https://bugs.kde.org/show_bug.cgi?id=364144
Bug ID: 364144
Summary: invalid XBM leads to out of bounds read
Product: okular
Version: 0.25.0
Platform: Archlinux Packages
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: mobipocket backend
Assignee: okular-de...@kde.org
Reporter: rtpubl...@gmail.com
An xbm file with the wrong width and/or height information leads to out of
bounds reads.
Example file:
#define example_width 12
#define example_height 10000
static unsigned char example_bits[] = {
0x00, 0x00,
0x00, 0x00
0x00, 0x00
0x40, 0x00,
0xe0, 0x00,
0xf0, 0x01,
0xf8, 0x03,
0xe0, 0x00,
0xe0, 0x00,
0xe0, 0x00,
0xe0, 0x00,
0xe0, 0x00,
0xe0, 0x00,
0x00, 0x00
0x00, 0x00
0x00, 0x00
};
The actual height of the image is 16, as can be seen in the pixel array (each
row represents one row of pixels). Okular displays this image as 10000 pixels
high, with rows > 16 filled with seemingly random data.
Version info from About box:
Okular
Version 0.25.0
Using KDE Development Platform 4.14.20
Backend info:
Image Backend
Version 0.1.2
Using KDE Development Platform 4.14.20
Reproducible: Always
Steps to Reproduce:
1. Save given XBM to example.xbm
2. Run okular example.xbm
Actual Results:
Displayed image is 10000 pixels high, with all but the top 16 seemingly random.
Expected Results:
Displayed image is 16 pixels high and/or a warning/error about an invalid image
is shown.
--
You are receiving this mail because:
You are watching all bug changes.
