Bug#384841: xloadimage segfaults with corrupt gif

Stefan Fritsch Sun, 27 Aug 2006 02:33:14 -0700

Package: xloadimage
Version: 4.1-16
Severity: important

xloadimage segfaults on the gif [1] (which comes from php bug
#38112 [2]). Here is the backtrace:


(gdb) run /tmp/38112.gif
Starting program: /tmp/xloadimage-4.1/xloadimage /tmp/38112.gif
/tmp/38112.gif is a 130x130 GIF image with 2 colors

Program received signal SIGSEGV, Segmentation fault.
gifin_push_string (code=134217726) at gif.c:455
455       while (prefix[code] != NULL_CODE)
(gdb) bt
#0  gifin_push_string (code=134217726) at gif.c:455
#1  0x0804f29d in gifin_get_pixel (pel=0xbfa8af08) at gif.c:319
#2  0x0804f6ca in gifLoad (fullname=0xbfa8af3c "/tmp/38112.gif",
    name=0x80cbad0 "/tmp/38112.gif", verbose=1) at gif.c:594
#3  0x0804fef9 in loadImage (globalopts=0x80cba70, options=0x80cbaa0,
    name=0x80cbad0 "/tmp/38112.gif", verbose=1) at imagetypes.c:82
#4  0x08064186 in main (argc=2, argv=0xbfa8d094) at xloadimage.c:358




[1] http://people.debian.org/~seanius/security/php/poc/38112.gif
[2] http://bugs.php.net/bug.php?id=38112


-- System Information:

Versions of packages xloadimage depends on:
ii  libc6                       2.3.6.ds1-4  GNU C Library: Shared libraries
ii  libjpeg62                   6b-13        The Independent JPEG Group's JPEG 
ii  libpng12-0                  1.2.8rel-5.2 PNG library - runtime
ii  libtiff4                    3.8.2-6      Tag Image File Format (TIFF) libra
ii  libx11-6                    2:1.0.0-8    X11 client-side library
ii  zlib1g                      1:1.2.3-13   compression library - runtime

xloadimage recommends no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#384841: xloadimage segfaults with corrupt gif

Reply via email to