| Summary: | SDL_image 1.2.x stuck in infinite loop when loading XCF file | ||
|---|---|---|---|
| Product: | SDL_image | Reporter: | miniupnp <miniupnp> |
| Component: | misc | Assignee: | Sam Lantinga <slouken> |
| Status: | RESOLVED FIXED | QA Contact: | Sam Lantinga <slouken> |
| Severity: | major | ||
| Priority: | P2 | CC: | miniupnp, sezeroz |
| Version: | 1.2.12 | ||
| Hardware: | All | ||
| OS: | All | ||
| Attachments: |
XCF file which causes the bug
patch for the infinite loop support XCF files with 64bits offsets Patch to ignore load leves > 1, just as Gimp patch for the infinite loop - SLD-1.2-current patch to support XCF files with 64bits offset - SDL-1.2-current Patch to ignore load leves > 1, just as Gimp - SDL-1.2-current patch to support XCF files with 64bits offset - default branch Patch to ignore load leves > 1, just as Gimp -default branch |
||
Created attachment 3525 [details]
patch for the infinite loop
Created attachment 3526 [details]
support XCF files with 64bits offsets
Created attachment 3527 [details] Patch to ignore load leves > 1, just as Gimp there is a bug in the saving code of gimp https://gitlab.gnome.org/GNOME/gimp/issues/2604 So this patch is to avoid loading buggy data I think at least the infinite loop should be patched ASAP as it can causes denial of service attacks These don't cleanly apply. Can you attach new patches against the code in Mercurial? https://hg.libsdl.org/SDL_image/ Thanks! my current patches are against SDL_image 1.2.12 I'm going to make patches for SDL_image branch default and SDL-1.2 Created attachment 3528 [details]
patch for the infinite loop - SLD-1.2-current
Created attachment 3529 [details]
patch to support XCF files with 64bits offset - SDL-1.2-current
Created attachment 3530 [details]
Patch to ignore load leves > 1, just as Gimp - SDL-1.2-current
patch for the infinite loop - SLD-1.2-current also apply cleanly on default (2.0) branch Created attachment 3531 [details]
patch to support XCF files with 64bits offset - default branch
Created attachment 3532 [details]
Patch to ignore load leves > 1, just as Gimp -default branch
I attached the patch for both hg branches default and SDL-1.2. patch order : default : SDL_image-1.2-current.XCF_infinite_loop.patch SDL_image-default.XCF.v11_64bits_offsets.patch SDL_image-default.XCF_ignore_levels.patch SDL-1.2 : SDL_image-1.2-current.XCF_infinite_loop.patch SDL_image-1.2-current.XCF_v11_64bits_offsets.hg.patch SDL_image-1.2-current.XCF_ignore_levels.patch Thank you for the clean set of patches. These are now in: https://hg.libsdl.org/SDL_image/rev/2346808be360 https://hg.libsdl.org/SDL_image/rev/6536f264b1eb https://hg.libsdl.org/SDL_image/rev/d3c9832b95fb https://hg.libsdl.org/SDL_image/rev/68f958f43339 https://hg.libsdl.org/SDL_image/rev/1d88a9866410 https://hg.libsdl.org/SDL_image/rev/1d33bfccd462 The 64bits offset patch, as it seems, broke loading xcf files, both in 1.2 and default branches. See: https://bugzilla.libsdl.org/show_bug.cgi?id=4935 https://bugzilla.libsdl.org/show_bug.cgi?id=4936 (In reply to Ozkan Sezer from comment #15) > The 64bits offset patch, as it seems, broke loading xcf files, > both in 1.2 and default branches. See: > https://bugzilla.libsdl.org/show_bug.cgi?id=4935 > https://bugzilla.libsdl.org/show_bug.cgi?id=4936 I think I fixed it. See https://bugzilla.libsdl.org/show_bug.cgi?id=4935 (In reply to miniupnp@free.fr from comment #16) > (In reply to Ozkan Sezer from comment #15) > > The 64bits offset patch, as it seems, broke loading xcf files, > > both in 1.2 and default branches. See: > > https://bugzilla.libsdl.org/show_bug.cgi?id=4935 > > https://bugzilla.libsdl.org/show_bug.cgi?id=4936 > > I think I fixed it. See https://bugzilla.libsdl.org/show_bug.cgi?id=4935 OK, tracking the issue in #4935. Re-closing this one. |
Created attachment 3524 [details] XCF file which causes the bug I have a legitimate .xcf file (see attached) which cause SDL 1.2.x to be stuck in an infinite loop when trying to load it.