Re: Bug#818233: Fails to build from source on kfreebsd-amd64

Mon, 14 Mar 2016 15:25:55 -0700 

user debian-bsd@lists.debian.org
usertags 818233 + kfreebsd
thanks

Hi,

Moritz Muehlenhoff wrote:
> gdk-pixbuf on kfreebsd-amd64 is still at version 2.31.5-1 since all
> later version fail to build. Can someone from the kfreebsd porters
> look into this? It works on kfreebsd-i386.

I looked at this before but couldn't really decide how to proceed.
The test for CVE-2015-4491 is IMHO buggy, although that is subjective.

Here's a bug where this test was discussed in some detail:
https://bugzilla.gnome.org/show_bug.cgi?id=754387
though it was marked as fixed after it now "seems fine for the
architectures we care about".

Here's a more recent upstream bug reporting this on Linux, with no
response:  https://bugzilla.gnome.org/show_bug.cgi?id=758104

IIRC the test tries to allocate about 16 GiB of heap memory.  On
kfreebsd-amd64 the allocation understandably fails.  On kfreebsd-i386
ISTR the test is skipped.  On Linux, usually the allocations are lazy
unless non-zero values are written into the buffer, and I guess they're
not, which is why it succeeds.  Except, with MALLOC_PERTURB_ options,
Dimitri John Ledkov has shown that it still fails in that case:
https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1519030

It's kind of odd, that MALLOC_PERTURB_ is supposed to be *already* set
when running the testsuite, so I would expect it to already fail on the
Debian linux-amd64 buildds.

The large memory allocation is actually necessary to test that the
original bug (rescaling an image that has large dimensions) is fixed.
Though it seems to me this is still a DoS issue that can be triggered on
FreeBSD and perhaps Linux in some situations.

Maybe I could find a testcase that triggers a crash reliably on Linux,
and that may attract more interest in fixing this for good.

I commented that the large memory allocation (and the original
CVE-2015-4491) might have been avoided by falling back to simpler
rescale methods when handling very large images:
https://bugzilla.gnome.org/show_bug.cgi?id=754387#c23

Regards,
-- 
Steven Chamberlain
ste...@pyro.eu.org

Attachment: signature.asc
Description: Digital signature

Reply via email to