https://bugzilla.novell.com/show_bug.cgi?id=881387 https://bugzilla.novell.com/show_bug.cgi?id=881387#c0 Summary: libdmtx - wrong handling of DmtxPropRowPadBytes Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: All OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: ch.ehrlicher@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- Created an attachment (id=593361) --> (http://bugzilla.novell.com/attachment.cgi?id=593361) Patch to fix the issue User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 Setting DmtxPropRowPadBytes to something != 0 (in my case 4 to fulfill the QImage 32Bit alignment) results in a crash because the row padding is not handled correctly: img->rowSizeBytes = img->width * (img->bitsPerPixel/8) + img->rowPadBytes; the correct calculation is: img->rowSizeBytes = img->width * (img->bitsPerPixel/8); /* Align to next multiple of img->rowPadBytes */ if(img->rowPadBytes > 0) img->rowSizeBytes = (((img->rowSizeBytes + img->rowPadBytes - 1) / img->rowPadBytes ) * img->rowPadBytes); Due to the wrong caluclation a out-of-bounds access later on result in a crash. The attached patch fixes this issue. Since libdmtx is unmaintained I'm posting the patch here to get it at least into the openSUSE rpms Reproducible: Always Steps to Reproduce: 1. Create a dmtx Context with dmtxEncodeCreate 2. Set DmtxPropRowPadBytes to 4 with dmtxEncodeSetProp 3. Create a Datamatrix Image with dmtxEncodeDataMatrix -> Crash 4. Create a QImage from the resulting raw barcode image Actual Results: Crash / Corrupted Image Expected Results: No Crash -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.