Loading a fuzzed .g3 file fails
Submitted by Esa Jääskelä
Link to original bug (#701071)
Description
Created attachment 245371 Picture causing the problem
Loading a fuzzed .g3-file fails. I get following stack trace from Address Sanitizer:
==3322==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc 0x0000004264d9 sp 0x7fff79834240 bp 0x7fff79834370 T0)
AddressSanitizer can not provide additional info.
#0 0x4264d8 in emitgimp ../../../gimp-2.8.4/plug-ins/file-faxg3/faxg3.c:0
#1 0x426345 in load_image ../../../gimp-2.8.4/plug-ins/file-faxg3/faxg3.c:0
#2 0x425817 in run ../../../gimp-2.8.4/plug-ins/file-faxg3/faxg3.c:0
#3 0x7f28a0155855 in gimp_proc_run ../../gimp-2.8.4/libgimp/gimp.c:0
#4 0x7f28a0151773 in gimp_loop ../../gimp-2.8.4/libgimp/gimp.c:0
#5 0x7f28a0150e4e in gimp_main ??:0
#6 0x7f289e49f76c in ?? ??:0
#7 0x425544 in _start ??:0
==3322==ABORTING
Following errors from GIMP:
Calling error for procedure 'gimp-image-new':
Procedure 'gimp-image-new' has been called with value '0' for argument 'width' (#1, type GimpInt32). This value is out of range.
Calling error for procedure 'gimp-image-set-filename':
Procedure 'gimp-image-set-filename' has been called with an invalid ID for argument 'image'. Most likely a plug-in is trying to work on an image that doesn't exist any longer.
Calling error for procedure 'gimp-layer-new':
Procedure 'gimp-layer-new' has been called with an invalid ID for argument 'image'. Most likely a plug-in is trying to work on an image that doesn't exist any longer.
Too many error messages!
Messages are redirected to stderr.
And this also:
(file-faxg3:3899): LibGimp-CRITICAL **: GimpDrawable *gimp_drawable_get(gint32): assertion `width > 0 && height > 0 && bpp > 0' failed
I think that fuzzing messes the file so that the width turns to zero (or so the loading plug-in at least thinks), which makes the loading plug-in file-faxg3 crash. Happens on Ubuntu 12.04, OSX 10.8.3 and Ubuntu 6, all running Gimp 2.8.4. Not really a big problem I suppose, so marked this as minor
Attachment 245371, "Picture causing the problem":
openMe.g3
Version: 2.8.4