Package: xcftools Version: 1.0.4-1 Severity: important
I really like the xcftools package, because it lets me author things in Gimp and then automate operations on them (e.g. let a Makefile generate jpeg images from a sandwhich of layers). However, this bug is a problem for me currently: I try to extract individual layers, clipped to the canvas size. It seems that at least sometimes, for at least some layers which extends past the edges of the canvas, xcf2pnm fails. On this amd64 system, it passes an unreasonable size to malloc(). On my PPC Debian 4.0 system and xcftools (1.0.4-1) it dies with SIGILL instead. Possibly, almost anything can happen. xcf2png fails in the same way. Some might suspect that this as a security issue. I have chosen not to file it as such, but feel free to raise the severity if you think it's important. I have attached two minimal example files (gzipped). The -bigcanvas variant was created in Gimp with "Fit canvas to layers". And here is a terminal session which shows the problem: salix:/tmp/xcfbug% ls -l total 84 -rw-r--r-- 1 grahn grahn 46351 Jun 16 21:50 djuras_white_bigcanvas.xcf -rw-r--r-- 1 grahn grahn 32939 Jun 16 21:49 djuras_white.xcf salix:/tmp/xcfbug% md5sum *xcf a1b5381579a94af0822a09d3f37b3e4b djuras_white_bigcanvas.xcf 7812863507ddd7e486bfabdb468f6d78 djuras_white.xcf salix:/tmp/xcfbug% xcfinfo djuras_white.xcf Version 0, 1600x1600 RGB color, 2 layers, compressed RLE - 1670x1653-38-27 RGB-alpha Normal eniro + 1600x1600+0+0 RGB-alpha Normal ekon salix:/tmp/xcfbug% xcfinfo djuras_white_bigcanvas.xcf Version 0, 1670x1653 RGB color, 2 layers, compressed RLE - 1670x1653+0+0 RGB-alpha Normal eniro + 1600x1600+38+27 RGB-alpha Normal ekon salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white_bigcanvas.xcf ekon |md5sum 141f57dbe4df3f07eb00b58297112e91 - salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white.xcf ekon |md5sum 141f57dbe4df3f07eb00b58297112e91 - salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white_bigcanvas.xcf eniro |md5sum 95a6ef319b81ae9f552b6f0ef3c164d9 - salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white.xcf eniro |md5sum xcf2pnm: Out of memory d41d8cd98f00b204e9800998ecf8427e - zsh: exit 127 xcf2pnm -b black -C djuras_white.xcf eniro | zsh: done md5sum salix:/tmp/xcfbug% valgrind -q xcf2pnm -b black -C djuras_white.xcf eniro |md5sum ==2403== Warning: silly arg (-1794832372) to malloc() xcf2pnm: Out of memory d41d8cd98f00b204e9800998ecf8427e - zsh: exit 127 valgrind -q xcf2pnm -b black -C djuras_white.xcf eniro | zsh: done md5sum salix:/tmp/xcfbug% I'd really appreciate a fix. I could try debugging it myself, but I have a feeling someone else (e.g. the upstream author) who knows XXF better can succeed in an hour or so. regards, Jörgen -- System Information: Debian Release: 5.0.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26.7 (PREEMPT) Locale: LANG=sv_SE, LC_CTYPE=sv_SE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages xcftools depends on: ii libc6 2.7-18 GNU C Library: Shared libraries ii libpng12-0 1.2.27-2+lenny2 PNG library - runtime Versions of packages xcftools recommends: pn feh | gimageview | gqview | i <none> (no description available) ii mime-support 3.44-1 MIME files 'mime.types' & 'mailcap ii x11-common 1:7.3+18 X Window System (X.Org) infrastruc Versions of packages xcftools suggests: ii gimp 2.4.7-1 The GNU Image Manipulation Program -- no debconf information
djuras_white.xcf.gz
Description: GNU Zip compressed data
djuras_white_bigcanvas.xcf.gz
Description: GNU Zip compressed data