Bug 506873 - Imlib2 PNG loader has arbitrary restrictions on pictures larger than 8192 pixels in any direction
Imlib2 PNG loader has arbitrary restrictions on pictures larger than 8192 pix...
Product: Fedora
Classification: Fedora
Component: imlib2 (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomas Smetana
Fedora Extras Quality Assurance
: Reopened
Depends On:
  Show dependency treegraph
Reported: 2009-06-18 23:11 EDT by Philippe Troin
Modified: 2009-07-03 13:53 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-07-03 06:47:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Fixes the problem. (542 bytes, patch)
2009-06-19 00:39 EDT, Philippe Troin
no flags Details | Diff
New patch (7.81 KB, patch)
2009-06-19 17:03 EDT, Philippe Troin
no flags Details | Diff

  None (edit)
Description Philippe Troin 2009-06-18 23:11:35 EDT
Description of problem:
As the title says.
Create a 10000x10000 png image, it cannot be loaded with imlib2.

Version-Release number of selected component (if applicable):

How reproducible:
Comment 1 Philippe Troin 2009-06-19 00:39:17 EDT
Created attachment 348602 [details]
Fixes the problem.

Attached patch removing these limits.
Comment 2 Tomas Smetana 2009-06-19 10:17:26 EDT
The limit is there to prevent buffer overflows (was it CVE-2006-4806?) and its value has been chosen by the upstream maintainers.  I don't feel like changing that.
Comment 3 Philippe Troin 2009-06-19 14:55:27 EDT
Then the patch is wrong, but the bug remains.
Comment 4 Philippe Troin 2009-06-19 14:55:42 EDT
Comment 5 Philippe Troin 2009-06-19 17:03:46 EDT
Created attachment 348713 [details]
New patch

This new patch still does checking:
- it now fixes all the loaders
- it makes sure that the pixel count for a loaded picture fits in a signed int (2^31-1)

This should alleviate your concerns.

Comment 6 Tomas Smetana 2009-07-03 06:47:43 EDT
Please send this patch upstream.  I'm not going to make Fedora imlib2 incompatible from the other distributions and the upstream.

Moreover I simply dislike the patch itself (INT_MAX doesn't have to be always 2^31-1...).  However if the upstream accepts it it's going to get into Fedora too.

Comment 7 Philippe Troin 2009-07-03 13:53:09 EDT
I agree with your INT_MAX remark.  However all the platforms I know of have INT_MAX at 2^31-1.

This patch wouldn't make imlib2 incompatible at all, just better than the stock one.

Nevertheless, I have file enhancement #361 at:

Frankly, I still wonder why I waste my time filing bugs with the Fedora bugzilla.   Either you guys sit on them until the bugs get auto-closed or I'm told to file upstream.

Note You need to log in before you can comment on or make changes to this bug.