Red Hat Bugzilla – Bug 506873
Imlib2 PNG loader has arbitrary restrictions on pictures larger than 8192 pixels in any direction
Last modified: 2009-07-03 13:53:09 EDT
Description of problem:
As the title says.
Create a 10000x10000 png image, it cannot be loaded with imlib2.
Version-Release number of selected component (if applicable):
Created attachment 348602 [details]
Fixes the problem.
Attached patch removing these limits.
The limit is there to prevent buffer overflows (was it CVE-2006-4806?) and its value has been chosen by the upstream maintainers. I don't feel like changing that.
Then the patch is wrong, but the bug remains.
Created attachment 348713 [details]
This new patch still does checking:
- it now fixes all the loaders
- it makes sure that the pixel count for a loaded picture fits in a signed int (2^31-1)
This should alleviate your concerns.
Please send this patch upstream. I'm not going to make Fedora imlib2 incompatible from the other distributions and the upstream.
Moreover I simply dislike the patch itself (INT_MAX doesn't have to be always 2^31-1...). However if the upstream accepts it it's going to get into Fedora too.
I agree with your INT_MAX remark. However all the platforms I know of have INT_MAX at 2^31-1.
This patch wouldn't make imlib2 incompatible at all, just better than the stock one.
Nevertheless, I have file enhancement #361 at:
Frankly, I still wonder why I waste my time filing bugs with the Fedora bugzilla. Either you guys sit on them until the bugs get auto-closed or I'm told to file upstream.