tiff file with huge block size causes "DoS"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kdebase (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: konqueror
$ lsb_release -rd
Description: Ubuntu 7.10
Release: 7.10
$ apt-cache policy konqueror
konqueror:
Installed: 4:3.5.8-0ubuntu2.2
Candidate: 4:3.5.8-0ubuntu2.2
Version table:
*** 4:3.5.8-0ubuntu2.2 0
500 http://
100 /var/lib/
4:
500 http://
When opening a 1x1 tiff file with konqueror, with a 10000x50000 block size, a 500 MB allocation is done, causing huge slowness on my system that has only 512 MB of RAM. The same applies with eog (Eye of Gnome), evince, etc etc. But konqueror is particularly sensitive as someone could host such an hostile image on a web site. (Firefox doesn't open automatically TIFF images)
$ tiffdump huge2.tif
huge2.tif:
Magic: 0x4949 <little-endian> Version: 0x2a
Directory 0: offset 158 (0x9e) next 0 (0)
ImageWidth (256) SHORT (3) 1<1>
ImageLength (257) SHORT (3) 1<1>
BitsPerSample (258) SHORT (3) 1<8>
Compression (259) SHORT (3) 1<1>
Photometric (262) SHORT (3) 1<1>
SamplesPerPixel (277) SHORT (3) 1<1>
PlanarConfig (284) SHORT (3) 1<1>
TileWidth (322) SHORT (3) 1<10000>
TileLength (323) SHORT (3) 1<50000>
TileOffsets (324) LONG (4) 1<0>
TileByteCounts (325) LONG (4) 1<0>
SampleFormat (339) SHORT (3) 1<1>
Expected behaviour: prevent opening images with big tilewidth/
I don't think it is a problem of libtiff, but how it is used. It can make sense in some use case to have tilewidth/
Note: With a 50000x50000 block size, a 2500 MB allocation is tried, but fails properly and quickly, as my system has not that much virtual memory, with ": No space for tile buffer" reported in the console.
Changed in kdebase: | |
status: | New → Confirmed |
Seems to work fine in Kubuntu 8.10 and 9.04. Unfortunately I don't think that there's a readily- backportable fix.