Array out of bounds in Icon preview dialog
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| inkscape (Ubuntu) |
Won't Fix
|
Medium
|
Unassigned | ||
Bug Description
Binary package hint: inkscape
sizes array is 5 long, a typo causes us to write off the end. (If no sizes were loaded from the preferences file).
diff -urNad inkscape-
--- inkscape-
+++ inkscape-
@@ -130,7 +130,7 @@
sizes[1] = 24;
sizes[2] = 32;
sizes[3] = 48;
- sizes[5] = 128;
+ sizes[4] = 128;
}
pixMem = new guchar*
Impact: A 5 element array is having a 6th element referenced, causing an out of bounds error. This issue may occur if the user has made certain modifications to their preferences.
Addressed upstream: The above patch has been committed to upstream's development branch.
Patch proposed: The above 1-line patch addresses the issue
Regression potential: None. Logic comes into play only when user has customized their preferences file beyond the default.
| Changed in inkscape: | |
| importance: | Undecided → High |
| status: | New → Confirmed |
| description: | updated |
| Bryce Harrington (bryce) wrote | #1 |
| Bryce Harrington (bryce) wrote | #2 |
| Changed in inkscape: | |
| importance: | High → Medium |
| status: | Confirmed → Fix Committed |
| Kees Cook (kees) wrote | #3 |
| Changed in inkscape: | |
| status: | Fix Committed → Won't Fix |
| Emmet Hikory (persia) wrote | #4 |
Fix has been committed upstream. Not sure it's critical enough to warrant an SRU though.