[Pkg-phototools-devel] Bug#734238: Fix for CVE-2013-6045 breaks decoding of chroma-subsampled images
Benjamin Gilbert
bgilbert at cs.cmu.edu
Mon Jan 6 17:37:41 UTC 2014
The slide file at [1] contains 4,569 chroma-subsampled J2K images, and
the file at [2] contains 25,120. The below program will decode every
image into memory via OpenSlide. It executes Valgrind-clean against
both slides on 1.3+dfsg-4.6.
The functionality does work, and people use it. Please consider
applying a more nuanced patch that fixes the real problem, rather than
disabling the entire feature.
Thanks,
--Benjamin Gilbert
[1]:
http://openslide.cs.cmu.edu/download/openslide-testdata/Aperio/JP2K-33003-1.svs
[2]:
http://openslide.cs.cmu.edu/download/openslide-testdata/Aperio/JP2K-33003-2.svs
/* gcc -O2 $(pkg-config --cflags --libs openslide) \
-o walk-slide walk-slide.c */
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <openslide.h>
#define DIMENSION 1024
int main(int argc, char **argv)
{
uint32_t *buf;
int64_t x, y, w, h;
int32_t levels, level;
double downsample;
openslide_t *osr;
const char *error;
if (argc < 2) {
printf("specify slide file\n");
return 1;
}
buf = malloc(DIMENSION * DIMENSION * sizeof(*buf));
osr = openslide_open(argv[1]);
if (!osr) {
printf("failed to open\n");
return 1;
}
levels = openslide_get_level_count(osr);
openslide_get_level0_dimensions(osr, &w, &h);
for (level = 0; level < levels; level++) {
downsample = openslide_get_level_downsample(osr, level);
for (y = 0; y < h; y += DIMENSION * downsample) {
for (x = 0; x < w; x += DIMENSION * downsample) {
printf("%d %llu %llu\n", level, x, y);
openslide_read_region(osr, buf, x, y, level,
DIMENSION, DIMENSION);
error = openslide_get_error(osr);
if (error) {
printf("%s\n", error);
return 1;
}
}
}
}
openslide_close(osr);
free(buf);
return 0;
}
More information about the Pkg-phototools-devel
mailing list