We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 4413 - SDL_image 1.2.x stuck in infinite loop when loading XCF file
Summary: SDL_image 1.2.x stuck in infinite loop when loading XCF file
Status: RESOLVED FIXED
Alias: None
Product: SDL_image
Classification: Unclassified
Component: misc (show other bugs)
Version: 1.2.12
Hardware: All All
: P2 major
Assignee: Sam Lantinga
QA Contact: Sam Lantinga
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-04 12:34 UTC by miniupnp@free.fr
Modified: 2020-10-26 23:06 UTC (History)
2 users (show)

See Also:

Attachments
XCF file which causes the bug (168.99 KB, image/x-xcf)
2018-12-04 12:34 UTC, miniupnp@free.fr 		Details
patch for the infinite loop (2.51 KB, patch)
2018-12-04 12:35 UTC, miniupnp@free.fr 		Details | Diff
support XCF files with 64bits offsets (6.48 KB, patch)
2018-12-04 12:36 UTC, miniupnp@free.fr 		Details | Diff
Patch to ignore load leves > 1, just as Gimp (1.65 KB, patch)
2018-12-04 12:41 UTC, miniupnp@free.fr 		Details | Diff
patch for the infinite loop - SLD-1.2-current (2.53 KB, patch)
2018-12-06 12:34 UTC, miniupnp@free.fr 		Details | Diff
patch to support XCF files with 64bits offset - SDL-1.2-current (6.89 KB, patch)
2018-12-06 12:45 UTC, miniupnp@free.fr 		Details | Diff
Patch to ignore load leves > 1, just as Gimp - SDL-1.2-current (2.25 KB, patch)
2018-12-06 12:58 UTC, miniupnp@free.fr 		Details | Diff
patch to support XCF files with 64bits offset - default branch (6.82 KB, patch)
2018-12-06 13:13 UTC, miniupnp@free.fr 		Details | Diff
Patch to ignore load leves > 1, just as Gimp -default branch (1.98 KB, patch)
2018-12-06 13:21 UTC, miniupnp@free.fr 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description miniupnp@free.fr 2018-12-04 12:34:36 UTC 
Created attachment 3524 [details]
XCF file which causes the bug

I have a legitimate .xcf file (see attached)
which cause SDL 1.2.x to be stuck in an infinite loop when trying to load it.
Comment 1 miniupnp@free.fr 2018-12-04 12:35:50 UTC 
Created attachment 3525 [details]
patch for the infinite loop
Comment 2 miniupnp@free.fr 2018-12-04 12:36:24 UTC 
Created attachment 3526 [details]
support XCF files with 64bits offsets
Comment 3 miniupnp@free.fr 2018-12-04 12:41:38 UTC 
Created attachment 3527 [details]
Patch to ignore load leves > 1, just as Gimp

there is a bug in the saving code of gimp
https://gitlab.gnome.org/GNOME/gimp/issues/2604

So this patch is to avoid loading buggy data
Comment 4 miniupnp@free.fr 2018-12-04 12:42:28 UTC 
I think at least the infinite loop should be patched ASAP as it can causes denial of service attacks
Comment 5 Sam Lantinga 2018-12-05 15:58:44 UTC 
These don't cleanly apply. Can you attach new patches against the code in Mercurial?
https://hg.libsdl.org/SDL_image/

Thanks!
Comment 6 miniupnp@free.fr 2018-12-06 12:27:15 UTC 
my current patches are against SDL_image 1.2.12

I'm going to make patches for SDL_image branch default and SDL-1.2
Comment 7 miniupnp@free.fr 2018-12-06 12:34:53 UTC 
Created attachment 3528 [details]
patch for the infinite loop - SLD-1.2-current
Comment 8 miniupnp@free.fr 2018-12-06 12:45:42 UTC 
Created attachment 3529 [details]
patch to support XCF files with 64bits offset - SDL-1.2-current
Comment 9 miniupnp@free.fr 2018-12-06 12:58:47 UTC 
Created attachment 3530 [details]
Patch to ignore load leves > 1, just as Gimp - SDL-1.2-current
Comment 10 miniupnp@free.fr 2018-12-06 13:04:12 UTC 
 patch for the infinite loop - SLD-1.2-current 
also apply cleanly on default (2.0) branch
Comment 11 miniupnp@free.fr 2018-12-06 13:13:57 UTC 
Created attachment 3531 [details]
patch to support XCF files with 64bits offset - default branch
Comment 12 miniupnp@free.fr 2018-12-06 13:21:17 UTC 
Created attachment 3532 [details]
Patch to ignore load leves > 1, just as Gimp -default branch
Comment 13 miniupnp@free.fr 2018-12-06 13:24:14 UTC 
I attached the patch for both hg branches default and SDL-1.2.
patch order :

default :
  SDL_image-1.2-current.XCF_infinite_loop.patch
  SDL_image-default.XCF.v11_64bits_offsets.patch
  SDL_image-default.XCF_ignore_levels.patch

SDL-1.2 :
  SDL_image-1.2-current.XCF_infinite_loop.patch
  SDL_image-1.2-current.XCF_v11_64bits_offsets.hg.patch
  SDL_image-1.2-current.XCF_ignore_levels.patch
Comment 15 Ozkan Sezer 2020-10-26 16:22:34 UTC 
The 64bits offset patch, as it seems, broke loading xcf files,
both in 1.2 and default branches. See:
https://bugzilla.libsdl.org/show_bug.cgi?id=4935
https://bugzilla.libsdl.org/show_bug.cgi?id=4936
Comment 16 miniupnp@free.fr 2020-10-26 22:36:59 UTC 
(In reply to Ozkan Sezer from comment #15)
> The 64bits offset patch, as it seems, broke loading xcf files,
> both in 1.2 and default branches. See:
> https://bugzilla.libsdl.org/show_bug.cgi?id=4935
> https://bugzilla.libsdl.org/show_bug.cgi?id=4936

I think I fixed it. See https://bugzilla.libsdl.org/show_bug.cgi?id=4935
Comment 17 Ozkan Sezer 2020-10-26 23:06:48 UTC 
(In reply to miniupnp@free.fr from comment #16)
> (In reply to Ozkan Sezer from comment #15)
> > The 64bits offset patch, as it seems, broke loading xcf files,
> > both in 1.2 and default branches. See:
> > https://bugzilla.libsdl.org/show_bug.cgi?id=4935
> > https://bugzilla.libsdl.org/show_bug.cgi?id=4936
> 
> I think I fixed it. See https://bugzilla.libsdl.org/show_bug.cgi?id=4935

OK, tracking the issue in #4935. Re-closing this one.