The attachment "debdiff with the fix for Precise" seems to be a debdiff.
The ubuntu-sponsors team has been subscribed to the bug report so that
they can review and hopefully sponsor the debdiff.  If the attachment
isn't a patch, please remove the "patch" flag from the attachment,
remove the "patch" tag, and if you are member of the ~ubuntu-sponsors,
unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1540811

Title:
  [GDK] patch - avoid integer overflow when allocating a large block of
  memory

Status in gtk+2.0 package in Ubuntu:
  New
Status in gtk+2.0 package in Debian:
  New

Bug description:
  [Impact]

  Due to a logic error, an attempt to allocate a large block of memory
  fails in gdk_cairo_set_source_pixbuf, leading to a crash of the app
  that called it, for example, eom [1].

  This issue had been fixed [2] in GTK+3, but GTK+2 apps that use the
  mentioned function still crash when trying to allocate a lot of
  memory. An example of such app is eom (Eye of MATE), an image viewer,
  which crashes when trying to load a large image.

  I propose fixing it in current Ubuntu releases with the patch which fixes the 
crash.
  The debdiffs are in the attachments in the comments below.

  [Test Case]

  Steps to reproduce:

  1. Have a 64-bit installation of Ubuntu.
  2. Install eom if it isn't installed.
  3. Download the archive from the attachment of this post and unpack it. 
(Firefox doesn't allow me to upload image as is - tries to make thumbnail of it 
right in the file open dialog, then crashes.)
  4. Open the unpacked image (27000_27000_1437947845.png) in eom.
  5. eom crashes. The full backtrace is at [3].

  You'll also see an error message: "failed to allocate
  18446744072330584320 bytes". This huge number appears due to overflow
  during multiplication of two 32-bit signed integers. In the patch,
  this error is avoided by using a different memory allocation function.

  [Regression Potential]

  After several months of testing the patch in Debian Jessie, Debian
  Testing and Ubuntu 14.04, I haven't noticed any regressions.

  
  [1] https://github.com/mate-desktop/eom/issues/93
  [2] 
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
  [3] https://github.com/mate-desktop/eom/issues/93#issuecomment-141035799

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to