https://bugs.kde.org/show_bug.cgi?id=364144

            Bug ID: 364144
           Summary: invalid XBM leads to out of bounds read
           Product: okular
           Version: 0.25.0
          Platform: Archlinux Packages
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: mobipocket backend
          Assignee: okular-de...@kde.org
          Reporter: rtpubl...@gmail.com

An xbm file with the wrong width and/or height information leads to out of
bounds reads.
Example file:

#define example_width 12
#define example_height 10000
static unsigned char example_bits[] = {
   0x00, 0x00,
   0x00, 0x00
   0x00, 0x00
   0x40, 0x00,
   0xe0, 0x00,
   0xf0, 0x01,
   0xf8, 0x03,
   0xe0, 0x00,
   0xe0, 0x00,
   0xe0, 0x00,
   0xe0, 0x00,
   0xe0, 0x00,
   0xe0, 0x00,
   0x00, 0x00
   0x00, 0x00
   0x00, 0x00
};

The actual height of the image is 16, as can be seen in the pixel array (each
row represents one row of pixels). Okular displays this image as 10000 pixels
high, with rows > 16 filled with seemingly random data.

Version info from About box:
Okular
Version 0.25.0
Using KDE Development Platform 4.14.20

Backend info:
Image Backend
Version 0.1.2
Using KDE Development Platform 4.14.20


Reproducible: Always

Steps to Reproduce:
1. Save given XBM to example.xbm
2. Run okular example.xbm

Actual Results:  
Displayed image is 10000 pixels high, with all but the top 16 seemingly random.

Expected Results:  
Displayed image is 16 pixels high and/or a warning/error about an invalid image
is shown.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to