Pidgin denial of service with invalid gifs
Mark Doliner
mark at kingant.net
Sun Jun 12 14:06:20 EDT 2011
On Thu, May 26, 2011 at 1:48 AM, Elliott Sales de Andrade
<qulogic at pidgin.im> wrote:
> On Thu, May 26, 2011 at 4:42 AM, Elliott Sales de Andrade
> <qulogic at pidgin.im> wrote:
>> On Thu, May 26, 2011 at 4:08 AM, Mark Doliner <mark at kingant.net> wrote:
>>>
>>> I encountered a denial of service bug in Pidgin with the attached
>>> invalid gif. When Pidgin tries to scale this image it continues
>>> consuming memory until the process dies/is killed. It's pretty bad
>>> :-(
>>>
>>> The attached image comes from python imaging (aka PIL). I resized a
>>> valid image to a smaller size and saved it as gif with optimize=True.
>>> Apparently this results in an invalid gif (seems like a bug in
>>> PIL--but whatever).
>>>
>>> It's pretty easy to write some sample code to demonstrate the problem:
>>> GdkPixbuf *pixbuf;
>>> GError *err = NULL;
>>> pixbuf = gdk_pixbuf_new_from_file("bad_image.gif", &err);
>>> /* At this point, err will be non NULL and err->message is
>>> "Failed to load image 'bad_image.gif': GIF image loader cannot
>>> understand this image."
>>> However, pixbuf WILL be set to a GdkPixbuf object (non-NULL). */
>>> gdk_pixbuf_scale_simple(pixbuf, 20, 20, GDK_INTERP_BILINEAR); /* This
>>> line triggers the problem */
>>>
>>
>> Maybe I forgot to initialize something and my test code is too simple (I
>> basically just used the three lines you gave), but this crashes in
>> gdk_pixbuf_new_from_file for me. What version of gtk/gdk(-pixbuf) are you
>> using?
>>
>
> Never mind that. A gtk_init fixes it (even though it may be more than
> necessary). I get a slightly different message: "Failed to load image
> 'bad_image.gif': GIF image loader cannot understand this image." This is
> with gdk-pixbuf2-2.22.0-1.fc14.x86_64.
Just want to confirm... so after you added the call to gtk_init() were
you able to reproduce the problem where the sample program consumed
lots and lots of memory in an infinite loop? Also I don't see any
differences between your message and mine. I'm using
libgdk-pixbuf2.0-0-2.23.3-0ubuntu1.
--Mark
More information about the security
mailing list