a new gdk-pixbuf-0.22.0-11.2.2E.src.rpm showed up with the following entry in '%changelog': * Wed Sep 15 2004 Matthias Clasen <mclasen> - 1:0.22.0-11.2.2E - Fix a bug in the previous change that broke the xpm loader It is using malloc() instead of a wrong g_try_malloc() and where I put g_malloc(). There is no real difference between these two fix options but 0.22.0-11.2.2E could be used as a base for a legacy release. This will recompile without any extra patches. ------- Additional Comments From peak.mff.cuni.cz 2004-09-15 23:49:06 ---- The use of malloc() instead of g_malloc() is deliberate. g_malloc() aborts the program when it runs out of memory. malloc() (as well as g_try_malloc() introduced in newer versions of glib) does not abort and returns NULL. Nevertheless, the use of aborting and non-aborting memory allocation is far from consistent in 0.22, therefore it does not really matter which one is used. ------- Additional Comments From peak.mff.cuni.cz 2004-09-16 00:02:29 ---- Created an attachment (id=844) spec for 7.3 Here is a proposed spec for 7.3. I added some BuildPrereqs to make sure all loaders are built. The version is 0.22.0-7.legacy. This is newer than the last RH9 version (0.22.0-6.1.0) and older than current FC1 version (0.22.0-11.3.5). A package built with this spec passes the "smoke test". ------- Additional Comments From marcdeslauriers 2004-09-18 16:30:42 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages for rh73 and rh9 to QA. They are based on the RHEL ones and Pavel's spec file. Changelog: * Sat Sep 18 2004 Marc Deslauriers <marcdeslauriers> 1:0.22.0-7.90.1.legacy - - Changed release number and ajusted spec file parameters for rh9 * Thu Sep 16 2004 Pavel Kankovsky <peak.mff.cuni.cz> 1:0.22.0-7.legacy - - added buildreqs from previous legacy pkgs (minus pointless libdb1-devel) - - fix for CAN-2004-0111 included in 0.22.0 7.3: a0c3f816498e14b77351265b38f14bc44b6ff576 gdk-pixbuf-0.22.0-7.73.1.legacy.i386.rpm 02419834e00b4027d36e0c5989d61e0350e2bd09 gdk-pixbuf-0.22.0-7.73.1.legacy.src.rpm 0dce4786f45e8c20ce0709a9839178edf2dce660 gdk-pixbuf-devel-0.22.0-7.73.1.legacy.i386.rpm 44afb40fb128a4aec73e3354848a2fe602abc46c gdk-pixbuf-gnome-0.22.0-7.73.1.legacy.i386.rpm 9: 091fe2bb5f880ecffa7bcfee4d482219ce293d70 gdk-pixbuf-0.22.0-7.90.1.legacy.i386.rpm ebc7eb1913db8c3dd01e66c5cefab504e645955d gdk-pixbuf-0.22.0-7.90.1.legacy.src.rpm 973c2112b573982520d97a3bdbdc618ef6cdfff8 gdk-pixbuf-devel-0.22.0-7.90.1.legacy.i386.rpm 6818f34cc8be7806fb04d019d11028cd8736d926 gdk-pixbuf-gnome-0.22.0-7.90.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/gdk-pixbuf-0.22.0-7.73.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/gdk-pixbuf-0.22.0-7.73.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/gdk-pixbuf-devel-0.22.0-7.73.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/gdk-pixbuf-gnome-0.22.0-7.73.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/gdk-pixbuf-0.22.0-7.90.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/gdk-pixbuf-0.22.0-7.90.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/gdk-pixbuf-devel-0.22.0-7.90.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/gdk-pixbuf-gnome-0.22.0-7.90.1.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBTO9hLMAs/0C4zNoRAszuAKCI79enDUvF7FKQiiRIrxjV7wM8NwCaA1XB zcBnyfpB6nT2bLXGfIGFNWU= =Qv0u -----END PGP SIGNATURE----- ------- Additional Comments From barryn 2004-09-23 09:36:27 ---- I tried the RH 7.3 packages mentioned in comment #9 and they worked in my testing. (I didn't try exploits against them or anything like that, but I did make sure that they didn't break anything.) This isn't formally an approval of the packages for various reasons (including the fact that I'm not signing this post) but I'll try to post something with official validity (and post a Self-Introduction to the mailing list) at some point in the next few days (hopefully before Sunday). ------- Additional Comments From marcdeslauriers 2004-10-03 15:30:38 ---- I just noticed Red Hat's advisory was updated to correct smoe patches, we should make sure ours are OK as we got them from theirs. https://rhn.redhat.com/errata/RHSA-2004-447.html ------- Additional Comments From marcdeslauriers 2004-10-21 16:21:53 ---- OK, the patches used in the packages in comment 9 are good. We need to QA them. ------- Additional Comments From ckelley 2004-10-25 05:26:04 ---- Created an attachment (id=897) Differences between Redhat's gdk-pixbuf-0.14.0-8 and gdk-pixbuf-0.22.0-7.73.1.legacy ------- Additional Comments From ckelley 2004-10-25 05:26:20 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 02419834e00b4027d36e0c5989d61e0350e2bd09 gdk-pixbuf-0.22.0-7.73.1.legacy.src.rpm - gdk-pixbuf-0.18.0-gmodulehack.patch : simple build patch - gdk-pixbuf-0.22.0-acquote.patch : simple autoconf patch - gdk-pixbuf-0.22.0-bmp-colormap.patch : changes signed ints to unsigned, checks bitdepth in a few routines, looks good - gdk-pixbuf-0.22.0-bmploop.patch : boundary check, simple and good - gdk-pixbuf-0.22.0-ico-width.patch : simple patch to fix a bug, looks good - gdk-pixbuf-0.22.0-libtool15.patch : simple build patch - gdk-pixbuf-0.22.0-loaders.patch : some new g_warnings with boundary checks, also some checks for returns on malloc; g_* calls converted to malloc/free; looks good - gdk-pixbuf-underquoted.patch : another autoconf patch - source builds fine - updstream checks out - package installs fine; gaim/gimp run fine There are a LOT of differences between this and gdk-pixbuf-0.14.0-8; I'm including an attachment of them. If these differences are intentional, then +PUBLISH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBfRqiyQ+yTHz+jJkRAhbdAJ4rftTrxXSZjKnqPbkY1B+Gi7Ja4QCfZOsB tQjLn6q9uMq8IO6QaPAOqIo= =Ddx6 -----END PGP SIGNATURE----- ------- Additional Comments From ckelley 2004-10-25 05:40:09 ---- I didn't mention it, but I feel that the changes noted in comment #13 are benign (docs and library version numbers); but I felt I should pass them along anyway, just in case. ------- Additional Comments From peak.mff.cuni.cz 2004-10-26 23:59:34 ---- 1. filename changes under /usr/lib/gdk-pixbuf/loaders are harmless (as long as all formats supported by the old version are supported by the new version too) because no one but libgdk_pixbuf.so itself should load those libraries 2. changes under /usr/share/doc/ are harmless ex definitiones ------- Additional Comments From pekkas 2004-12-15 22:41:49 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA for RHL9 SRPM w/ rpm-build-compare.sh: - Sources, patches and spec OK wrt RHEL update - Changes to spec compared to the earlier RHL9 seem OK, a few buildrequires changes, but that should be OK. NOTE: - Red Hat has already release gdk-pixbuf update for RHL9, gdk-pixbuf-0.22.0-6.1.0.src.rpm. We can assume folks have already installed that and it works. The security patches could have been better ported against that, instead of going to RHEL version. So there are two ways forward here: a) Go for it as it is. It will require a bit more attention at VERIFY stage to see that it works correctly. In that case, +PUBLISH (RHL9) b) Go back, and redo the RHL9 RPMs against gdk-pixbuf-0.22.0-6.1.0. Requires smaller amount of QA later, but requires respinning the packages. ebc7eb1913db8c3dd01e66c5cefab504e645955d gdk-pixbuf-0.22.0-7.90.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBwUolGHbTkzxSL7QRAic9AJ91yfSB+PpkQqiwqKll6Zus/wJe4ACdGCjB FoJRlA33nAj9wV8SFLfDOLg= =vLYx -----END PGP SIGNATURE----- ------- Additional Comments From marcdeslauriers 2004-12-16 19:11:48 ---- In response to comment #17: gdk-pixbuf-0.22.0-7.90.1.legacy is the equivalent of 0.22.0-6.1.0 but with the security patches added and a couple of missing BuildRequires added also. I don't see a reason why we should rebuild it by adding the security patches to 6.1.0 as the end result will be the same... ------- Additional Comments From pekkas 2004-12-16 20:31:43 ---- It's not fully equivalent. It also has: - new gdk-pixbuf-0.22.0-loaders.patch - new gdk-pixbuf-underquoted.patch - local-hack-gmoule.tar.gz replaced with local-hack-gmodule2.tar.gz (though these have only very trivial differences) - a slightly more complex spec file because it has RHEL cruft But as said, I've reviewed the proposed one for correctness (against the RHEL update), and provided that someone is willing to give it a bit more scrutiny at VERIFY, I'm OK with it. ------- Additional Comments From jpdalbec 2005-01-03 11:48:00 ---- > * Thu Sep 16 2004 Pavel Kankovsky <peak.mff.cuni.cz> 1:0.22.0-7.legacy > - added buildreqs from previous legacy pkgs (minus pointless libdb1-devel) > - fix for CAN-2004-0111 included in 0.22.0 db1-devel is not pointless. If it is not installed the following error occurs: gcc -shared gnome-canvas-pixbuf.lo -L/usr/lib -L/usr/X11R6/lib -lgnomeui -lart_lgpl -lgdk_imlib -lSM -lICE /usr/lib/libgtk.so /usr/lib/libgdk.so /usr/lib/libgmodule.so -ldl -lXi -lXext -lX11 -lgnome -lgnomesupport /usr/lib/libesd.so -laudiofile -lm -ldb1 /usr/lib/libglib.so -Wl,-soname -Wl,libgnomecanvaspixbuf.so.1 -o .libs/libgnomecanvaspixbuf.so.1.0.0 /usr/bin/ld: cannot find -ldb1 collect2: ld returned 1 exit status make[3]: *** [libgnomecanvaspixbuf.la] Error 1 make[3]: Leaving directory `/usr/src/rpm/BUILD/gdk-pixbuf-0.22.0/gdk-pixbuf' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/usr/src/rpm/BUILD/gdk-pixbuf-0.22.0/gdk-pixbuf' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/src/rpm/BUILD/gdk-pixbuf-0.22.0' make: *** [all-recursive-am] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.21806 (%build) ------- Additional Comments From jpdalbec 2005-01-03 12:12:28 ---- I get the following error when I try to build gdk-pixbuf in mach: /bin/sh ../libtool --mode=install /usr/bin/install -c libpixbufloader-png.la /v ar/tmp/gdk-pixbuf-0.22.0-root//usr/lib/gdk-pixbuf/loaders/libpixbufloader-png.la libtool: install: warning: relinking `libpixbufloader-png.la' (cd /usr/src/rpm/BUILD/gdk-pixbuf-0.22.0/gdk-pixbuf; /bin/sh ../libtool --mode=r elink gcc -O2 -march=i386 -mcpu=i686 -o libpixbufloader-png.la -rpath /usr/lib/g dk-pixbuf/loaders -module -avoid-version io-png.lo -lpng -lz libgdk_pixbuf.la -L /usr/lib -L/usr/X11R6/lib -lgtk -lgdk -rdynamic -lgmodule -lglib -ldl -lXi -lXex t -lX11 -lm) gcc -shared io-png.lo -L/usr/X11R6/lib -lpng -lz -L/usr/lib -lgdk_pixbuf -lgtk -lgdk -lgmodule -lglib -ldl -lXi -lXext -lX11 -lm -Wl,-soname -Wl,libpixbuflo ader-png.so -o .libs/libpixbufloader-png.so /usr/bin/ld: cannot find -lgdk_pixbuf collect2: ld returned 1 exit status libtool: install: error: relink `libpixbufloader-png.la' with the above command before installing it libtool: install: warning: remember to run `libtool --finish /usr/lib/gdk-pixbuf /loaders' which leads to RPM build errors: File not found by glob: /var/tmp/gdk-pixbuf-0.22.0-root/usr/lib/gdk-pixbuf/l oaders/lib*.so* File not found by glob: /var/tmp/gdk-pixbuf-0.22.0-root/usr/lib/gdk-pixbuf/l oaders/lib*.a libgdk_pixbuf.so can be found in .libs and also in $RPM_BUILD_ROOT/usr/lib but libtool does not appear to be looking in either directory. Any ideas? ------- Additional Comments From peak.mff.cuni.cz 2005-01-03 13:36:46 ---- > db1-devel is not pointless. Oops. Well, it is pointless but gnome-config --libs insists on including it in the list of libraries even if no one uses it. Re-adding it to the list of BuildReqs is ugly but it is probably the easiest way to solve that. :P > /usr/bin/ld: cannot find -lgdk_pixbuf Chicken and egg problem. Libtool expects libgdk_pixbuf in /usr/lib but it is not there because the package is being built right now, and its files are installed into the buildroot. In fact, the build process is broken even in non-mach environment because libtool uses the old installed libgdk_pixbuf to link loaders (fortunately, this does not matter in most cases). I have not found a clean way to convince libtool to work but there are dirty ways to do it. For instance, you can add this (or anything equivalent) to %install before make install: perl -i -e "if (/^relink_command=/) { s!libgdk_pixbuf.la!$RPM_BUILD_DIR/%{_libdir}/libgdk_pixbuf.so!; }" gdk-pixbuf/.libs/libpixbufloader*.la This chance should make libtool use libgdk_pixbuf.so from the buildroot. ------- Additional Comments From jpdalbec 2005-01-07 07:08:44 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 New RHL 7.3 gdk-pixbuf packages are available from http://www.fedora-legacy.org/contrib/gdk-pixbuf/ sha1sums: 6d3abda3abe154d8aab20941ae263700840e4193 gdk-pixbuf-0.22.0-7.73.2.legacy.i386.rpm 132d418d0268f68054a4b02302c9826a348fb5a9 gdk-pixbuf-0.22.0-7.73.2.legacy.src.rpm c07cf85a0e3625217e2725a868b09064b61c6470 gdk-pixbuf-devel-0.22.0-7.73.2.legacy.i386.rpm a70c4f9a0864173d31a718c09775a00f1e157771 gdk-pixbuf-gnome-0.22.0-7.73.2.legacy.i386.rpm I had installed the 0.14.0-9.legacy.1 RPMs in updates-testing which broke image display in GNOME. I've installed the binary RPMs on my RHL 7.3 VMware virtual machine and images started working again. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFB3sAaJL4A+ldA7asRAkB4AKCQvhDElewhQOk2Q06RiY7SO0VQQwCbB6bj wjoC4VT1Pv13Y6fKTG9i5a4= =ZW5B -----END PGP SIGNATURE----- ------- Additional Comments From pekkas 2005-01-07 23:27:41 ---- s/fedora-legacy/fedoralegacy/ above.. I verified John's RHL73 package against that from Marc (#9), and the changes are OK. With respect to my comment #19, I am still uncertain, but it's probably best to just use these ones, because nobody seems to want to bother creating new packages, and they seem to work at least for John. ------- Additional Comments From marcdeslauriers 2005-02-09 16:15:46 ---- Packages were pushed to updates-testing. ------- Additional Comments From mschout 2005-02-10 14:59:35 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 a29384912cdf63b635694050c1ecf2f8f56f2e3c gdk-pixbuf-0.22.0-7.73.2.legacy.i386.rpm 2e9223509766118f53b1934f77ed9d625558772c gdk-pixbuf-devel-0.22.0-7.73.2.legacy.i386.rpm 550e131ff9707a021c1949472ed94c23aec2391c gdk-pixbuf-gnome-0.22.0-7.73.2.legacy.i386.rpm * rpm --checksig: gdk-pixbuf-0.22.0-7.73.2.legacy.i386.rpm: md5 gpg OK gdk-pixbuf-devel-0.22.0-7.73.2.legacy.i386.rpm: md5 gpg OK gdk-pixbuf-gnome-0.22.0-7.73.2.legacy.i386.rpm: md5 gpg OK * packages install/update with no errors. * images in gnome still work, so looks like it works normally. +VERIFY RH 7.3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCDAP3+CqvSzp9LOwRAjMmAJ9iWz6gxuSORKTJcIlPnw2VDaI+zgCfeqKT mk3ZCLOHgxl9fF3ZP42GAzo= =wOkP -----END PGP SIGNATURE----- ------- Additional Comments From pekkas 2005-02-21 22:39:43 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA - GPG signature OK - rpm-build-compare.sh on binaries looks OK - installs nicely - two applications using gdk-pixbuf (mrproject, gtkhtml) run OK +VERIFY RHL9 1783c789f1eca62ee264eb7dd5aaef93084a154a gdk-pixbuf-0.22.0-7.90.2.legacy.i386.rpm a7c5d85e2d367b81425ddd0eab32fb18b1b316b2 gdk-pixbuf-devel-0.22.0-7.90.2.legacy.i386.rpm 50eea5f1886468a5ec6c9d0d10765afcae9791a1 gdk-pixbuf-gnome-0.22.0-7.90.2.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCGu+YGHbTkzxSL7QRAtOAAKDV5i+kxefLy0nChr1GbW0ErJlH3QCeKWIB Pi1oShVdhs9p7FfmixRNFYw= =B4kO -----END PGP SIGNATURE----- ------- Additional Comments From marcdeslauriers 2005-02-23 17:56:55 ---- Packages were pushed to official updates. ------- Bug moved to this database by dkl 2005-03-30 18:26 ------- This bug previously known as bug 2005 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2005 Originally filed under the Fedora Legacy product and Package request component. Attachments: A patch to fix CAN-2004-0782, CAN-2004-0783 https://bugzilla.fedora.us/attachment.cgi?action=view&id=840 a patch for gdk-pixbuf.m4 https://bugzilla.fedora.us/attachment.cgi?action=view&id=841 A patch needed for gdk-pixbuf-0.22.0-11.1.2E.src.rpm to work on RH7.3 https://bugzilla.fedora.us/attachment.cgi?action=view&id=842 spec for 7.3 https://bugzilla.fedora.us/attachment.cgi?action=view&id=844 Differences between Redhat's gdk-pixbuf-0.14.0-8 and gdk-pixbuf-0.22.0-7.73.1.legacy https://bugzilla.fedora.us/attachment.cgi?action=view&id=897 Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Unknown severity major. Setting to default severity "normal". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.