[Pkg-phototools-devel] Bug#773967: Bug#773967: feh crashes on invalid gif image data

Andreas Tille andreas at an3as.eu
Mon Jan 5 08:22:37 UTC 2015


Hi,

thanks for this bug report.  Unfortunately I do not fully understand how
to reproduce the problem.  You generated the affected test images and it
would help if you could put them online somehow to simplify the
reproduction (or provide a generation script alternatively).

I realised that upstream (in CC) released two new versions (hey, Daniel,
it would be great if you would ping me on new releases).  The changelog
does not mention the problems you are specifying here and in your other
bug report (#773968) explicitly but may be it makes sense to just
upload the latest program version?

Kind regards

      Andreas.

On Fri, Dec 26, 2014 at 12:53:08PM +0200, Jussi Judin wrote:
> Package: feh
> Version: 2.12-1
> Severity: important
> 
> Feh crashes with segmentation fault when given an invalid gif image in
> a mode that should help determining if the image can be displayed (-U
> command line argument). I did run feh on a afl[1]-generated image test
> sets[2] to figure out if any specific images cause problems for
> feh. If you try feh with following command line parameters on the
> attached image, you should see a segmentation fault:
> 
> $ feh -U id:000293,src:000000,op:havoc,rep:4.gif
> Segmentation fault
> 
> I don't know if this opens a security issue, but every segmentation
> fault has a potential for it.
> 
> Here is a gdb backtrace of the segmentation fault:
> 
> (gdb) run -U id:000293,src:000000,op:havoc,rep:4.gif
> Starting program: /usr/bin/feh -U id:000293,src:000000,op:havoc,rep:4.gif
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff0023d3c in load () from /usr/lib/x86_64-linux-gnu/imlib2/loaders/gif.so
> (gdb) bt
> #0  0x00007ffff0023d3c in load () from /usr/lib/x86_64-linux-gnu/imlib2/loaders/gif.so
> #1  0x00007ffff6c7188f in ?? () from /usr/lib/x86_64-linux-gnu/libImlib2.so.1
> #2  0x00007ffff6c55d3b in imlib_load_image_with_error_return () from /usr/lib/x86_64-linux-gnu/libImlib2.so.1
> #3  0x0000555555561930 in ?? ()
> #4  0x0000555555567925 in ?? ()
> #5  0x00005555555679af in ?? ()
> #6  0x000055555555afdc in ?? ()
> #7  0x00007ffff68c5b45 in __libc_start_main (main=0x55555555af00, argc=3, argv=0x7fffffffdfe8, 
>     init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdfd8)
>     at libc-start.c:287
> #8  0x000055555555b035 in ?? ()
> 
> [1]: American fuzzy lop - a security-oriented fuzzer:
>      http://lcamtuf.coredump.cx/afl/
> [2]: Afl-generated, minimized image test sets:
>      http://lcamtuf.coredump.cx/afl/demo/
> 
> -- System Information:
> Debian Release: 8.0
>   APT prefers testing
>   APT policy: (990, 'testing'), (100, 'unstable'), (99, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages feh depends on:
> ii  libc6         2.19-13
> ii  libcurl3      7.38.0-3
> ii  libexif12     0.6.21-2
> ii  libimlib2     1.4.6-2+b3
> ii  libpng12-0    1.2.50-2+b2
> ii  libx11-6      2:1.6.2-3
> ii  libxinerama1  2:1.1.3-1+b1
> 
> Versions of packages feh recommends:
> ii  libjpeg-progs  1:9a-2
> 
> feh suggests no packages.
> 
> -- no debconf information


> _______________________________________________
> Pkg-phototools-devel mailing list
> Pkg-phototools-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel


-- 
http://fam-tille.de



More information about the Pkg-phototools-devel mailing list