From: gnome-perl (bugzilla.gnome.o. <bug...@gn...> - 2010-07-30 22:06:14
|
https://bugzilla.gnome.org/show_bug.cgi?id=625692 gnome-perl | Gtk2 | unspecified Summary: Pixbuf get_pixels() past end of malloced block Classification: Bindings Product: gnome-perl Version: unspecified OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: Normal Component: Gtk2 AssignedTo: gtk...@li... ReportedBy: us...@zi... QAContact: gtk...@li... GNOME target: --- GNOME version: --- Created an attachment (id=166860) --> (https://bugzilla.gnome.org/attachment.cgi?id=166860) failing program, when run under electric fence $pixbuf->get_pixels() reads bytes past the end of the pixbuf data. It treats the data as if the last row was a full rowstride, but the pixbuf manual says the last doesn't have that padding, only width*n_channels bytes. Pixbufs created with $pixbuf->copy have a malloced block with the last row unpadded. Running foo.pl below under electric fence gets a segv from XS_Gtk2__Gdk__Pixbuf_get_pixels() going past the end of the block in the $p2 pixbuf. For most pixbufs the rowstride is just a multiple of 4, and malloced blocks are rounded up to a multiple of 4 anyway. But if you have a bigger rowstride like the 256 in foo.pl then the problem shows up. Perhaps the change below to use actual row width for the last row. I wonder if anyone has depended on the padded size in the return. You'd hope not. I think the shorter size is still right for new_from_data(), and the final padding is garbage. -- Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. You are the assignee for the bug. |
From: gnome-perl (bugzilla.gnome.o. <bug...@gn...> - 2010-07-30 22:07:23
|
https://bugzilla.gnome.org/show_bug.cgi?id=625692 gnome-perl | Gtk2 | unspecified --- Comment #1 from Kevin Ryde <us...@zi...> 2010-07-30 22:07:12 UTC --- Created an attachment (id=166861) View: https://bugzilla.gnome.org/attachment.cgi?id=166861 Review: https://bugzilla.gnome.org/review?bug=625692&attachment=166861 patch and test case -- Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. You are the assignee for the bug. |
From: gnome-perl (bugzilla.gnome.o. <bug...@gn...> - 2010-07-31 10:50:28
|
https://bugzilla.gnome.org/show_bug.cgi?id=625692 gnome-perl | Gtk2 | unspecified Emmanuele Bassi <ebassi> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #166861|none |reviewed status| | --- Comment #2 from Emmanuele Bassi <eb...@gm...> 2010-07-31 10:50:13 UTC --- Review of attachment 166861: --> (https://bugzilla.gnome.org/review?bug=625692&attachment=166861) the patch looks obviously correct ::: xs/GdkPixbuf.xs @@ +332,3 @@ + simply n_channels many bytes-per-pixel, but the calculation + anticipates bits not a multiple of 8. */ + different colorspaces and different BPP sizes will never happen - and if it ever did, gdk-pixbuf's API would probably be bumped. -- Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. You are the assignee for the bug. |
From: gnome-perl (bugzilla.gnome.o. <bug...@gn...> - 2010-11-23 21:08:42
|
https://bugzilla.gnome.org/show_bug.cgi?id=625692 gnome-perl | Gtk2 | unspecified Torsten Schoenfeld <kaffeetisch> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |FIXED --- Comment #3 from Torsten Schoenfeld <kaf...@gm...> 2010-11-23 21:08:30 UTC --- Looks good, committed. Thanks. -- Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. You are the assignee for the bug. |
From: gnome-perl (bugzilla.gnome.o. <bug...@gn...> - 2010-11-23 21:08:45
|
https://bugzilla.gnome.org/show_bug.cgi?id=625692 gnome-perl | Gtk2 | unspecified Torsten Schoenfeld <kaffeetisch> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #166861|reviewed |committed status| | -- Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. You are the assignee for the bug. |