[Pidgin] #14571: Win32 installer uses insecure GTK+ version

Pidgin trac at pidgin.im
Fri Aug 24 03:28:38 EDT 2012 

#14571: Win32 installer uses insecure GTK+ version
--------------------+-------------------------------------------------------
 Reporter:  sdierl  |        Owner:  datallah       
     Type:  defect  |       Status:  new            
Milestone:  3.0.0   |    Component:  winpidgin (gtk)
  Version:  2.10.0  |   Resolution:                 
 Keywords:          |  
--------------------+-------------------------------------------------------

Comment(by ioerror):

 I have two Pidgin clients running, one on a stable Ubuntu and one on a
 stable Windows release using the GTK libraries from the installer. I have
 created a few different malformed pngs for testing both local and remote
 code paths.

 Using AIM, I send am image from the Ubuntu client to the Windows client
 containing one image, png-1-width-519-height-2.png and when it arrives on
 the remote site, the Windows client has this in the debug log:
 {{{
 (17:16:10) oscar: Parsing IM, charset=0x0000, datalen=376, choice1=ASCII,
 choice2=CP1252, choice3=
 (17:16:10) oscar: Received IM from xxx
 (17:16:10) sound: Playing C:\Program
 Files\Pidgin\sounds\purple\receive.wav
 (17:16:10) GdkPixbuf: gdk_pixbuf_new: assertion `height > 0' failed
 (17:16:10) GdkPixbuf: gdk_pixbuf_fill: assertion `GDK_IS_PIXBUF (pixbuf)'
 failed
 (17:16:10) GdkPixbuf: gdk_pixbuf_scale: assertion `GDK_IS_PIXBUF (dest)'
 failed
 (17:16:10) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:16:10) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:16:10) GdkPixbuf: gdk_pixbuf_copy_area: assertion `src_pixbuf != NULL'
 failed
 (17:16:10) GLib-GObject: g_object_unref: assertion `G_IS_OBJECT (object)'
 failed
 (17:16:10) GdkPixbuf: gdk_pixbuf_new: assertion `height > 0' failed
 (17:16:10) GdkPixbuf: gdk_pixbuf_fill: assertion `GDK_IS_PIXBUF (pixbuf)'
 failed
 (17:16:10) GdkPixbuf: gdk_pixbuf_scale: assertion `GDK_IS_PIXBUF (dest)'
 failed
 (17:16:10) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:16:10) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:16:10) GdkPixbuf: gdk_pixbuf_copy_area: assertion `src_pixbuf != NULL'
 failed
 (17:16:10) GLib-GObject: g_object_unref: assertion `G_IS_OBJECT (object)'
 failed
 }}}

 When png-1-width-519-height-2.png is set as my Ubuntu buddy icon, I am
 able to send that icon to the remote Windows pidgin. The receiving Pidgin
 parses the image and the following messages are emitted in the debug log:
 {{{
 (17:22:36) Gdk: gdkgeometry-win32.c:141: ScrollWindowEx failed: Success
 (17:22:39) oscar: Incoming rendezvous message of type 1, user xxx, status
 0
 (17:22:39) util: Writing file C:\users\xxx\Application
 Data\.purple\icons\a1b087c4cf17061520d9341083190ca680ec21a1.jpg
 (17:22:39) GdkPixbuf: gdk_pixbuf_new: assertion `height > 0' failed
 (17:22:39) GdkPixbuf: gdk_pixbuf_fill: assertion `GDK_IS_PIXBUF (pixbuf)'
 failed
 (17:22:39) GdkPixbuf: gdk_pixbuf_scale: assertion `GDK_IS_PIXBUF (dest)'
 failed
 (17:22:39) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:22:39) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:22:39) GdkPixbuf: gdk_pixbuf_copy_area: assertion `src_pixbuf != NULL'
 failed
 (17:22:39) GLib-GObject: g_object_unref: assertion `G_IS_OBJECT (object)'
 failed
 (17:22:39) GdkPixbuf: gdk_pixbuf_scale_simple: assertion `dest_height > 0'
 failed
 (17:22:39) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:22:39) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:22:39) GLib-GObject: g_object_unref: assertion `G_IS_OBJECT (object)'
 failed
 }}}

 After that error, we have a file on disk that is 800 bytes in size and not
 the png icon my Ubuntu client sent:
 {{{
 % file a1b087c4cf17061520d9341083190ca680ec21a1.jpg
 a1b087c4cf17061520d9341083190ca680ec21a1.jpg: JPEG image data, JFIF
 standard 1.01
 }}}

 Over time we see the same error without updating the icon on the Ubuntu
 side. The Windows side continues to attempt to parse the image:
 {{{
 (17:22:41) imgstore: retrieved image id 2
 (17:22:41) imgstore: retrieved image id 2
 (17:22:41) GdkPixbuf: gdk_pixbuf_new: assertion `height > 0' failed
 (17:22:41) GdkPixbuf: gdk_pixbuf_fill: assertion `GDK_IS_PIXBUF (pixbuf)'
 failed
 (17:22:41) GdkPixbuf: gdk_pixbuf_scale: assertion `GDK_IS_PIXBUF (dest)'
 failed
 (17:22:41) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:22:41) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:22:41) GdkPixbuf: gdk_pixbuf_copy_area: assertion `src_pixbuf != NULL'
 failed
 (17:22:41) GLib-GObject: g_object_unref: assertion `G_IS_OBJECT (object)'
 failed
 (17:22:44) util: Writing file blist.xml to directory
 C:\users\xxx\Application Data\.purple
 (17:22:44) util: Writing file C:\users\xxx\Application
 Data\.purple\blist.xml
 (17:24:08) GdkPixbuf: gdk_pixbuf_new: assertion `height > 0' failed
 (17:24:08) GdkPixbuf: gdk_pixbuf_fill: assertion `GDK_IS_PIXBUF (pixbuf)'
 failed
 (17:24:08) GdkPixbuf: gdk_pixbuf_scale: assertion `GDK_IS_PIXBUF (dest)'
 failed
 (17:24:08) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:24:08) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:24:08) GdkPixbuf: gdk_pixbuf_copy_area: assertion `src_pixbuf != NULL'
 failed
 (17:24:08) GLib-GObject: g_object_unref: assertion `G_IS_OBJECT (object)'
 failed
 (17:24:15) GdkPixbuf: gdk_pixbuf_new: assertion `height > 0' failed
 (17:24:15) GdkPixbuf: gdk_pixbuf_fill: assertion `GDK_IS_PIXBUF (pixbuf)'
 failed
 (17:24:15) GdkPixbuf: gdk_pixbuf_scale: assertion `GDK_IS_PIXBUF (dest)'
 failed
 (17:24:15) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:24:15) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:24:15) GdkPixbuf: gdk_pixbuf_copy_area: assertion `src_pixbuf != NULL'
 failed
 (17:24:15) GLib-GObject: g_object_unref: assertion `G_IS_OBJECT (object)'
 failed
 }}}

 Later, if in the Windows Pidgin, I click on the IM window of the buddy
 that has the malformed icon - I trigger this in the Windows debug log:
 {{{
 (17:29:04) GdkPixbuf: gdk_pixbuf_new: assertion `height > 0' failed
 (17:29:04) GdkPixbuf: gdk_pixbuf_fill: assertion `GDK_IS_PIXBUF (pixbuf)'
 failed
 (17:29:04) GdkPixbuf: gdk_pixbuf_scale: assertion `GDK_IS_PIXBUF (dest)'
 failed
 (17:29:04) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:29:04) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:29:04) GdkPixbuf: gdk_pixbuf_copy_area: assertion `src_pixbuf != NULL'
 failed
 (17:29:04) GLib-GObject: g_object_unref: assertion `G_IS_OBJECT (object)'
 failed
 }}}

 If I try to set the malformed image (local-buddy-icon.png) on the WIndows
 client as my buddy icon, I have the following errors in my debug log:
 {{{
 (17:35:44) win32placement: Window RECT: L:988 R:1608 T:161 B:638
 (17:35:44) win32placement: Working Area RECT: L:0 R:1600 T:24 B:876
 (17:35:44) win32placement: conversation window out of working area,
 relocating
 (17:35:44) win32placement: Relocation RECT: L:980 R:1600 T:161 B:638
 (17:35:44) gtkutils: gdk_pixbuf_new_from_file() returned nothing for file
 C:\Program Files\Pidgin\pixmaps\pidgin: Failed to open file 'C:\Program
 Files\Pidgin\pixmaps\pidgin': Permission denied
 (17:35:54) GdkPixbuf: gdk_pixbuf_scale_simple: assertion `dest_height > 0'
 failed
 (17:35:54) buddyicon: Converting buddy icon to png
 (17:35:54) GdkPixbuf: gdk_pixbuf_get_bits_per_sample: assertion
 `GDK_IS_PIXBUF (pixbuf)' failed
 (17:35:54) GdkPixbuf: gdk_pixbuf_get_width: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:35:54) GdkPixbuf: gdk_pixbuf_get_height: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:35:54) GdkPixbuf: gdk_pixbuf_get_rowstride: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:35:54) GdkPixbuf: gdk_pixbuf_get_has_alpha: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:35:54) GdkPixbuf: gdk_pixbuf_get_pixels: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:35:54) buddyicon: Could not convert to png: Fatal error in PNG image
 file: Invalid IHDR data
 (17:35:54) GLib-GObject: g_object_unref: assertion `G_IS_OBJECT (object)'
 failed
 (17:35:54) GdkPixbuf: gdk_pixbuf_scale_simple: assertion `dest_height > 0'
 failed
 (17:35:54) GLib-GObject: g_object_unref: assertion `G_IS_OBJECT (object)'
 failed
 (17:35:54) GdkPixbuf: gdk_pixbuf_scale_simple: assertion `dest_height > 0'
 failed
 (17:35:54) buddyicon: Converting buddy icon to gif
 (17:35:54) buddyicon: Could not convert to gif: Unsupported image format
 for GDI+
 (17:35:54) buddyicon: Converting buddy icon to jpeg
 (17:35:54) buddyicon: Could not convert to jpeg: Unsupported image format
 for GDI+
 (17:35:54) buddyicon: Converting buddy icon to bmp
 (17:35:54) GdkPixbuf: gdk_pixbuf_get_width: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:35:54) GdkPixbuf: gdk_pixbuf_get_height: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:35:54) GdkPixbuf: gdk_pixbuf_get_rowstride: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:35:54) GdkPixbuf: gdk_pixbuf_get_n_channels: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:35:54) GdkPixbuf: gdk_pixbuf_get_pixels: assertion `GDK_IS_PIXBUF
 (pixbuf)' failed
 (17:35:54) GdkPixbuf: Unsupported number of channels: -1
 (17:35:54) buddyicon: Could not convert to bmp: Couldn't save
 (17:35:54) buddyicon: Converting buddy icon to ico
 (17:35:54) buddyicon: Could not convert to ico: This build of gdk-pixbuf
 does not support saving the image format: ico
 (17:35:54) GLib-GObject: g_object_unref: assertion `G_IS_OBJECT (object)'
 failed
 (17:35:54) GdkPixbuf: gdk_pixbuf_scale_simple: assertion `dest_height > 0'
 failed
 (17:35:54) GLib-GObject: g_object_unref: assertion `G_IS_OBJECT (object)'
 failed
 (17:35:54) gtkstatusbox: gdk_pixbuf_loader_write() failed with size=5723:
 Transformed PNG has zero width or height.
 }}}

 Finally, if I try to set my local windows buddy icon to
 png-1-width-800-height-2.png - pidgin instantly dies. I ran it in Wine
 with "relay" level debugging and found this error among others after
 Pidgin (in Wine) vanished:
 {{{
 X Error of failed request:  BadAlloc (insufficient resources for
 operation)
   Major opcode of failed request:  53 (X_CreatePixmap)
   Serial number of failed request:  20241
   Current serial number in output stream:  21038
 }}}

 It looks like the above is caused by gdk_pixbuf_new_from_file() is called
 whenever i select any file, even before I confirm it is the file I want to
 actually load.  If I select png-1-width-800-height-2.png, I have the same
 issue and pidgin entirely crashes:
 {{{
 X Error of failed request:  BadAlloc (insufficient resources for
 operation)
   Major opcode of failed request:  53 (X_CreatePixmap)
   Serial number of failed request:  91458
   Current serial number in output stream:  91459
 }}}

-- 
Ticket URL: <http://developer.pidgin.im/ticket/14571#comment:13>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list