Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crash with bitmap images with unsupported bis per pixel #144

Open
VoidgirlChloe opened this issue Dec 13, 2024 · 4 comments
Open

Crash with bitmap images with unsupported bis per pixel #144

VoidgirlChloe opened this issue Dec 13, 2024 · 4 comments

Comments

@VoidgirlChloe
Copy link

I was playing around with bitmap files and creating them by hand, usually timg manages to deal with uncommon / malformed formats very well, by either displaying the image anyways or silently exiting without output, but I encountered a variation where it crashes with
Magick: abort due to signal 6 (SIGABORT) "Abort"...
(Using ImageMagicks's 'display' yields a helpful error message: unsupported bits per pixel)

This happens when asking it to display a bitmap image using BITMAPCOREHEADER that specifies an unsupported bits per pixel, i.e. 3:
minimal_error.zip contains a minimal bitmap file to reproduce the issue,
or alternatively convert the following hexdump into a binary:

00000000  42 4d 36 00 00 00 00 00  00 00 32 00 00 00 0c 00  |BM6.......2.....|
00000010  00 00 08 00 01 00 01 00  03 00 00 00 00 01 01 01  |................|
00000020  02 02 02 03 03 03 04 04  04 05 05 05 06 06 06 07  |................|
00000030  07 07 05 39 77 00                                 |...9w.|

This obviously isn't a huge issue, but it is possible for it to have security implications if it crashes badly instead of gracefully handling it so I thought it was worth bringing up

@VoidgirlChloe
Copy link
Author

Output of timg --version:

Copyright (c) 2016..2023 Henner Zeller. This program is free software; license GPL 2.0.

Image decoding GraphicsMagick 1.3.42 (2023-09-23)
Openslide 3.4.1
Turbo JPEG
QOI image loading
STB image loading fallback
swscale 7.5.100
Video decoding libav 60.16.100; avdevice 60.3.100
Half, quarter, iterm2, and kitty graphics output: timg builtin.
Libsixel version 1.10.3

@VoidgirlChloe
Copy link
Author

Nevermind I apologize, this appears to be fixed in the latest release, I forgot to check
I keep being annoyed by how outdated the packages in Ubuntu are

@hzeller
Copy link
Owner

hzeller commented Dec 13, 2024

Thanks for the report, I'll have a look. It looks like it happens somewhere in the sws scaler, so depends on that library version.

It is a controlled crash, i.e. it actually calls abort() instead of meandering into undefined territory, so the security implications are probably limited. But I'll have a look, maybe it is possible to register another error handler.

@hzeller
Copy link
Owner

hzeller commented Dec 13, 2024

Reopening for now until fully investigated.

@hzeller hzeller reopened this Dec 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants