Bug#533361: marked as done (xcftools: 'xcf2pnm -C ... layer' crashes on some valid XCF files)

Tue, 14 Jul 2009 13:16:24 -0700 

Your message dated Tue, 14 Jul 2009 19:32:38 +0000
with message-id <e1mqnjy-00018d...@ries.debian.org>
and subject line Bug#533361: fixed in xcftools 1.0.7-1
has caused the Debian Bug report #533361,
regarding xcftools: 'xcf2pnm -C ... layer' crashes on some valid XCF files
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
533361: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533361
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: xcftools
Version: 1.0.4-1
Severity: important


I really like the xcftools package, because it lets me author things
in Gimp and then automate operations on them (e.g. let a Makefile
generate jpeg images from a sandwhich of layers). However, this bug is
a problem for me currently:

I try to extract individual layers, clipped to the canvas size. It
seems that at least sometimes, for at least some layers which extends
past the edges of the canvas, xcf2pnm fails.  On this amd64 system, it
passes an unreasonable size to malloc().  On my PPC Debian 4.0 system
and xcftools (1.0.4-1) it dies with SIGILL instead. Possibly, almost
anything can happen.

xcf2png fails in the same way.

Some might suspect that this as a security issue. I have chosen not to
file it as such, but feel free to raise the severity if you think it's
important.

I have attached two minimal example files (gzipped).  The -bigcanvas
variant was created in Gimp with "Fit canvas to layers". And here is a
terminal session which shows the problem:

salix:/tmp/xcfbug% ls -l 
total 84
-rw-r--r-- 1 grahn grahn 46351 Jun 16 21:50 djuras_white_bigcanvas.xcf
-rw-r--r-- 1 grahn grahn 32939 Jun 16 21:49 djuras_white.xcf

salix:/tmp/xcfbug% md5sum *xcf
a1b5381579a94af0822a09d3f37b3e4b  djuras_white_bigcanvas.xcf
7812863507ddd7e486bfabdb468f6d78  djuras_white.xcf

salix:/tmp/xcfbug% xcfinfo djuras_white.xcf 
Version 0, 1600x1600 RGB color, 2 layers, compressed RLE
- 1670x1653-38-27 RGB-alpha Normal eniro
+ 1600x1600+0+0 RGB-alpha Normal ekon

salix:/tmp/xcfbug% xcfinfo djuras_white_bigcanvas.xcf 
Version 0, 1670x1653 RGB color, 2 layers, compressed RLE
- 1670x1653+0+0 RGB-alpha Normal eniro
+ 1600x1600+38+27 RGB-alpha Normal ekon

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white_bigcanvas.xcf ekon |md5sum
141f57dbe4df3f07eb00b58297112e91  -

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white.xcf ekon |md5sum 
141f57dbe4df3f07eb00b58297112e91  -

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white_bigcanvas.xcf eniro |md5sum
95a6ef319b81ae9f552b6f0ef3c164d9  -

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white.xcf eniro |md5sum 
xcf2pnm: Out of memory
d41d8cd98f00b204e9800998ecf8427e  -
zsh: exit 127   xcf2pnm -b black -C djuras_white.xcf eniro | 
zsh: done       md5sum

salix:/tmp/xcfbug% valgrind -q xcf2pnm -b black -C djuras_white.xcf eniro 
|md5sum
==2403== Warning: silly arg (-1794832372) to malloc()
xcf2pnm: Out of memory
d41d8cd98f00b204e9800998ecf8427e  -
zsh: exit 127   valgrind -q xcf2pnm -b black -C djuras_white.xcf eniro | 
zsh: done       md5sum
salix:/tmp/xcfbug% 

I'd really appreciate a fix. I could try debugging it myself, but I have a
feeling someone else (e.g. the upstream author) who knows XXF better can
succeed in an hour or so.

regards,
Jörgen

-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26.7 (PREEMPT)
Locale: LANG=sv_SE, LC_CTYPE=sv_SE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages xcftools depends on:
ii  libc6                    2.7-18          GNU C Library: Shared libraries
ii  libpng12-0               1.2.27-2+lenny2 PNG library - runtime

Versions of packages xcftools recommends:
pn  feh | gimageview | gqview | i <none>     (no description available)
ii  mime-support                  3.44-1     MIME files 'mime.types' & 'mailcap
ii  x11-common                    1:7.3+18   X Window System (X.Org) infrastruc

Versions of packages xcftools suggests:
ii  gimp                          2.4.7-1    The GNU Image Manipulation Program

-- no debconf information

Attachment: djuras_white.xcf.gz
Description: GNU Zip compressed data

Attachment: djuras_white_bigcanvas.xcf.gz
Description: GNU Zip compressed data


--- End Message ---
--- Begin Message --- 
Source: xcftools
Source-Version: 1.0.7-1

We believe that the bug you reported is fixed in the latest version of
xcftools, which is due to be installed in the Debian FTP archive:

xcftools_1.0.7-1.diff.gz
  to pool/main/x/xcftools/xcftools_1.0.7-1.diff.gz
xcftools_1.0.7-1.dsc
  to pool/main/x/xcftools/xcftools_1.0.7-1.dsc
xcftools_1.0.7-1_i386.deb
  to pool/main/x/xcftools/xcftools_1.0.7-1_i386.deb
xcftools_1.0.7.orig.tar.gz
  to pool/main/x/xcftools/xcftools_1.0.7.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 533...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Hauke Rahm <i...@jhr-online.de> (supplier of updated xcftools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 14 Jul 2009 17:02:09 +0200
Source: xcftools
Binary: xcftools
Architecture: source i386
Version: 1.0.7-1
Distribution: unstable
Urgency: high
Maintainer: Jan Hauke Rahm <i...@jhr-online.de>
Changed-By: Jan Hauke Rahm <i...@jhr-online.de>
Description: 
 xcftools   - command-line tools for extracting data for XCF files
Closes: 525920 533361
Changes: 
 xcftools (1.0.7-1) unstable; urgency=high
 .
   * Adopted (Closes: #525920)
     + with urgency=high for the security issue
     + with new debian/copyright according to upstream's relicensing
   * New upstream release (1.0.7)
     + Fix GPL-to-PD transition: missed copyright blurb in online banner.
   * IMPORTANT CHANGE: xcfview is rewritten to use xdg-utils in order to find
     an image viewer instead of parsing /etc/mailcap on its own
 .
   * New upstream release (1.0.6)
     + Change licensing from GPL-2 to PD.
     + Fix bug: A layer without an alpha channel bug with an active layer mask
       was wrongly considered to obscure all lower layers.
     + Fix bug: xcf2pnm would guess PBM as the output format even if the
       background was explicitly set to an intermediate gray, or if -T might
       produce grays.
 .
   * New upstream release (1.0.5)
     + Fix various bugs if extracted part of image contains pixels with
       negative canvas-based coordinates. Thanks Jörgen Grahn (Closes: #533361,
       CVE-2009-2175)
     + Minor manpage fixes; -C description should be less confusing now.
     + $(DESTDIR) honored in Makefile's install target
   * Use quilt for patches
   * Bump standards-version: 3.8.2
   * Added debian/watch
   * Switched to debhelper 7
   * debian/control: Reorganized Recommends and Suggests
Checksums-Sha1: 
 2c686b29d2137f732d941b849d7aac5501c61202 1650 xcftools_1.0.7-1.dsc
 3c3cf07ad6183605a3febf5a8af9f2bd4cb4ef83 273455 xcftools_1.0.7.orig.tar.gz
 994a280a3d4cc5fd7cc9d974b7ecfaa636830d49 6925 xcftools_1.0.7-1.diff.gz
 d094d30bbf0f3638fe13a2d97ebd7a0387d5b81f 91082 xcftools_1.0.7-1_i386.deb
Checksums-Sha256: 
 86bc5d158a988b91e7fe340771ff1f7838ba8d545ad945d8670091a40dc0196d 1650 
xcftools_1.0.7-1.dsc
 1ebf6d8405348600bc551712d9e4f7c33cc83e416804709f68d0700afde920a6 273455 
xcftools_1.0.7.orig.tar.gz
 8f7225aaced1fa6ee5982b7a3c7afd68ea714e249f1d2db8fce0cf1964349787 6925 
xcftools_1.0.7-1.diff.gz
 5e3e5df4b3f85a6d9e4837dc96c9fc67c21e1315dfcc1a76f6614bd24b12b12e 91082 
xcftools_1.0.7-1_i386.deb
Files: 
 6acd733059f3a2bb4b5a3b4f7b700239 1650 graphics optional xcftools_1.0.7-1.dsc
 fd960b6470fb23520fc4b1ade6cf6e25 273455 graphics optional 
xcftools_1.0.7.orig.tar.gz
 873f68d4b99c550f850e61bc32637e12 6925 graphics optional 
xcftools_1.0.7-1.diff.gz
 2ad54a1ec9e6983f39a8d7dd1fab2841 91082 graphics optional 
xcftools_1.0.7-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBAgAGBQJKXNsFAAoJEBxXDIkOS9CrP2IP/Rn+wBx/xouOK3pz7cMpg2aY
G4HI07ip1BLKxqgY6DnJqk7+PShPBjHS+MKx24V0wkyj734cfz6plLc/LmSR5k/R
JIEXrG5mQa6q3G4qBQzmFWCkyM/KHQbFja1BYMWWH7HHmd+eJ82D2Hiv+EuKybVG
kxEfkfquBY8CYhdQaoJHbq6ASgwKWYLpH2UKhgY0vbBi5Hn1kKE2oE+a5Z2DDOdz
ysukrFxxBp3vEb8BKhGHggf1fwChiDszWC9Lnc/ugW3R3dd5FRUoZScVImfBV4lD
1IzypcL/IWmVCXpOJMezG7IryT/3R8SuZkf5Klv5XYwFXBKCOAuRlZC4Rma/g/iN
stHLRlUhixMF/bZdnyXadnc2oEd37mKtc8Yg4ZzK7x49qjow94DtniDARTqIuVYs
Roy7f+9oha9LwpP7bB/v9KNAcyXrYYBDujWiMxfrC7Inkq+UJGKBpcVHnVF2gCoo
Okkq7PvYjbEtBqewlbFGGXP0NnDAoM1fkdRiNSgBNlVbUsUqSavHDZ9rVy9mYI2M
6ugYGVFJQ1sNN7wSUuLPb1eWAedsXRzalNyx8V7+DHyvbKxpRMOAwkb6tzh/lNfx
lTL7s734LbM+q6AIreHObeSWZ3CK9/JmZk/0N1J26pqMuyOJjV0pybosauof58G3
Npcs2HqHUNA0JqB5jEjb
=czGz
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to