Bug 506873 – Imlib2 PNG loader has arbitrary restrictions on pictures larger than 8192 pixels in any direction

Bug 506873 - Imlib2 PNG loader has arbitrary restrictions on pictures larger than 8192 pixels in any direction

Summary:	Imlib2 PNG loader has arbitrary restrictions on pictures larger than 8192 pix...

Status:	CLOSED WONTFIX

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	imlib2 (Show other bugs)
Sub Component:
Version:	10
Hardware:	All Linux

Priority	low Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Tomas Smetana
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:
Whiteboard:
Keywords:	Reopened

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2009-06-18 23:11 EDT by Philippe Troin
Modified:	2009-07-03 13:53 EDT (History)
CC List:	2 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2009-07-03 06:47:43 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Fixes the problem. (542 bytes, patch) 2009-06-19 00:39 EDT, Philippe Troin	no flags	Details \| Diff
New patch (7.81 KB, patch) 2009-06-19 17:03 EDT, Philippe Troin	no flags	Details \| Diff
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Philippe Troin 2009-06-18 23:11:35 EDT

Description of problem:
As the title says.
Create a 10000x10000 png image, it cannot be loaded with imlib2.


Version-Release number of selected component (if applicable):
imlib2-1.4.2-2

How reproducible:
Always.

Comment 1 Philippe Troin 2009-06-19 00:39:17 EDT

Created attachment 348602 [details]
Fixes the problem.

Attached patch removing these limits.

Comment 2 Tomas Smetana 2009-06-19 10:17:26 EDT

The limit is there to prevent buffer overflows (was it CVE-2006-4806?) and its value has been chosen by the upstream maintainers.  I don't feel like changing that.

Comment 3 Philippe Troin 2009-06-19 14:55:27 EDT

Then the patch is wrong, but the bug remains.

Comment 4 Philippe Troin 2009-06-19 14:55:42 EDT

Reopened.

Comment 5 Philippe Troin 2009-06-19 17:03:46 EDT

Created attachment 348713 [details]
New patch

This new patch still does checking:
- it now fixes all the loaders
- it makes sure that the pixel count for a loaded picture fits in a signed int (2^31-1)

This should alleviate your concerns.

Phil.

Comment 6 Tomas Smetana 2009-07-03 06:47:43 EDT

Please send this patch upstream.  I'm not going to make Fedora imlib2 incompatible from the other distributions and the upstream.

Moreover I simply dislike the patch itself (INT_MAX doesn't have to be always 2^31-1...).  However if the upstream accepts it it's going to get into Fedora too.

Sorry.

Comment 7 Philippe Troin 2009-07-03 13:53:09 EDT

I agree with your INT_MAX remark.  However all the platforms I know of have INT_MAX at 2^31-1.

This patch wouldn't make imlib2 incompatible at all, just better than the stock one.

Nevertheless, I have file enhancement #361 at:
http://trac.enlightenment.org/e/ticket/361

<rant>
Frankly, I still wonder why I waste my time filing bugs with the Fedora bugzilla.   Either you guys sit on them until the bugs get auto-closed or I'm told to file upstream.
</rant>

Note You need to log in before you can comment on or make changes to this bug.