249555 – giftext: segfault at 0000000000000004 rip

Bug 249555 - giftext: segfault at 0000000000000004 rip

Summary: giftext: segfault at 0000000000000004 rip

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	giflib
Sub Component:
Version:	5.1
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	ritz
QA Contact:	BaseOS QE - Apps
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	244227 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-07-25 14:43 UTC by Vilius Šumskas
Modified:	2018-11-14 20:24 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Prior to this update, an attempt to use the giftext utility on a GIF file that does not store a global color map caused it to terminate unexpectedly with a segmentation fault. This update applies an upstream patch that resolves this issue, and giftext no longer crashes.
Clone Of:
Environment:
Last Closed:	2011-03-30 08:01:23 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Failing gif file (2.73 KB, image/gif) 2007-07-26 07:13 UTC, Vilius Šumskas	no flags	Details
Upstream patch (extracted change from upstream 4.1.6) (575 bytes, patch) 2009-04-07 15:18 UTC, Tomas Hoger	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:0398	0	normal	SHIPPED_LIVE	giflib bug fix update	2011-03-30 08:01:15 UTC

Description Vilius Šumskas 2007-07-25 14:43:35 UTC

Description of problem:
Giftext segfaults on certain Gif images:
Jul 25 09:20:33 mail kernel: giftext[17225]: segfault at 0000000000000004 rip 
0000000000401a8a rsp 00007fff1775e2f0 error 4
Jul 25 09:20:33 mail kernel: giftext[17240]: segfault at 0000000000000004 rip 
0000000000401a8a rsp 00007fff5ec74800 error 4
Jul 25 12:28:21 mail kernel: giftext[23273]: segfault at 0000000000000004 rip 
0000000000401a8a rsp 00007fff369f6580 error 4
Jul 25 12:42:54 mail kernel: giftext[28083]: segfault at 0000000000000004 rip 
0000000000401a8a rsp 00007fffe80ce2c0 error 4

Version-Release number of selected component (if applicable):
giflib-utils-4.1.3-7.1.el5.1

Comment 1 Norm Murray 2007-07-26 04:52:21 UTC

Could you please attach a sample failing gif?

Comment 2 Vilius Šumskas 2007-07-26 07:13:49 UTC

Created attachment 159992 [details]
Failing gif file

Here you go.

Comment 3 Vilius Šumskas 2007-11-17 09:05:09 UTC

Is this ever get fixed? This issue drives me crazy.

Comment 4 Vilius Šumskas 2007-11-18 18:59:31 UTC

I found this patch on the internet: http://users.own-
hero.net/~decoder/fuzzyocr/giftext-segfault.patch can someone can take a look 
if it could be included into the RedHat's RPM?

Comment 5 Vilius Šumskas 2008-05-20 18:41:04 UTC

Still there in 5.1. Is anybody responsible for this bug is still here?

Comment 6 Tomas Hoger 2009-04-07 15:18:05 UTC

Created attachment 338515 [details]
Upstream patch (extracted change from upstream 4.1.6)

(In reply to comment #4)
> I found this patch on the internet: http://users.own-
> hero.net/~decoder/fuzzyocr/giftext-segfault.patch can someone can take a look 
> if it could be included into the RedHat's RPM?  

Should be this, which is a one-liner diff between 4.1.3 and 4.1.6.  Fixes not exploitable NULL pointer dereference flaw.

Comment 7 RHEL Program Management 2009-04-07 15:26:57 UTC

This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".

Comment 8 RHEL Program Management 2009-11-06 18:44:27 UTC

This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".

Comment 18 ritz 2011-03-15 08:42:57 UTC

*** Bug 244227 has been marked as a duplicate of this bug. ***

Comment 21 Jaromir Hradilek 2011-03-23 12:17:16 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Prior to this update, an attempt to use the giftext utility on a GIF file that does not store a global color map caused it to terminate unexpectedly with a segmentation fault. This update applies an upstream patch that resolves this issue, and giftext no longer crashes.

Comment 23 errata-xmlrpc 2011-03-30 08:01:23 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0398.html

Note You need to log in before you can comment on or make changes to this bug.