[Pidgin] #14571: Win32 installer uses insecure GTK+ version

Pidgin trac at pidgin.im
Fri Aug 24 14:37:01 EDT 2012 

#14571: Win32 installer uses insecure GTK+ version
--------------------+-------------------------------------------------------
 Reporter:  sdierl  |        Owner:  datallah       
     Type:  defect  |       Status:  new            
Milestone:  3.0.0   |    Component:  winpidgin (gtk)
  Version:  2.10.0  |   Resolution:                 
 Keywords:          |  
--------------------+-------------------------------------------------------

Comment(by ioerror):

 Replying to [comment:17 datallah]:
 > Replying to [comment:13 ioerror]:
 > >
 > <SNIP>
 > > If I try to set the malformed image (local-buddy-icon.png) on the
 WIndows client as my buddy icon, I have the following errors in my debug
 log:
 > {{{
 > <SNIP>
 > > (17:35:54) buddyicon: Could not convert to png: Fatal error in PNG
 image file: Invalid IHDR data
 > <SNIP>
 > > (17:35:54) gtkstatusbox: gdk_pixbuf_loader_write() failed with
 size=5723: Transformed PNG has zero width or height.
 > }}}
 >
 > This is an indication that the gdk-pixbuf implementation (which for PNG
 is libpng) can't can't handle the image.  This isn't unexpected, it's an
 invalid image, so this isn't really a problem.

 Right - I wanted to confirm that I could reach the libpng code over the
 wire, now I think we agree that it can be done.

 >
 > > Finally, if I try to set my local windows buddy icon to
 png-1-width-800-height-2.png - pidgin instantly dies. I ran it in Wine
 with "relay" level debugging and found this error among others after
 Pidgin (in Wine) vanished:
 > {{{
 > > X Error of failed request:  BadAlloc (insufficient resources for
 operation)
 > >   Major opcode of failed request:  53 (X_CreatePixmap)
 > >   Serial number of failed request:  20241
 > >   Current serial number in output stream:  21038
 > }}}
 >
 > This is probably caused by one of the libpng bugs.

 Agreed.

 >
 > > It looks like the above is caused by gdk_pixbuf_new_from_file() is
 called whenever i select any file, even before I confirm it is the file I
 want to actually load.  If I select png-1-width-800-height-2.png, I have
 the same issue and pidgin entirely crashes:
 > {{{
 > > X Error of failed request:  BadAlloc (insufficient resources for
 operation)
 > >   Major opcode of failed request:  53 (X_CreatePixmap)
 > >   Serial number of failed request:  91458
 > >   Current serial number in output stream:  91459
 > }}}
 >
 > This is the same as the above - the GTK+ file chooser is processing the
 image to generate a thumbnail when you select the file.

 Yes, though I think it might be a different bug in GTK and one that is
 outstanding, as seems to be the evidence in bug #1452.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/14571#comment:20>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list