Bug#773968: feh hangs on invalid bmp images

[Jussi Judin]

Package: feh
Version: 2.12-1
Severity: normal

Feh hangs in an infinite loop when given invalid bmp images in
a mode that should help determining if the image can be displayed (-U
command line argument). I did run feh on a afl[1]-generated image test
sets[2] to figure out if any specific images cause problems for
feh. If you try feh with following command line parameters on the
attached images (after extracting them from a tarball), you should see
timeouts:

$ for image in *.bmp; do echo "$image"; timeout -s KILL 10s feh -U "$image"; 
done
id:000774,src:000207,op:arith8,pos:22,val:-28.bmp
Killed
id:000784,src:000207,op:havoc,rep:32.bmp
Killed
id:000787,src:000207,op:havoc,rep:16,+cov.bmp
Killed
id:000955,src:000787,op:flip2,pos:28.bmp
Killed
id:000972,src:000800,op:flip1,pos:60,+cov.bmp
Killed
id:000984,src:000800,op:havoc,rep:32.bmp
Killed
id:001091,src:000972,op:flip2,pos:18.bmp
Killed
id:001092,src:000972,op:arith8,pos:22,val:-25.bmp
Killed
id:001093,src:000972,op:arith8,pos:22,val:-29.bmp
Killed
id:001097,src:000980,op:arith8,pos:18,val:-3.bmp
Killed
id:001154,src:001098,op:flip1,pos:172.bmp
Killed
id:001155,src:001098,op:flip1,pos:172.bmp
Killed
id:001157,src:001098,op:havoc,rep:4.bmp
Killed
id:001159,src:001098,op:havoc,rep:4.bmp
Killed
id:001263,src:001155,op:flip1,pos:178.bmp
Killed
id:001264,src:001155,op:int32,pos:177,val:+1024,+cov.bmp
Killed

Attached a tarball that includes all BMP images generated by afl that
cause an infinite loop in feh.

[1]: American fuzzy lop - a security-oriented fuzzer:
     http://lcamtuf.coredump.cx/afl/
[2]: Afl-generated, minimized image test sets:
     http://lcamtuf.coredump.cx/afl/demo/

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (990, 'testing'), (100, 'unstable'), (99, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages feh depends on:
ii  libc6         2.19-13
ii  libcurl3      7.38.0-3
ii  libexif12     0.6.21-2
ii  libimlib2     1.4.6-2+b3
ii  libpng12-0    1.2.50-2+b2
ii  libx11-6      2:1.6.2-3
ii  libxinerama1  2:1.1.3-1+b1

Versions of packages feh recommends:
ii  libjpeg-progs  1:9a-2

feh suggests no packages.

-- no debconf information

afl-hanging-bmp-images.tar.gz
Description: application/gzip