Bug#909632: pngmeta: segfault on bad png
tag 909632 + patch
thanks
Actually, pngmeta segfaults on good pngs too. I believe
- The time displaying bit has dodgy pointers to pointers which stores to
uninitialized if png contains a time chunk. The normal gcc warning
for uninitialized apparently doesn't appear due to other warnings.
- The final png_destroy_read_struct() should pass pointers to pointers
the same as the earlier such calls in the program.
- The Debian change removing "png_skip_till_end" means no end_info, so
tIME after IDAT not printed eg. /usr/share/pixmaps/debian-logo.png
I get some joy from the diff below. Whole png_read_png() is the easiest
way to pick up time and text after IDAT. It'd be more efficient not to
hold the image data in memory, but can start by working.
--- pngmeta.c.orig 2018-10-19 17:38:53.0 +1100
+++ pngmeta.c 2018-10-23 16:47:56.0 +1100
@@ -45,6 +45,7 @@
#include
#include
+#include
#include
#include
@@ -481,7 +482,10 @@
/* Initialise data input */
png_init_io(png_ptr, in_fp);
- png_read_info(png_ptr, info_ptr);
+
+ /* Debian change: whole png_read_png() picks up text and time after IDAT.
+ (A bit easier than png_read_info(), skip IDAT, png_read_end().) */
+ png_read_png(png_ptr, info_ptr, 0, NULL);
print_init(out_fp, output_type, pngfile, uri, quiet);
@@ -522,10 +526,10 @@
sprintf(value, "%d", bit_depth);
print_kv(out_fp, output_type, "image-colors", value);
-sprintf(value, "%ld", width);
+sprintf(value, "%ld", (long) width);
print_kv(out_fp, output_type, "image-width", value);
-sprintf(value, "%ld", height);
+sprintf(value, "%ld", (long) height);
print_kv(out_fp, output_type, "image-height", value);
sprintf(value, "%s, %sinterlaced",
@@ -553,26 +557,26 @@
{
#if PNG_LIBPNG_VER_MAJOR >= 1 && PNG_LIBPNG_VER_MINOR >= 4
- int valid = png_get_valid(png_ptr, info_ptr, 0);
- int end_valid = png_get_valid(png_ptr, end_info, 0);
- png_timep *mod_time, *end_mod_time;
-
- png_get_tIME(png_ptr, info_ptr, mod_time);
- png_get_tIME(png_ptr, end_info, end_mod_time);
+ png_timep mod_time;
+ int valid = png_get_tIME(png_ptr, info_ptr, &mod_time);
#else
int valid = info_ptr->valid;
- int end_valid = end_info->valid;
- png_timep *mod_time = &info_ptr->mod_time;
- png_timep *end_mod_time = &end_info->mod_time;
+ png_timep mod_time = &info_ptr->mod_time;
#endif
/* Print modification time (tIME chunk) if present */
- if (valid & PNG_INFO_tIME)
-print_kv(out_fp, output_type, "Modification Time",
- png_convert_to_rfc1123(png_ptr, &mod_time));
- else if (end_valid & PNG_INFO_tIME)
-print_kv(out_fp, output_type, "Modification Time",
- png_convert_to_rfc1123(png_ptr, &end_mod_time));
+ if (valid & PNG_INFO_tIME) {
+const char *str = png_convert_to_rfc1123(png_ptr, mod_time);
+if (str) {
+ print_kv(out_fp, output_type, "Modification Time", str);
+} else {
+ /* png_convert_to_rfc1123() returns NULL for a bad tIME, such as month
+ not 1..12 (and hence no month name string). Think an error here is
+ ok, and leave tolerating badness to a fix or dump program. */
+ fprintf(STDERR, "%s: invalid tIME in %s\n", progname, pngfile);
+ exit(1);
+}
+ }
}
print_end_image(out_fp, output_type);
@@ -585,7 +589,7 @@
print_finish(out_fp, output_type);
/* Cleanup */
- png_destroy_read_struct(png_ptr, info_ptr, end_info);
+ png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
fclose(in_fp);
Processed: Re: pngmeta: segfault on bad png
Processing commands for cont...@bugs.debian.org: > tag 909632 + patch Bug #909632 [pngmeta] pngmeta: segfault on bad png Added tag(s) patch. > thanks Stopping processing here. Please contact me if you need assistance. -- 909632: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909632 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#698032: marked as done (Migrate from GConf to GSettings)
Your message dated Tue, 23 Oct 2018 09:03:53 + with message-id and subject line Bug#698032: fixed in gkdebconf 2.0.4 has caused the Debian Bug report #698032, regarding Migrate from GConf to GSettings to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 698032: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698032 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: gkdebconf Version: 1.2.68 With GNOME 3.0 (april 2011), the GNOME Project decided to discontinue GConf. It won't be maintained anymore: bugs and security holes will not be fixed. Thus, gkdebconfr shouldn't depend on GConf any longer. Please, migrate to GSettings. GStettings is the official GNOME replacement for GConf, and the GNOME project is porting all of its applications to it: https://live.gnome.org/GnomeGoals/GSettingsMigration You will find the official from GConf to GSettings porting guide at: http://developer.gnome.org/gio/stable/ch31.html --- End Message --- --- Begin Message --- Source: gkdebconf Source-Version: 2.0.4 We believe that the bug you reported is fixed in the latest version of gkdebconf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 698...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yavor Doganov (supplier of updated gkdebconf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 22 Oct 2018 23:32:32 +0300 Source: gkdebconf Binary: gkdebconf Architecture: source Version: 2.0.4 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Yavor Doganov Description: gkdebconf - Helper to reconfigure packages with Debconf Closes: 698032 Changes: gkdebconf (2.0.4) unstable; urgency=medium . * QA upload. * Port to GSettings (Closes: #698032). * Require gettext 0.19; pass "external" to AM_GNU_GETTEXT. * Uncomment AC_CONFIG_HEADERS; fixes a bunch of compiler warnings. * Don't define MKINSTALLDIRS; unnecessary. * Fix compiler warnings; check return result of fgets. * debian/control (Build-Depends): Drop libgconf2-dev. Remove ancient gettext version requirement. (Recommends): Add gconf2 for data migration. (Vcs-Git, Vcs-Browser): Remove as the repository is gone. (Standards-Version): Claim compliance with 4.2.1. * debian/rules: Set DEB_LDFLAGS_MAINT_APPEND to -Wl,--as-needed. (override_dh_auto_install): Remove override; useless. * debian/menu: Delete. * debian/copyright: Add myself. Checksums-Sha1: 440b931baacbb991c45d8936ee7c859570b3 1453 gkdebconf_2.0.4.dsc 4c5b09414ed4e38aeab9598ce646c0dc7cf31454 157244 gkdebconf_2.0.4.tar.xz cc9376489909ddf4a245b5d838fc643bd5b32257 10494 gkdebconf_2.0.4_amd64.buildinfo Checksums-Sha256: 5904ffa644a91d20576dd15af023f1dfb19db9240676b2c3a816d27e36060dc7 1453 gkdebconf_2.0.4.dsc b55f8934343c38a18cfc4effdd991dca3a71b9397b069e8e59ce19ee9d6c4865 157244 gkdebconf_2.0.4.tar.xz e66a9daaf168b83eb7df6814c0216111e226a0b60804a8a430d24539b8d8ae7c 10494 gkdebconf_2.0.4_amd64.buildinfo Files: afff69a15cb6d4bd17a390b8e9d8d6c5 1453 admin optional gkdebconf_2.0.4.dsc a14b2108048ca586defc80ce9dbe17b1 157244 admin optional gkdebconf_2.0.4.tar.xz 3b4faaae7b96d77a748a3f3ac65d0ab2 10494 admin optional gkdebconf_2.0.4_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAlvO4O0ACgkQZR7vsCUn 3xNfrg/+MxedmuMi2wd6znV6ale/dwTs25IqnbyiyFeQJubaPs4jZGjWZBdFQ17U 1tE0GNZmFUfCNsXc5xkw3eCRrNyWicw4vgZad81neQY37BJJAnljooFO+eP5CcOM /qlIBLg/9E4rzpGX+Yc1i3v8RPFR6BcIWZR7+ZXCMAJlA9ThbOmRrnU8DVPPk+sa xIPq0iDMucaXyO0mS0alhYadZtg3m7G5TplJCaLqcJ3BGR+p5oWeWu7ax0DDaDoZ MzNtJ+2SyX4ustGhB8tF5c91CCm6C841jrCyN1+vx/pPauF5A2jjmL4zun70f+FA FXET+b87Ieg2QXOfym+mXDZ6Mgu3FcHUfzMAPPG6EqUgHv5mU8mmXO8gTMkbv+Jq buNVBSRz43l0VucYpYtit1TcxVIbxwkZp7J+t3Ev+dmiaqvSHJv2w7XoQHcIC3uF tYPCDA7QJkxMh2j+68e7UZXdgKSB+3caD7smxMoke2ieQ2I0qxNjJO6aKKiwjiAC 8dUooOaq5T+pTwZLXeM+ooV7bmenY28PyhrLCSDYQ7RfCntkS9W0r2mYwUR1O9L/ FQ/82wGWE0M4Kixsb8Xa0+MxkWZuG1M6POhK0TxAkDftT+/a84oufxi6Dgg+tjQp VANFXkqGsTBUwZystMPsqPf2s3RRBcq0sR0N22WX7dzFwCLZD88= =Yve0 -END PGP SIGNATURE End Message ---
Processing of gkdebconf_2.0.4_source.changes
gkdebconf_2.0.4_source.changes uploaded successfully to localhost along with the files: gkdebconf_2.0.4.dsc gkdebconf_2.0.4.tar.xz gkdebconf_2.0.4_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
gkdebconf_2.0.4_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 22 Oct 2018 23:32:32 +0300 Source: gkdebconf Binary: gkdebconf Architecture: source Version: 2.0.4 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Yavor Doganov Description: gkdebconf - Helper to reconfigure packages with Debconf Closes: 698032 Changes: gkdebconf (2.0.4) unstable; urgency=medium . * QA upload. * Port to GSettings (Closes: #698032). * Require gettext 0.19; pass "external" to AM_GNU_GETTEXT. * Uncomment AC_CONFIG_HEADERS; fixes a bunch of compiler warnings. * Don't define MKINSTALLDIRS; unnecessary. * Fix compiler warnings; check return result of fgets. * debian/control (Build-Depends): Drop libgconf2-dev. Remove ancient gettext version requirement. (Recommends): Add gconf2 for data migration. (Vcs-Git, Vcs-Browser): Remove as the repository is gone. (Standards-Version): Claim compliance with 4.2.1. * debian/rules: Set DEB_LDFLAGS_MAINT_APPEND to -Wl,--as-needed. (override_dh_auto_install): Remove override; useless. * debian/menu: Delete. * debian/copyright: Add myself. Checksums-Sha1: 440b931baacbb991c45d8936ee7c859570b3 1453 gkdebconf_2.0.4.dsc 4c5b09414ed4e38aeab9598ce646c0dc7cf31454 157244 gkdebconf_2.0.4.tar.xz cc9376489909ddf4a245b5d838fc643bd5b32257 10494 gkdebconf_2.0.4_amd64.buildinfo Checksums-Sha256: 5904ffa644a91d20576dd15af023f1dfb19db9240676b2c3a816d27e36060dc7 1453 gkdebconf_2.0.4.dsc b55f8934343c38a18cfc4effdd991dca3a71b9397b069e8e59ce19ee9d6c4865 157244 gkdebconf_2.0.4.tar.xz e66a9daaf168b83eb7df6814c0216111e226a0b60804a8a430d24539b8d8ae7c 10494 gkdebconf_2.0.4_amd64.buildinfo Files: afff69a15cb6d4bd17a390b8e9d8d6c5 1453 admin optional gkdebconf_2.0.4.dsc a14b2108048ca586defc80ce9dbe17b1 157244 admin optional gkdebconf_2.0.4.tar.xz 3b4faaae7b96d77a748a3f3ac65d0ab2 10494 admin optional gkdebconf_2.0.4_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAlvO4O0ACgkQZR7vsCUn 3xNfrg/+MxedmuMi2wd6znV6ale/dwTs25IqnbyiyFeQJubaPs4jZGjWZBdFQ17U 1tE0GNZmFUfCNsXc5xkw3eCRrNyWicw4vgZad81neQY37BJJAnljooFO+eP5CcOM /qlIBLg/9E4rzpGX+Yc1i3v8RPFR6BcIWZR7+ZXCMAJlA9ThbOmRrnU8DVPPk+sa xIPq0iDMucaXyO0mS0alhYadZtg3m7G5TplJCaLqcJ3BGR+p5oWeWu7ax0DDaDoZ MzNtJ+2SyX4ustGhB8tF5c91CCm6C841jrCyN1+vx/pPauF5A2jjmL4zun70f+FA FXET+b87Ieg2QXOfym+mXDZ6Mgu3FcHUfzMAPPG6EqUgHv5mU8mmXO8gTMkbv+Jq buNVBSRz43l0VucYpYtit1TcxVIbxwkZp7J+t3Ev+dmiaqvSHJv2w7XoQHcIC3uF tYPCDA7QJkxMh2j+68e7UZXdgKSB+3caD7smxMoke2ieQ2I0qxNjJO6aKKiwjiAC 8dUooOaq5T+pTwZLXeM+ooV7bmenY28PyhrLCSDYQ7RfCntkS9W0r2mYwUR1O9L/ FQ/82wGWE0M4Kixsb8Xa0+MxkWZuG1M6POhK0TxAkDftT+/a84oufxi6Dgg+tjQp VANFXkqGsTBUwZystMPsqPf2s3RRBcq0sR0N22WX7dzFwCLZD88= =Yve0 -END PGP SIGNATURE- Thank you for your contribution to Debian.
Processed: tagging 873075
Processing commands for cont...@bugs.debian.org: > tags 873075 + confirmed Bug #873075 [backuppc] backuppc: Please package 4.xx version (now 4.1.3) Added tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 873075: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873075 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 808241
Processing commands for cont...@bugs.debian.org: > tags 808241 + pending Bug #808241 [backuppc] backuppc: The abbreviation "IS" for "IT Support" should no more be used Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 808241: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808241 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 675013
Processing commands for cont...@bugs.debian.org: > tags 675013 + confirmed pending Bug #675013 [backuppc] backuppc: Bad e-mail headers in czech and polish Added tag(s) confirmed and pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 675013: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675013 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: severity of 873075 is important
Processing commands for cont...@bugs.debian.org: > severity 873075 important Bug #873075 [backuppc] backuppc: Please package 4.xx version (now 4.1.3) Severity set to 'important' from 'wishlist' > thanks Stopping processing here. Please contact me if you need assistance. -- 873075: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873075 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
ytalk is marked for autoremoval from testing
ytalk 3.3.0-9 is marked for autoremoval from testing on 2018-11-29 It (build-)depends on packages with these RC bugs: 911154: netkit-ntalk: netkit-ntalk misses the generator for configure
