Opened 4 years ago

Closed 4 years ago

#12196 closed enhancement (fixed)

inkscape - fix out of bounds writes

Reported by: ken@… Owned by: ken@…
Priority: normal Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:


While I was testing "cheap" hardening CFLAGS/CXXFLAGS/defines, I played with inkscape a bit more than I usually do, and it aborted ("internal error") when I tried to use the bucket fill tool.

This, and similar issues with the text tool, were originally reported by fedora, who removed -D_FORTIFY_SOURCE=2 from their build of inkscape. For me, that did not solve the issue. But running gdb (on unstripped code!) showed where it was failing and google eventually found some upstream bugs. Those have now been fixed, so we ought to apply them (without them it writes out of bounds but gets away with it if not fortified).

I've just uploaded a patch, but my current system is mostly frozen in an old version, it will be a day or two before I can get to a more-recent system to check this with the current toolchain. So, probably *after* the elogind merge.

Change History (3)

comment:1 by ken@…, 4 years ago

Owner: changed from blfs-book to ken@…
Status: newassigned

comment:2 by Bruce Dubbs, 4 years ago

Milestone: 8.59.0

Milestone renamed

comment:3 by ken@…, 4 years ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.