Bug#838654: inkscape: rowstride integer overflow

Alessandro Vesely vesely at tana.it
Fri Sep 23 10:44:41 UTC 2016 

Package: inkscape
Version: 0.91-5~bpo8+1
Severity: normal
Tags: upstream patch

Dear Mattia,

I open a new bug, since #838486 is rather different.  The same idiom, however,
appears in the latest version of drawing-image.cpp.  With the patch attached,
and some other patches in pixman (#838650) and cairo (#838648) i was able to
edit a large file, save a pdf copy of it, and view it with evince :-)  I don't
know how epidemic the idiom is.

Best
Ale



-- System Information:
Debian Release: 8.6
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages inkscape depends on:
ii  gconf-service          3.2.6-3
ii  libaspell15            0.60.7~20110707-1.3
ii  libatk1.0-0            2.14.0-1
ii  libatkmm-1.6-1         2.22.7-2.1
ii  libc6                  2.19-18+deb8u6
ii  libcairo2              1.14.0-2.1+deb8u1
ii  libcairomm-1.0-1       1.10.0-1.1
ii  libcdr-0.1-1           0.1.0-3
ii  libexif12              0.6.21-2
ii  libfontconfig1         2.11.0-6.3+deb8u1
ii  libfreetype6           2.5.2-3+deb8u1
ii  libgc1c2               1:7.2d-6.4
ii  libgcc1                1:4.9.2-10
ii  libgconf-2-4           3.2.6-3
ii  libgdk-pixbuf2.0-0     2.31.1-2+deb8u5
ii  libglib2.0-0           2.42.1-1+b1
ii  libglibmm-2.4-1c2a     2.42.0-1
ii  libgnomevfs2-0         1:2.24.4-6+b1
ii  libgomp1               4.9.2-10
ii  libgsl0ldbl            1.16+dfsg-2
ii  libgtk2.0-0            2.24.25-3+deb8u1
ii  libgtkmm-2.4-1c2a      1:2.24.4-1.1
ii  libgtkspell0           2.0.16-1.1
ii  libjpeg8               8d-1+deb7u1
ii  liblcms2-2             2.6-3+b3
ii  libmagick++-6.q16-5    8:6.8.9.9-5+deb8u4
ii  libmagickcore-6.q16-2  8:6.8.9.9-5+deb8u4
ii  libmagickwand-6.q16-2  8:6.8.9.9-5+deb8u4
ii  libpango-1.0-0         1.36.8-3
ii  libpangocairo-1.0-0    1.36.8-3
ii  libpangoft2-1.0-0      1.36.8-3
ii  libpangomm-1.4-1       2.34.0-1.1
ii  libpng12-0             1.2.50-2+deb8u2
ii  libpoppler-glib8       0.26.5-2+deb8u1
ii  libpoppler46           0.26.5-2+deb8u1
ii  libpopt0               1.16-10
ii  librevenge-0.0-0       0.0.1-3
ii  libsigc++-2.0-0c2a     2.4.0-1
ii  libstdc++6             4.9.2-10
ii  libvisio-0.1-1         0.1.0-2
ii  libwpg-0.3-3           0.3.0-3
ii  libx11-6               2:1.6.2-3
ii  libxml2                2.9.1+dfsg1-5+deb8u3
ii  libxslt1.1             1.1.28-2+deb8u1
pn  python:any             <none>
ii  zlib1g                 1:1.2.8.dfsg-2+b1

Versions of packages inkscape recommends:
ii  aspell                0.60.7~20110707-1.3
ii  imagemagick           8:6.8.9.9-5+deb8u4
ii  libgnomevfs2-extra    1:2.24.4-6+b1
ii  libimage-magick-perl  8:6.8.9.9-5+deb8u4
ii  libwmf-bin            0.2.8.4-10.3+deb8u1
ii  pstoedit              3.62-2+b1
ii  python-lxml           3.4.0-1
ii  python-numpy          1:1.8.2-2
ii  transfig              1:3.2.5.e-4

Versions of packages inkscape suggests:
ii  dia                  0.97.3-1
ii  dia-gnome            0.97.3-1
ii  libsvg-perl          2.59-1
ii  libxml-xql-perl      0.68-6
ii  python-uniconvertor  1.1.4-1+b2
ii  ruby                 1:2.1.5+deb8u2
ii  ruby1.8 [ruby]       1.8.7.358-7.1+deb7u3

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signed_overflow
Type: text/x-diff
Size: 1985 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20160923/f58f5def/attachment.diff>

More information about the pkg-multimedia-maintainers mailing list