Closed
Bug 556117
Opened 15 years ago
Closed 14 years ago
Either breakage or missed fix in nsPNGDecoder.cpp in 1.9.0.19
Categories
(Core :: Graphics: ImageLib, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: glandium, Assigned: glennrp+bmo)
References
Details
(Keywords: fixed1.9.0.20)
Attachments
(1 file, 1 obsolete file)
1.66 KB,
patch
|
glennrp+bmo
:
review+
joe
:
review+
dveditz
:
approval1.9.0.next+
|
Details | Diff | Splinter Review |
nsPNGDecoder.cpp includes a fix for bug 497056 to which I don't have access, which is why I'm checking the security box on this bug report, just in case. There is, however, a reference to bug 497056 in modules/libimg/png/MOZCHANGES, saying:
Ported performance improvements to pngrutil.c and pngpread.c from libpng-1.4.1.
Is that supposed to only be about it ?
Anyways, about the breakage or missed fix, it happens that the code changes in nsPNGDecoder.cpp are all #ifdef'ed on PNG_USER_MEM_SUPPORTED. It also appears that in modoles/libimg/png/mozpngconf.h, PNG_NO_USER_MEM is set, which means PNG_USER_MEM_SUPPORTED is never set in mozilla builds. So whatever these ifdef'ed statements are supposed to do, they don't do it on mozilla builds. If that happens to be a security fix (which the 4MB limit mentionned in a comment could suggest), the security issue is not fixed.
On the other hand, when using a system libpng library, the PNG_USER_MEM_SUPPORTED macro is defined, and we end up compiling the ifdef'ed code, and this is where it breaks, because the code uses gfxPlatform::GetCMSMode(), which is defined nowhere in 1.9.0.
So I guess all the (gfxPlatform::GetCMSMode() != eCMSMode_Off) should be replaced with (gfxPlatform::IsCMSEnabled()), though as I don't know what this code is supposed to be fixing, and as it's obviously not compiled in mozilla builds anyway, I'll just go with replacing the #ifdef's with #if 0 for now.
Updated•15 years ago
|
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Updated•15 years ago
|
Group: core-security
Reporter | ||
Comment 2•15 years ago
|
||
This is not bug 551438, 1.9.0.19 has not been updated with libpng 1.4.1, and the libpng version is not responsible for the definition of gfxPlatform::GetCMSMode, which comes from gfx/thebes/src/gfxPlatform.cpp.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Assignee | ||
Comment 3•15 years ago
|
||
It's not a dupe of bug 551458. It is correct that the code is #ifdef'ed out when the bundled libpng is used. The PNG_USER_MEM_SUPPORTED test is supposed to be detecting whether a system libpng is being used and if so, if the user memory replacement function capability is present. The reporter is correct about the use of GetCMSMode() which replaced IsCMSEnabled(); the patch should be using IsCMSEnabled() instead. What the code is supposed to be fixing is the inefficient decoding of the iCCP chunk, which is only needed when CMS is enabled.
Reporter | ||
Comment 4•15 years ago
|
||
I haven't tested the result yet, but this patch at least allows to build.
Assignee | ||
Updated•15 years ago
|
Assignee: nobody → glennrp+bmo
Reporter | ||
Updated•15 years ago
|
Attachment #436048 -
Flags: review?(glennrp+bmo)
Assignee | ||
Comment 5•15 years ago
|
||
I'm running the Tryserver now with a revised version of Mike's patch that is also more suitable when the system libpng is 1.4.1 or later.
Assignee | ||
Updated•15 years ago
|
Attachment #436048 -
Attachment description: Patch → v00: Patch
Assignee | ||
Updated•15 years ago
|
Assignee | ||
Comment 6•15 years ago
|
||
TryServer builds are at
https://build.mozilla.org/tryserver-builds/glennrp@gmail.com-v01-556117-Mar31-noCMSMode (with bundled libpng)
and at
https://build.mozilla.org/tryserver-builds/glennrp@gmail.com-v01s-556117-Mar30-syslib-noCMSMode (with system libpng-1.2.35)
Assignee | ||
Comment 7•15 years ago
|
||
Comment on attachment 436184 [details] [diff] [review]
v01: no eCMSMode, uses png_set_chunk_malloc_max() if available
The v01 patch is incorrect; "!gfxPlatform::IsCMSEnabled()" should be "gfxPlatform::IsCMSEnabled()". The v00 patch is correct.
Attachment #436184 -
Attachment is obsolete: true
Assignee | ||
Comment 8•15 years ago
|
||
Tryserver builds with Mike's v00 patch:
With bundled libpng:
https://build.mozilla.org/tryserver-builds/glennrp@gmail.com-v00-556117-mike-Apr02-noCMSMode/
With system libpng-1.2.35:
https://build.mozilla.org/tryserver-builds/glennrp@gmail.com-v00-556117-mike-1.2.35-Apr02-noCMSMode/
with system libpng-1.4.1
https://build.mozilla.org/tryserver-builds/glennrp@gmail.com-v00-556117-mike-1.4.1-Apr02-noCMSMode/
Assignee | ||
Comment 9•15 years ago
|
||
Comment on attachment 436048 [details] [diff] [review]
v00: Patch
I'm not a reviewer but it looks OK. Joe, additional review?
Attachment #436048 -
Flags: review?(joe)
Attachment #436048 -
Flags: review?(glennrp+bmo)
Attachment #436048 -
Flags: review+
Updated•15 years ago
|
Attachment #436048 -
Flags: review?(joe) → review+
Comment 10•15 years ago
|
||
So is this ready to land? Is something else holding this up? Does it just need branch approvals? If so, which branches? Is it relevant on m-c?
Assignee | ||
Comment 11•15 years ago
|
||
It's only for releases prior to 1.9.1,
when
gfxPlatform::IsCMSEnabled()
was changed to
gfxPlatform::GetCMSMode() != eCMSMode_Off)
Comment 12•15 years ago
|
||
OK. So should there be branch approval requests?
Comment 13•15 years ago
|
||
I don't know. Depends on whether we care about 1.9.0 anymore.
Comment 14•15 years ago
|
||
Well, the reporter of this bug certainly does, since last I checked he's shipping it to (some) users so wants to backport security fixes to it...
Reporter | ||
Comment 15•15 years ago
|
||
On the other hand, I already shipped a fixed version and don't wait for approvals ;)
Comment 16•15 years ago
|
||
OK. Daniel, Mike, are we still doing 1.9.0 approvals, or should I just check this into CVS?
Comment 17•15 years ago
|
||
Comment on attachment 436048 [details] [diff] [review]
v00: Patch
Approved for 1.9.0.20, a=dveditz
Please add the "fixed1.9.0.20" keyword after you check in.
Attachment #436048 -
Flags: approval1.9.0.next+
Assignee | ||
Updated•14 years ago
|
Keywords: checkin-needed
Whiteboard: checkin-needed to 1.9.0.
Comment 18•14 years ago
|
||
Smokey, are you willing to land this on 1.9.0, please?
This is solely a build-bustage fix that's a no-op with in-tree libpng, right? (I'm happy to land it; I just want to make sure I understand what the underlying bug/expected results are, in case of unexpected results ;) )
Comment 20•14 years ago
|
||
(In reply to comment #19)
> This is solely a build-bustage fix that's a no-op with in-tree libpng, right?
> (I'm happy to land it; I just want to make sure I understand what the
> underlying bug/expected results are, in case of unexpected results ;) )
I don't really know. I just got tired of seeing this in the checkin-needed list, and I don't have a CVS tree to land this myself! :-)
Reporter | ||
Comment 21•14 years ago
|
||
(In reply to comment #19)
> This is solely a build-bustage fix that's a no-op with in-tree libpng, right?
Yes.
Checking in modules/libpr0n/decoders/png/nsPNGDecoder.cpp;
/cvsroot/mozilla/modules/libpr0n/decoders/png/nsPNGDecoder.cpp,v <-- nsPNGDecoder.cpp
new revision: 1.87; previous revision: 1.86
done
Status: REOPENED → RESOLVED
Closed: 15 years ago → 14 years ago
Keywords: checkin-needed → fixed1.9.0.20
Resolution: --- → FIXED
Whiteboard: checkin-needed to 1.9.0.
You need to log in
before you can comment on or make changes to this bug.
Description
•