1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
From 725afb9a926553b664a1cb1270d38de133f659e1 Mon Sep 17 00:00:00 2001
From: Andreas Wellving <andreas.wellving@enea.com>
Date: Mon, 22 Oct 2018 12:21:56 +0200
Subject: [PATCH] ico: Return an error when the ICO didn't load
If we don't even read enough data to fill the header, return an
error. This doesn't cover everything that could go wrong with
the ICO incremental loader, but this is a good first throw.
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/7586553]
thumbnailer: Update skeleton to fix a possible crash
If the loader returns a NULL pixbuf without returning an
error, the skeleton would crash trying to print the error.
Print that the thumbnailer is broken instead.
https://bugzilla.gnome.org/show_bug.cgi?id=778204
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/57362ed]
CVE: CVE-2017-6311
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
---
gdk-pixbuf/io-ico.c | 11 ++++++++++-
thumbnailer/gnome-thumbnailer-skeleton.c | 14 ++++++++++++--
2 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c
index 2b0441f..68295a3 100644
--- a/gdk-pixbuf/io-ico.c
+++ b/gdk-pixbuf/io-ico.c
@@ -605,6 +605,7 @@ gdk_pixbuf__ico_image_stop_load(gpointer data,
{
struct ico_progressive_state *context =
(struct ico_progressive_state *) data;
+ gboolean ret = TRUE;
/* FIXME this thing needs to report errors if
* we have unused image data
@@ -612,8 +613,16 @@ gdk_pixbuf__ico_image_stop_load(gpointer data,
g_return_val_if_fail(context != NULL, TRUE);
+ if (context->HeaderDone < context->HeaderSize) {
+ g_set_error_literal (error,
+ GDK_PIXBUF_ERROR,
+ GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+ _("ICO image was truncated or incomplete."));
+ ret = FALSE;
+ }
+
context_free (context);
- return TRUE;
+ return ret;
}
static void
diff --git a/thumbnailer/gnome-thumbnailer-skeleton.c b/thumbnailer/gnome-thumbnailer-skeleton.c
index d686432..73da53e 100644
--- a/thumbnailer/gnome-thumbnailer-skeleton.c
+++ b/thumbnailer/gnome-thumbnailer-skeleton.c
@@ -37,6 +37,7 @@ static int output_size = 256;
static gboolean g_fatal_warnings = FALSE;
static char **filenames = NULL;
+#if !GDK_PIXBUF_CHECK_VERSION(2,36,5)
/**
* gnome_desktop_thumbnail_scale_down_pixbuf:
* @pixbuf: a #GdkPixbuf
@@ -178,6 +179,7 @@ gnome_desktop_thumbnail_scale_down_pixbuf (GdkPixbuf *pixbuf,
return dest_pixbuf;
}
+#endif
static char *
get_target_uri (GFile *file)
@@ -291,9 +293,16 @@ int main (int argc, char **argv)
scale = (double)output_size / MAX (width, height);
+#if !GDK_PIXBUF_CHECK_VERSION(2,36,5)
scaled = gnome_desktop_thumbnail_scale_down_pixbuf (pixbuf,
floor (width * scale + 0.5),
floor (height * scale + 0.5));
+#else
+ scaled = gdk_pixbuf_scale_simple (pixbuf,
+ floor (width * scale + 0.5),
+ floor (height * scale + 0.5),
+ GDK_INTERP_HYPER);
+#endif
gdk_pixbuf_copy_options (pixbuf, scaled);
g_object_unref (pixbuf);
pixbuf = scaled;
@@ -316,8 +325,9 @@ int main (int argc, char **argv)
g_free (input_filename);
if (!pixbuf) {
- g_warning ("Could not thumbnail '%s': %s", filenames[0], error->message);
- g_error_free (error);
+ g_warning ("Could not thumbnail '%s': %s", filenames[0],
+ error ? error->message : "Thumbnailer failed without returning an error");
+ g_clear_error (&error);
g_strfreev (filenames);
return 1;
}
|