Bug#818233: Fails to build from source on kfreebsd-amd64
Gianfranco Costamagna
locutusofborg at debian.org
Fri Apr 15 10:21:06 UTC 2016
Hi, I would like to point you to the Ubuntu patch that should fix this issue, by (probably) fixing
the tests instead of disabling it.
https://patches.ubuntu.com/g/gdk-pixbuf/gdk-pixbuf_2.32.2-1ubuntu1.patch
thanks for considering it,
Gianfranco
On Wed, 16 Mar 2016 21:44:45 +0100 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <jmm at inutil.org> wrote:
> @lists.openwall.comOn Mon, Mar 14, 2016 at 10:24:24PM +0000, Steven Chamberlain wrote:
> > user debian-bsd at lists.debian.org
> > usertags 818233 + kfreebsd
> > thanks
> >
> > Hi,
> >
> > Moritz Muehlenhoff wrote:
> > > gdk-pixbuf on kfreebsd-amd64 is still at version 2.31.5-1 since all
> > > later version fail to build. Can someone from the kfreebsd porters
> > > look into this? It works on kfreebsd-i386.
> >
> > I looked at this before but couldn't really decide how to proceed.
> > The test for CVE-2015-4491 is IMHO buggy, although that is subjective.
> >
> > Here's a bug where this test was discussed in some detail:
> > https://bugzilla.gnome.org/show_bug.cgi?id=754387
> > though it was marked as fixed after it now "seems fine for the
> > architectures we care about".
> >
> > Here's a more recent upstream bug reporting this on Linux, with no
> > response: https://bugzilla.gnome.org/show_bug.cgi?id=758104
> >
> > IIRC the test tries to allocate about 16 GiB of heap memory. On
> > kfreebsd-amd64 the allocation understandably fails. On kfreebsd-i386
> > ISTR the test is skipped. On Linux, usually the allocations are lazy
> > unless non-zero values are written into the buffer, and I guess they're
> > not, which is why it succeeds. Except, with MALLOC_PERTURB_ options,
> > Dimitri John Ledkov has shown that it still fails in that case:
> > https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1519030
> >
> > It's kind of odd, that MALLOC_PERTURB_ is supposed to be *already* set
> > when running the testsuite, so I would expect it to already fail on the
> > Debian linux-amd64 buildds.
> >
> > The large memory allocation is actually necessary to test that the
> > original bug (rescaling an image that has large dimensions) is fixed.
> > Though it seems to me this is still a DoS issue that can be triggered on
> > FreeBSD and perhaps Linux in some situations.
> >
> > Maybe I could find a testcase that triggers a crash reliably on Linux,
> > and that may attract more interest in fixing this for good.
> >
> > I commented that the large memory allocation (and the original
> > CVE-2015-4491) might have been avoided by falling back to simpler
> > rescale methods when handling very large images:
> > https://bugzilla.gnome.org/show_bug.cgi?id=754387#c23
>
> I think the testcase should simply be skipped on kfreebsd-*.
>
> Cheers,
> Moritz
>
>
>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20160415/d890d888/attachment-0001.sig>
More information about the pkg-gnome-maintainers
mailing list