Bug 506873 - Imlib2 PNG loader has arbitrary restrictions on pictures larger than 8192 pixels in any direction
Summary: Imlib2 PNG loader has arbitrary restrictions on pictures larger than 8192 pix...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: imlib2
Version: 10
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Tomas Smetana
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-06-19 03:11 UTC by Philippe Troin
Modified: 2009-07-03 17:53 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-07-03 10:47:43 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Fixes the problem. (542 bytes, patch)
2009-06-19 04:39 UTC, Philippe Troin
no flags Details | Diff
New patch (7.81 KB, patch)
2009-06-19 21:03 UTC, Philippe Troin
no flags Details | Diff

Description Philippe Troin 2009-06-19 03:11:35 UTC
Description of problem:
As the title says.
Create a 10000x10000 png image, it cannot be loaded with imlib2.


Version-Release number of selected component (if applicable):
imlib2-1.4.2-2

How reproducible:
Always.

Comment 1 Philippe Troin 2009-06-19 04:39:17 UTC
Created attachment 348602 [details]
Fixes the problem.

Attached patch removing these limits.

Comment 2 Tomas Smetana 2009-06-19 14:17:26 UTC
The limit is there to prevent buffer overflows (was it CVE-2006-4806?) and its value has been chosen by the upstream maintainers.  I don't feel like changing that.

Comment 3 Philippe Troin 2009-06-19 18:55:27 UTC
Then the patch is wrong, but the bug remains.

Comment 4 Philippe Troin 2009-06-19 18:55:42 UTC
Reopened.

Comment 5 Philippe Troin 2009-06-19 21:03:46 UTC
Created attachment 348713 [details]
New patch

This new patch still does checking:
- it now fixes all the loaders
- it makes sure that the pixel count for a loaded picture fits in a signed int (2^31-1)

This should alleviate your concerns.

Phil.

Comment 6 Tomas Smetana 2009-07-03 10:47:43 UTC
Please send this patch upstream.  I'm not going to make Fedora imlib2 incompatible from the other distributions and the upstream.

Moreover I simply dislike the patch itself (INT_MAX doesn't have to be always 2^31-1...).  However if the upstream accepts it it's going to get into Fedora too.

Sorry.

Comment 7 Philippe Troin 2009-07-03 17:53:09 UTC
I agree with your INT_MAX remark.  However all the platforms I know of have INT_MAX at 2^31-1.

This patch wouldn't make imlib2 incompatible at all, just better than the stock one.

Nevertheless, I have file enhancement #361 at:
http://trac.enlightenment.org/e/ticket/361

<rant>
Frankly, I still wonder why I waste my time filing bugs with the Fedora bugzilla.   Either you guys sit on them until the bugs get auto-closed or I'm told to file upstream.
</rant>


Note You need to log in before you can comment on or make changes to this bug.