https://bugs.kde.org/show_bug.cgi?id=364144
Bug ID: 364144 Summary: invalid XBM leads to out of bounds read Product: okular Version: 0.25.0 Platform: Archlinux Packages OS: Linux Status: UNCONFIRMED Severity: normal Priority: NOR Component: mobipocket backend Assignee: okular-de...@kde.org Reporter: rtpubl...@gmail.com An xbm file with the wrong width and/or height information leads to out of bounds reads. Example file: #define example_width 12 #define example_height 10000 static unsigned char example_bits[] = { 0x00, 0x00, 0x00, 0x00 0x00, 0x00 0x40, 0x00, 0xe0, 0x00, 0xf0, 0x01, 0xf8, 0x03, 0xe0, 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xe0, 0x00, 0x00, 0x00 0x00, 0x00 0x00, 0x00 }; The actual height of the image is 16, as can be seen in the pixel array (each row represents one row of pixels). Okular displays this image as 10000 pixels high, with rows > 16 filled with seemingly random data. Version info from About box: Okular Version 0.25.0 Using KDE Development Platform 4.14.20 Backend info: Image Backend Version 0.1.2 Using KDE Development Platform 4.14.20 Reproducible: Always Steps to Reproduce: 1. Save given XBM to example.xbm 2. Run okular example.xbm Actual Results: Displayed image is 10000 pixels high, with all but the top 16 seemingly random. Expected Results: Displayed image is 16 pixels high and/or a warning/error about an invalid image is shown. -- You are receiving this mail because: You are watching all bug changes.