[Pidgin] #14571: Win32 installer uses insecure GTK+ version
Pidgin
trac at pidgin.im
Fri Aug 24 14:48:21 EDT 2012
#14571: Win32 installer uses insecure GTK+ version
--------------------+-------------------------------------------------------
Reporter: sdierl | Owner: datallah
Type: defect | Status: new
Milestone: 3.0.0 | Component: winpidgin (gtk)
Version: 2.10.0 | Resolution:
Keywords: |
--------------------+-------------------------------------------------------
Comment(by ioerror):
Replying to [comment:20 ioerror]:
> Replying to [comment:17 datallah]:
> > Replying to [comment:13 ioerror]:
> > >
> > <SNIP>
> > > If I try to set the malformed image (local-buddy-icon.png) on the
WIndows client as my buddy icon, I have the following errors in my debug
log:
> > {{{
> > <SNIP>
> > > (17:35:54) buddyicon: Could not convert to png: Fatal error in PNG
image file: Invalid IHDR data
> > <SNIP>
> > > (17:35:54) gtkstatusbox: gdk_pixbuf_loader_write() failed with
size=5723: Transformed PNG has zero width or height.
> > }}}
> >
> > This is an indication that the gdk-pixbuf implementation (which for
PNG is libpng) can't can't handle the image. This isn't unexpected, it's
an invalid image, so this isn't really a problem.
>
> Right - I wanted to confirm that I could reach the libpng code over the
wire, now I think we agree that it can be done.
>
> >
> > > Finally, if I try to set my local windows buddy icon to
png-1-width-800-height-2.png - pidgin instantly dies. I ran it in Wine
with "relay" level debugging and found this error among others after
Pidgin (in Wine) vanished:
> > {{{
> > > X Error of failed request: BadAlloc (insufficient resources for
operation)
> > > Major opcode of failed request: 53 (X_CreatePixmap)
> > > Serial number of failed request: 20241
> > > Current serial number in output stream: 21038
> > }}}
> >
> > This is probably caused by one of the libpng bugs.
>
> Agreed.
>
> >
> > > It looks like the above is caused by gdk_pixbuf_new_from_file() is
called whenever i select any file, even before I confirm it is the file I
want to actually load. If I select png-1-width-800-height-2.png, I have
the same issue and pidgin entirely crashes:
> > {{{
> > > X Error of failed request: BadAlloc (insufficient resources for
operation)
> > > Major opcode of failed request: 53 (X_CreatePixmap)
> > > Serial number of failed request: 91458
> > > Current serial number in output stream: 91459
> > }}}
> >
> > This is the same as the above - the GTK+ file chooser is processing
the image to generate a thumbnail when you select the file.
>
> Yes, though I think it might be a different bug in GTK and one that is
outstanding, as seems to be the evidence in bug #1452.
Ahem, I meant bug #15282
--
Ticket URL: <http://developer.pidgin.im/ticket/14571#comment:21>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list