[Bug 2109922] [NEW] draw and fill polygon are crashing in 1.12.1 (maybe earlier)

Sat, 03 May 2025 22:15:38 -0700 

Public bug reported:

ubuntu 24.04
package libimlib2-dev 1.12.1

when using imlib_image_fill_polygon or imlib_image_draw_polygon it
crashes with a buffer overflow irregularly..

while experimenting with it i could sometimes draw a 4 sided polygon,
but if i moved one pixel it crashed, or if i removed one point, it
crashed.. or added a point, there seemed to be no rhyme or reason to why
it accepted some polygons but not others

This all worked fine in 1.6.1, at some point between the two versions
something has broken and i don't know how to debug a library ;( instead
i manually reinstalled 1.6.1 instead (and its loaders/filters) and now
the code works as before

here was the stack trace from before:

#5  0x00007ffff7a347b6 in __libc_message_impl (fmt=fmt@entry=0x7ffff7bd9765 
"*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:134
#6  0x00007ffff7b41c19 in __GI___fortify_fail (msg=msg@entry=0x7ffff7bd974c 
"buffer overflow detected") at ./debug/fortify_fail.c:24
#7  0x00007ffff7b415d4 in __GI___chk_fail () at ./debug/chk_fail.c:28
#8  0x00007ffff7c3061c in imlib_image_fill_polygon () from 
/lib/x86_64-linux-gnu/libImlib2.so.1
#9  0x000055555555fdff in gib_imlib_image_fill_polygon (im=<optimized out>, 
poly=<optimized out>, r=<optimized out>, g=<optimized out>, b=<optimized out>, 
a=<optimized out>, alias=1 '\001', cx=0, cy=0, cw=0, ch=0) at gib_imlib.c:282
#10 0x0000555555563c2d in feh_create_caption_image_bubble (tw=tw@entry=51, 
th=th@entry=29, xoff=xoff@entry=0x7fffffffdc9c, yoff=yoff@entry=0x7fffffffdca0, 
fg_r=fg_r@entry=0, fg_b=fg_b@entry=0, fg_g=0) at imlib.c:1295

the args for that gib_imlib_image_fill_polygon wrapper function were for
sizing a clipping rect, even with it off it fails so it isn't that

** Affects: imlib2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2109922

Title:
  draw and fill polygon are crashing in 1.12.1 (maybe earlier)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imlib2/+bug/2109922/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to