[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#533361: marked as done (xcftools: 'xcf2pnm -C ... layer' crashes on some valid XCF files)

Your message dated Mon, 06 Jul 2009 19:54:46 +0000
with message-id <E1MNuH0-0001ux-UI@ries.debian.org>
and subject line Bug#533361: fixed in xcftools 1.0.4-1+lenny1
has caused the Debian Bug report #533361,
regarding xcftools: 'xcf2pnm -C ... layer' crashes on some valid XCF files
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

533361: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533361
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: xcftools
Version: 1.0.4-1
Severity: important

I really like the xcftools package, because it lets me author things
in Gimp and then automate operations on them (e.g. let a Makefile
generate jpeg images from a sandwhich of layers). However, this bug is
a problem for me currently:

I try to extract individual layers, clipped to the canvas size. It
seems that at least sometimes, for at least some layers which extends
past the edges of the canvas, xcf2pnm fails.  On this amd64 system, it
passes an unreasonable size to malloc().  On my PPC Debian 4.0 system
and xcftools (1.0.4-1) it dies with SIGILL instead. Possibly, almost
anything can happen.

xcf2png fails in the same way.

Some might suspect that this as a security issue. I have chosen not to
file it as such, but feel free to raise the severity if you think it's

I have attached two minimal example files (gzipped).  The -bigcanvas
variant was created in Gimp with "Fit canvas to layers". And here is a
terminal session which shows the problem:

salix:/tmp/xcfbug% ls -l 
total 84
-rw-r--r-- 1 grahn grahn 46351 Jun 16 21:50 djuras_white_bigcanvas.xcf
-rw-r--r-- 1 grahn grahn 32939 Jun 16 21:49 djuras_white.xcf

salix:/tmp/xcfbug% md5sum *xcf
a1b5381579a94af0822a09d3f37b3e4b  djuras_white_bigcanvas.xcf
7812863507ddd7e486bfabdb468f6d78  djuras_white.xcf

salix:/tmp/xcfbug% xcfinfo djuras_white.xcf 
Version 0, 1600x1600 RGB color, 2 layers, compressed RLE
- 1670x1653-38-27 RGB-alpha Normal eniro
+ 1600x1600+0+0 RGB-alpha Normal ekon

salix:/tmp/xcfbug% xcfinfo djuras_white_bigcanvas.xcf 
Version 0, 1670x1653 RGB color, 2 layers, compressed RLE
- 1670x1653+0+0 RGB-alpha Normal eniro
+ 1600x1600+38+27 RGB-alpha Normal ekon

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white_bigcanvas.xcf ekon |md5sum
141f57dbe4df3f07eb00b58297112e91  -

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white.xcf ekon |md5sum 
141f57dbe4df3f07eb00b58297112e91  -

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white_bigcanvas.xcf eniro |md5sum
95a6ef319b81ae9f552b6f0ef3c164d9  -

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white.xcf eniro |md5sum 
xcf2pnm: Out of memory
d41d8cd98f00b204e9800998ecf8427e  -
zsh: exit 127   xcf2pnm -b black -C djuras_white.xcf eniro | 
zsh: done       md5sum

salix:/tmp/xcfbug% valgrind -q xcf2pnm -b black -C djuras_white.xcf eniro |md5sum
==2403== Warning: silly arg (-1794832372) to malloc()
xcf2pnm: Out of memory
d41d8cd98f00b204e9800998ecf8427e  -
zsh: exit 127   valgrind -q xcf2pnm -b black -C djuras_white.xcf eniro | 
zsh: done       md5sum

I'd really appreciate a fix. I could try debugging it myself, but I have a
feeling someone else (e.g. the upstream author) who knows XXF better can
succeed in an hour or so.


-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux (PREEMPT)
Locale: LANG=sv_SE, LC_CTYPE=sv_SE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages xcftools depends on:
ii  libc6                    2.7-18          GNU C Library: Shared libraries
ii  libpng12-0               1.2.27-2+lenny2 PNG library - runtime

Versions of packages xcftools recommends:
pn  feh | gimageview | gqview | i <none>     (no description available)
ii  mime-support                  3.44-1     MIME files 'mime.types' & 'mailcap
ii  x11-common                    1:7.3+18   X Window System (X.Org) infrastruc

Versions of packages xcftools suggests:
ii  gimp                          2.4.7-1    The GNU Image Manipulation Program

-- no debconf information

Attachment: djuras_white.xcf.gz
Description: GNU Zip compressed data

Attachment: djuras_white_bigcanvas.xcf.gz
Description: GNU Zip compressed data

--- End Message ---
--- Begin Message ---
Source: xcftools
Source-Version: 1.0.4-1+lenny1

We believe that the bug you reported is fixed in the latest version of
xcftools, which is due to be installed in the Debian FTP archive:

  to pool/main/x/xcftools/xcftools_1.0.4-1+lenny1.diff.gz
  to pool/main/x/xcftools/xcftools_1.0.4-1+lenny1.dsc
  to pool/main/x/xcftools/xcftools_1.0.4-1+lenny1_amd64.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 533361@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Jan Hauke Rahm <info@jhr-online.de> (supplier of updated xcftools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.8
Date: Mon, 06 Jul 2009 13:55:00 +0200
Source: xcftools
Binary: xcftools
Architecture: source amd64
Version: 1.0.4-1+lenny1
Distribution: stable
Urgency: high
Maintainer: Henning Makholm <henning@makholm.net>
Changed-By: Jan Hauke Rahm <info@jhr-online.de>
 xcftools   - command-line tools for extracting data for XCF files
Closes: 533361
 xcftools (1.0.4-1+lenny1) stable; urgency=high
   * QA upload.
   * Fix "'xcf2pnm -C ... layer' crashes on some valid XCF files", thanks
     Henning Makholm (upstream) (Closes: #533361, CVE-2009-2175)
 8fcd2fb4afc48e0a7bef8a944da323026e3ec75e 1031 xcftools_1.0.4-1+lenny1.dsc
 67b07af232926b99238ddeac73e1cf4917787224 8608 xcftools_1.0.4-1+lenny1.diff.gz
 41bad844aa140ce957b9d28a7c50c9bf6e738f7c 99102 xcftools_1.0.4-1+lenny1_amd64.deb
 58b83be25f1e552cdcb8cb9c1db0ebe344df34e8a9cd705daac16b63b33977ea 1031 xcftools_1.0.4-1+lenny1.dsc
 e827deba9e82de9725f1311f40f6bbb2c63bee5b270994da1df549c111c7240d 8608 xcftools_1.0.4-1+lenny1.diff.gz
 a157fd3a99b86c3c1770c89127d9e91cc8089fb2c376d0f924e43f1ce22ff79d 99102 xcftools_1.0.4-1+lenny1_amd64.deb
 b74ec80118df05975ad5650b7b3504cb 1031 graphics optional xcftools_1.0.4-1+lenny1.dsc
 07962e901b71169bc334b03212e78737 8608 graphics optional xcftools_1.0.4-1+lenny1.diff.gz
 e962f6c4dab4e867eab7aa1c0aa6ae10 99102 graphics optional xcftools_1.0.4-1+lenny1_amd64.deb

Version: GnuPG v1.4.9 (GNU/Linux)


--- End Message ---

Reply to: