Your message dated Wed, 26 Jul 2017 19:04:14 +0000
with message-id <e1darbs-000j3n...@fasolo.debian.org>
and subject line Bug#838654: fixed in inkscape 0.92.2~pre0-1
has caused the Debian Bug report #838654,
regarding inkscape: rowstride integer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
838654: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838654
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: inkscape
Version: 0.91-5~bpo8+1
Severity: normal
Tags: upstream patch
Dear Mattia,
I open a new bug, since #838486 is rather different. The same idiom, however,
appears in the latest version of drawing-image.cpp. With the patch attached,
and some other patches in pixman (#838650) and cairo (#838648) i was able to
edit a large file, save a pdf copy of it, and view it with evince :-) I don't
know how epidemic the idiom is.
Best
Ale
-- System Information:
Debian Release: 8.6
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages inkscape depends on:
ii gconf-service 3.2.6-3
ii libaspell15 0.60.7~20110707-1.3
ii libatk1.0-0 2.14.0-1
ii libatkmm-1.6-1 2.22.7-2.1
ii libc6 2.19-18+deb8u6
ii libcairo2 1.14.0-2.1+deb8u1
ii libcairomm-1.0-1 1.10.0-1.1
ii libcdr-0.1-1 0.1.0-3
ii libexif12 0.6.21-2
ii libfontconfig1 2.11.0-6.3+deb8u1
ii libfreetype6 2.5.2-3+deb8u1
ii libgc1c2 1:7.2d-6.4
ii libgcc1 1:4.9.2-10
ii libgconf-2-4 3.2.6-3
ii libgdk-pixbuf2.0-0 2.31.1-2+deb8u5
ii libglib2.0-0 2.42.1-1+b1
ii libglibmm-2.4-1c2a 2.42.0-1
ii libgnomevfs2-0 1:2.24.4-6+b1
ii libgomp1 4.9.2-10
ii libgsl0ldbl 1.16+dfsg-2
ii libgtk2.0-0 2.24.25-3+deb8u1
ii libgtkmm-2.4-1c2a 1:2.24.4-1.1
ii libgtkspell0 2.0.16-1.1
ii libjpeg8 8d-1+deb7u1
ii liblcms2-2 2.6-3+b3
ii libmagick++-6.q16-5 8:6.8.9.9-5+deb8u4
ii libmagickcore-6.q16-2 8:6.8.9.9-5+deb8u4
ii libmagickwand-6.q16-2 8:6.8.9.9-5+deb8u4
ii libpango-1.0-0 1.36.8-3
ii libpangocairo-1.0-0 1.36.8-3
ii libpangoft2-1.0-0 1.36.8-3
ii libpangomm-1.4-1 2.34.0-1.1
ii libpng12-0 1.2.50-2+deb8u2
ii libpoppler-glib8 0.26.5-2+deb8u1
ii libpoppler46 0.26.5-2+deb8u1
ii libpopt0 1.16-10
ii librevenge-0.0-0 0.0.1-3
ii libsigc++-2.0-0c2a 2.4.0-1
ii libstdc++6 4.9.2-10
ii libvisio-0.1-1 0.1.0-2
ii libwpg-0.3-3 0.3.0-3
ii libx11-6 2:1.6.2-3
ii libxml2 2.9.1+dfsg1-5+deb8u3
ii libxslt1.1 1.1.28-2+deb8u1
pn python:any <none>
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages inkscape recommends:
ii aspell 0.60.7~20110707-1.3
ii imagemagick 8:6.8.9.9-5+deb8u4
ii libgnomevfs2-extra 1:2.24.4-6+b1
ii libimage-magick-perl 8:6.8.9.9-5+deb8u4
ii libwmf-bin 0.2.8.4-10.3+deb8u1
ii pstoedit 3.62-2+b1
ii python-lxml 3.4.0-1
ii python-numpy 1:1.8.2-2
ii transfig 1:3.2.5.e-4
Versions of packages inkscape suggests:
ii dia 0.97.3-1
ii dia-gnome 0.97.3-1
ii libsvg-perl 2.59-1
ii libxml-xql-perl 0.68-6
ii python-uniconvertor 1.1.4-1+b2
ii ruby 1:2.1.5+deb8u2
ii ruby1.8 [ruby] 1.8.7.358-7.1+deb7u3
-- no debconf information
Description: rowstride should be size_t
it is wrong to compute offsets like so:
int rowstride = something;
char *buffer = base_ptr + y*rowstride + x*4;
That idiom fails in 64bit architectures where integers are 32 bit. Consider
for example an A0 poster at 600 dpi brings a 19860x28080 image. While width
and heights are 16 bit numbers, their product multiplied by a bpp of 4 results
in a negative integer.
Stride should be size_t, or, if it can be negative, long integer.
--- inkscape-0.91.orig/src/display/drawing-image.cpp
+++ inkscape-0.91/src/display/drawing-image.cpp
@@ -209,9 +209,9 @@ DrawingImage::_pickItem(Geom::Point cons
} else {
unsigned char *const pixels = _pixbuf->pixels();
- int width = _pixbuf->width();
- int height = _pixbuf->height();
- int rowstride = _pixbuf->rowstride();
+ unsigned width = _pixbuf->width();
+ unsigned height = _pixbuf->height();
+ unsigned rowstride = _pixbuf->rowstride();
Geom::Point tp = p * _ctm.inverse();
Geom::Rect r = bounds();
@@ -221,13 +221,13 @@ DrawingImage::_pickItem(Geom::Point cons
double vw = width * _scale[Geom::X];
double vh = height * _scale[Geom::Y];
- int ix = floor((tp[Geom::X] - _origin[Geom::X]) / vw * width);
- int iy = floor((tp[Geom::Y] - _origin[Geom::Y]) / vh * height);
+ unsigned ix = floor((tp[Geom::X] - _origin[Geom::X]) / vw * width);
+ unsigned iy = floor((tp[Geom::Y] - _origin[Geom::Y]) / vh * height);
- if ((ix < 0) || (iy < 0) || (ix >= width) || (iy >= height))
+ if ((ix >= width) || (iy >= height))
return NULL;
- unsigned char *pix_ptr = pixels + iy * rowstride + ix * 4;
+ unsigned char *pix_ptr = pixels + (unsigned long)iy * rowstride + ix * 4UL;
// pick if the image is less than 99% transparent
guint32 alpha = 0;
if (_pixbuf->pixelFormat() == Inkscape::Pixbuf::PF_CAIRO) {
--- End Message ---
--- Begin Message ---
Source: inkscape
Source-Version: 0.92.2~pre0-1
We believe that the bug you reported is fixed in the latest version of
inkscape, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 838...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mattia Rizzolo <mat...@debian.org> (supplier of updated inkscape package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 26 Jul 2017 16:07:58 +0200
Source: inkscape
Binary: inkscape
Architecture: source
Version: 0.92.2~pre0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers
<pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Mattia Rizzolo <mat...@debian.org>
Description:
inkscape - vector-based drawing program
Closes: 838654 853453
Changes:
inkscape (0.92.2~pre0-1) unstable; urgency=medium
.
* New upstream version 0.92.2~pre0.
http://wiki.inkscape.org/wiki/index.php/Release_notes/0.92.2
+ Fix an integer overflow. Closes: #838654
+ Fix compilation with GCC 7. Closes: #853453
* d/dirs: remove, useless.
* d/patches: drop 15484 patch, applied upstream.
* d/control: bump Standards-Version to 4.0.0, no changes needed.
Checksums-Sha1:
64b506614e1915fa1186c3e3301a8e5e20333e4c 2913 inkscape_0.92.2~pre0-1.dsc
4722d20ed970fda59c26600e68f5afcb2c436b88 31265103
inkscape_0.92.2~pre0.orig.tar.bz2
7e8b423272bcb0e693b71bfaac3ead532a4d19b1 181
inkscape_0.92.2~pre0.orig.tar.bz2.asc
d414d4be5df1afb393fd6d1ea42191eefdddf634 27108
inkscape_0.92.2~pre0-1.debian.tar.xz
117b606702e97f6d65d22a9852ac5c5cb3a0f4fa 15666
inkscape_0.92.2~pre0-1_amd64.buildinfo
Checksums-Sha256:
08560a608bc430ae1cce0e1749e92abba6c1e97fca55a51f1c7509bd52b96c04 2913
inkscape_0.92.2~pre0-1.dsc
51afdf9677276f17ccd15ebde911fde7e2eb54021dccebfc858c73237b38842c 31265103
inkscape_0.92.2~pre0.orig.tar.bz2
20e57e6d4fa7769908d7f20bcc82f89c32c167632bb8789529a28b3c6165ad95 181
inkscape_0.92.2~pre0.orig.tar.bz2.asc
af0db6fc2d60fc9bc2a661cc2719de8a0b462e400b1bb83c25cc4f3d5ec2cf5c 27108
inkscape_0.92.2~pre0-1.debian.tar.xz
91b5781bf51c6bdf1273e38f82e642f44f4ba8eb29be6934eb4dbb52f05979a5 15666
inkscape_0.92.2~pre0-1_amd64.buildinfo
Files:
096ffa2b7646864ef477b7366a58aaec 2913 graphics optional
inkscape_0.92.2~pre0-1.dsc
6330f21de5b59fdac327c03f3423c2eb 31265103 graphics optional
inkscape_0.92.2~pre0.orig.tar.bz2
cb2a2bf05c0e409419fec4eb760114d6 181 graphics optional
inkscape_0.92.2~pre0.orig.tar.bz2.asc
8249f41728c6df545eb9515c299e5636 27108 graphics optional
inkscape_0.92.2~pre0-1.debian.tar.xz
3bee61d045362dc28f10a75f570ea06b 15666 graphics optional
inkscape_0.92.2~pre0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAll45jgACgkQCBa54Yx2
K62DWA/9HlbU7ofA3Q474KTxO6vdXF7MfUnUdD0bqzyV1t9IgWOGZOARV78FqIJa
hglBu8qf/+yw09ngjr/4ziWoCGcvplBbHHqP6c211nX8FwzYs1pMZy0O6aOCd0Fn
cw2ZpjMj9PTsuzq6v0N3Wih/2zYubM0zf4HlD3IiUlPfdk0CrWc/z11LkvP76Xed
Hs4lrl4VDE4FZIYIh4r1LlUGZZUNBc7sp8AgXy4rgo0w5ewyXQsCDqIFMGwg2rdF
KxmWYCdK26I61snWtkT9RsxALkkadVVkNhNbWmZ6Yp91ZWd+zIjo5QqbWB3vidp1
v3EGDwjXa6ZJpGL4hpZIAvpzn0PR6XeFQj+7Q4z6Clq8Gu+9s+9hBv4un0sqtqXy
ojkcxMzo3KhWqHs4MBYwSQgPYiptxkhmsIr+S/O4N6oKRd76D9O3w6EFbG2UOjnO
swVQb0rnUkVYQPABK4pxe7RwF1Ry70/POhbVKVPPCys8rXBFs5O79/Ww36jeQiLT
LXd2QxIdQ3b2flS0xxYfd0vthF49D3LXPal/6QBLwVGo54syPJ4HXdyAKf4jQ8rh
Lx/9PrhlmHK8bBsXiLlapbgnIbdknEqNJiqk6H+06pdkiMKP5IKL4d5tPfvYCx6B
UjJBrZHU2itM4RV8l0BgpCcC0pJp6RiduFgD5xKOAOsxBCoaAYQ=
=x6FL
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers