package: gimp
version: 2.2.13-1etch4
Severity: grave
Error Messages:
1) Reflection Message - Error while executing (script-fu-gimp-reflection 1
3 30 100 FALSE TRUE) ERROR: unbound variable (errobj
gimp-image-get-layer-position)
2) GIMP Message - Not enough visible layers for a merge. There must be at
least two. Reflection Message - Error while executing
(script-fu-gimp-reflection 1 2 30 100 FALSE TRUE) ERROR: Procedural
database execution failed: (gimp_image_merge_visible_layers 1 0)
Procedure to Reveal Bug:
0) Place gimp-reflection.scm in the /usr/share/gimp/2.0/scripts directory
1) Open Gimp
2) Close "GIMP Tip of the Day" window
3) Open Recent Single Layer Image File (jpg or psd)
4) Click Layer > Duplicate Layer
5) Click Filters > Decor > Reflection
6) Leave Defaults and Click "OK" on new window
7) Click "OK" when error message (1) pops up
8) Click Edit > Undo History
9) Watch Hard Drive Space Impersonate Evidence for WMD's
Description:
When the program first froze, I initially minimized it to see if it would
recover on it's own. I didn't realize other systems were being affected
until I tried to save a file in gnumeric and was given an out of space
error message. I proceded to terminate gimp with the 'xkill' command.
After running 'ps -ax', I noticed additional references to gimp, so i used
'kill -9' to terminate those processes with gimp in the name. At least
one would not die. I think it said '[gimp 2.2] <defunct>'. I tried to
logout then login. I tried to reboot. I tried to reboot and force an
fsck (shutdown -F -r now). After running once, fsck reported some
'failure', automatically rebooted and checked the 200GB partition a second
time. The second time it finished without errors and proceeded with the
boot process.
I was able to repeat this bug numerous times on my system. I have not
been able to recover the hard drive space that disappears. I checked the
usual suspects (/var, /tmp, and .profile directories). I'm running
fluxbox, so I don't have a trash icon. I have not modified any partitions
in years.
I spent hours researching a possible cause/solution. The malfunctions I
found that cause mildly similar symptoms are a decompression bomb, or disk
blocks still in use by a deleted file. Trouble-shooting problems like
this is well beyond my skill level. Just in case, here are the links:
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html)
http://forums.whirlpool.net.au/forum-replies-archive.cfm/699252.html
Also of note is my system is now missing hard drive space (over 10GB).
While running 'df', I noticed that 'used' + 'available' does not equal the
total '1-k blocks'. I'm not positive that this discrepancy wasn't there
before gimp crashed the first time, but I first noticed the discrepancy
after the crash. I was not able to repeat a similar discrepancy in later
crashes.
Contents of ~/.gimp-2.2/gimprc:
(swap-path "/tmp")
(tile-cache-size 320M)
(monitor-xresolution 100.000000)
(monitor-yresolution 100.000000)
(help-browser web-browser)
Depends: wget, gimp-data (= 2.2.13-1etch4), libaa1 (>= 1.2), libart-2.0-2
(>= 2.3.16), libatk1.0-0 (>= 1.12.2), libc6 (>= 2.3.6-6), libcairo2 (>=
1.2.4), libexif12, libexpat1 (>= 1.95.8), libfontconfig1 (>= 2.4.0),
libfreetype6 (>= 2.2), libgimp2.0 (>= 2.2.0+rel), libglib2.0-0 (>=
2.12.0), libgtk2.0-0 (>= 2.8.0), libice6 (>= 1:1.0.0), libjpeg62, liblcms1
(>= 1.08-1), libmng1 (>= 1.0.3-1), libpango1.0-0 (>= 1.14.8), libpng12-0
(>= 1.2.13-4), libsm6, libtiff4, libwmf0.2-7 (>= 0.2.8.4), libx11-6,
libxcursor1 (>> 1.1.2), libxext6, libxfixes3 (>= 1:4.0.1), libxi6,
libxinerama1, libxmu6, libxpm4, libxrandr2, libxrender1, libxt6, zlib1g
(>= 1:1.2.1)
System Info:
Kernel Version: 2.6.18-5-686 #1 SMP Wed Oct 3 00:12:50 UTC 2007 i686
GNU/Linux
Shared C Library: /lib/libc.so.6 -> libc-2.3.6.so
Debian Notes:
I attempted to upgrade from Sarge. The upgrade wasn't completely clean
and there were two files with dependency issues. Because of this, I
haven't downloaded very many software updates in months.
Processor Info:
processor : 0
vendor_id : AuthenticAMD
cpu family : 6
model : 10
model name : AMD Athlon(tm) XP 2500+
stepping : 0
cpu MHz : 1830.088
cache size : 512 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 mmx fxsr sse syscall mmxext 3dnowext 3dnow up ts
bogomips : 3662.85
I attached the malicious 'reflection.scm' file. It can be downloaded at:
http://registry.gimp.org/node/1025
nate carr
;
; Reflection v0.3 2007-12-20
;
; Copyright (C) 2005-2007 Otavio Correa Cordeiro (otavio gmail com)
; Create a reflection effect like Apple iWeb does..
;
; This program is free software; you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation; either version 2 of the License, or
; (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program; if not, write to the Free Software
; Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
;
; modified by Paul Sherman to work in GIMP 2.4.2 on 11/30/2007
;
; modified by David Cummins and Paul Sherman Dec 2007, tested on GIMP-2.4.3
; * added user settings to control the height of the generated reflection,
; the gradient mask starting point (presented as Fade Rate %), and options
; to keep the generated reflection as a separate layer, or on a single layer
; either transparent or flattened.
; * added code to "play nice" with the current GIMP environment: colors and
; gradient prior selections are preserved, as well as the original layer
; name (handled using careful stack order).
; generated layers are constrained around the original layer.
; * simplified some of the internal logic so repeated calculations are done
; only once, reformatted, organised the code, added comments, etc.
; * flattened on start (to avoid errors)
; * undo ability functional
;
(define (script-fu-gimp-reflection
theImage
theLayer
userHeight
userFade
new_layer
transparentBG
)
(gimp-image-undo-group-start theImage)
(gimp-selection-all theImage)
(gimp-selection-none theImage)
(set! theLayer (car(gimp-image-merge-visible-layers theImage 0)))
;preserve original settings
(define old-bg (car (gimp-context-get-background)))
(define old-fg (car (gimp-context-get-foreground)))
(define old-grad (car (gimp-context-get-gradient)))
;calculate color for start of gradient fade
(define fadeStart (* (- 100 userFade) 2.55))
(define fadeColor (list fadeStart fadeStart fadeStart))
(define originalWidth (car (gimp-image-width theImage)))
(define originalHeight (car (gimp-image-height theImage)))
(define reflectionScale (/ userHeight 100))
(define stackPos (car(gimp-image-get-layer-position theImage theLayer)))
(define newWidth originalWidth)
(define newHeight (* originalHeight (+ reflectionScale 1)))
(define gradX (/ originalWidth 2))
(define gradY1 (* originalHeight reflectionScale))
(define gradY2 (* originalHeight reflectionScale -1))
(gimp-image-resize theImage originalWidth newHeight 0 0)
(define new-layer (car (gimp-layer-copy theLayer 1)))
(gimp-image-add-layer theImage new-layer (+ stackPos 0))
(gimp-drawable-set-name new-layer "Reflection")
(gimp-layer-set-offsets new-layer 0 originalHeight)
(gimp-flip new-layer 1)
(define new-mask (car (gimp-layer-create-mask new-layer 0)))
(gimp-layer-add-mask new-layer new-mask)
(gimp-context-set-foreground fadeColor)
(gimp-edit-blend new-mask FG-TRANSPARENT-MODE NORMAL-MODE
GRADIENT-LINEAR 100 0 REPEAT-NONE
FALSE
FALSE 0 0 TRUE
gradX gradY1 gradX gradY2)
(if (= new_layer FALSE)
(begin
(if (= transparentBG TRUE)
(begin ;# NO separate layer, transparent ##############
(gimp-image-merge-visible-layers theImage 1)
)
(begin ;# NO separate layer, NOT transparent ##########
(gimp-image-flatten theImage)
)
)
; final crop not needed for new_layer FALSE
)
(begin
(if (= transparentBG TRUE)
(begin ;# separate layer, transparent ###############
(gimp-image-set-active-layer theImage new-layer)
)
(begin ;# separate layer, NOT transparent ###########
(define bg-layer (car(gimp-layer-new theImage originalWidth newHeight 0 "Reflection BG" 100 0)))
(gimp-image-add-layer theImage bg-layer (+ stackPos 2))
(gimp-selection-all theImage)
(gimp-bucket-fill bg-layer 1 0 100 255 0 1 1)
(gimp-selection-none theImage)
(gimp-image-set-active-layer theImage new-layer)
)
)
; the Reflection layer still overflows the image here
(gimp-image-crop theImage originalWidth newHeight 0 0)
)
)
;restore original settings
(gimp-context-set-foreground old-fg)
(gimp-context-set-background old-bg)
(gimp-context-set-gradient old-grad)
(gimp-image-undo-group-end theImage)
(gimp-displays-flush)
)
(script-fu-register "script-fu-gimp-reflection"
"<Image>/Filters/Decor/Reflection"
"Reflection -- extends lower section of an image as a reflection of the original image."
"Original author Otavio Cordeiro, later edited by David Cummins and Paul Sherman"
"Otavio Cordeiro (otavio gmail com)"
"Last updated 12/19/2007 - tested on GIMP-2.4.3"
"RGB* GRAY*"
SF-IMAGE "Image" 0
SF-DRAWABLE "Drawable" 0
SF-ADJUSTMENT "Reflection Height (% of original)" '( 30 10 99 1 20 0 0)
SF-ADJUSTMENT "Fade Rate (%)" '(100 0 100 10 20 0 0)
SF-TOGGLE "Keep Reflection as a separate Layer" FALSE
SF-TOGGLE "Transparent Background" TRUE
)
