Bug 498381

Summary: Very slow image parsing in XCF plugin
Product: [Frameworks and Libraries] frameworks-kimageformats Reporter: iphydf
Component: generalAssignee: Alex Merry <alex.merry>
Status: RESOLVED FIXED    
Severity: normal CC: aacid, kdelibs-bugs-null
Priority: NOR    
Version First Reported In: 6.9.0   
Target Milestone: ---   
Platform: Compiled Sources   
OS: All   
Latest Commit: https://invent.kde.org/frameworks/kimageformats/-/commit/f296c38daf2ba78fd20537672c6bbc28cc9443f4 Version Fixed/Implemented In:
Sentry Crash Report:

Description iphydf 2025-01-08 10:15:48 UTC 
The following file takes 7 seconds to parse.

Reproducer:
```
    const QByteArray data = QByteArray::fromBase64(
        "AWdpbXAgeGNmAAAwAAoAAABbAAAAAzMAAAAAAAAAAAAAAAYAcAEAAAAAAwAAAAAAAf//////bW1t"
        "bW1tbW1tbW1tbW1tbW3/////////////bW1tnZ2dnZ2dnZ2dJSFQUy1BZG9iZZ2dnZ2dnZ2dnZ2d"
        "nZ2dnZ2dnZ2dnXJycnJycnJycnJycnJycnJycnJycnJycnJtfm1tbW1tbW1tAAAAAAAAAAABMQAA"
        "7wYAAAAAAAAAAQAAAAAAAAAAAAAAAAkAAAAJ22M/");

    QImage::fromData(data.mid(1), "XCF");
```

Here's another file that takes over a minute (be sure to remove the first byte):
```
AWdpbXAgeGNmAAAwAAoAAABbAAAAAzMAAAAAAAAAAAAAAAYAcAEAAAAAAwAAAAAAAf//////bW1t
bW1tbW1tbW1tbW1tbW3/////////////bW1tnZ2dnZ2dnZ2dJSFQUy1BZG9iZZ2dnZ2dnZ2dnZ2d
nZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2d
nZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ1ycnJycnJycnJycnLJcnJy
cnJycnJycnJycnJycnJycnJtfm1tbW1tbW1tAAAAAAAAAAABMgAA7wYAAAAAAAAAAQAAAAAAAAAA
AAAAAAkAAAAJ22M/
```
Comment 1 iphydf 2025-01-08 10:16:38 UTC 
A slight extension of that last example, here's one that takes over 2 minutes:

```
AWdpbXAgeGNmAAAwAAoAAABbAAAAAzMAAAAAAAAAAAAAAAYAcAEAAAAAAwAAAAAAAf//////bW1t
bW1tbW1tbW1tbW1tbW3///////////+SbW1tnZ2dnZ2dnZ2dJSFQUy1BZG9iZZ2dnZ2dnZ2dnZ2d
nZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2TnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2d
nZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ1tbW1tbW1tbW1tcnJycnJy
cnJygQACAAAAAAAYAP8BAksDAAhycnJycnJycnJycnJycnJycnJycnJycnJycnJycnJycnJycnJy
cnL/cnJycnJycnJycnJycnJycnJycnJycnJycnJycnJycnJybX5tbW1tbW1tbQAAAAAAAAAAATEA
AO8GAAAAAAAAAAEAAAAAAAAAAAAAAAAJAAAACdtjPw==
```
Comment 2 Albert Astals Cid 2025-01-08 16:12:03 UTC 
Not major.
Comment 3 iphydf 2025-01-08 16:18:24 UTC 
Ok. For us, this bug means we can't use the xcf parser at all, because we'd need to put it into a separate process and kill it if it exceeds some time limit. This is effectively a DoS vector.
Comment 4 Albert Astals Cid 2025-01-08 17:49:28 UTC 
I don't know who "us" is in your sentence, but if it is a major problem for you, we always welcome patches to improve things.

In the grand scheme of KDE, this is not a major bug nor it is not a DOS vector either, no one will die if opening a bogus image takes 2 minutes.
Comment 5 Bug Janitor Service 2025-01-08 20:52:30 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/kimageformats/-/merge_requests/309
Comment 6 Mirco Miranda 2025-01-09 02:36:00 UTC 
Git commit f296c38daf2ba78fd20537672c6bbc28cc9443f4 by Mirco Miranda, on behalf of Albert Astals Cid.
Committed on 09/01/2025 at 02:33.
Pushed by mircomir into branch 'master'.

xcf: Return early if seek fails

M  +3    -1    src/imageformats/xcf.cpp

https://invent.kde.org/frameworks/kimageformats/-/commit/f296c38daf2ba78fd20537672c6bbc28cc9443f4