GNU bug report logs -
#72245
[PATCH] Fix integer overflow when reading XPM
Previous Next
Reported by: Stefan Kangas <stefankangas <at> gmail.com>
Date: Mon, 22 Jul 2024 14:37:02 UTC
Severity: minor
Tags: patch
Fixed in version 31.1
Done: Stefan Kangas <stefankangas <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
Message #38 received at 72245 <at> debbugs.gnu.org (full text, mbox):
> Cc: 72245 <at> debbugs.gnu.org
> From: Stefan Kangas <stefankangas <at> gmail.com>
> Date: Tue, 23 Jul 2024 07:51:29 -0700
>
> That said, since you are asking, we are indeed discussing security
> sensitive code, that is executed without prompting, for example, when
> users receive emails or browse the web.
Only in some MUAs, yes? For example, Rmail doesn't by default show
the images (or any other attachments), it requires a user action to do
so.
> XPM being a relatively simple format, I'm sure that this code can be
> fully audited. I invite you to do so, and I'm hoping that this will
> reveal that your faith in this code is well-founded. Meanwhile, I
> reported an unrelated crash in XPM image processing in Bug#72255.
That file doesn't cause a crash on MS-Windows, FWIW, but the code
which processes XPM images in Emacs on Windows is very different.
This bug report was last modified 264 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.