312912 – Kolourpaint susceptible to a billion laughs

Bug 312912 - Kolourpaint susceptible to a billion laughs

Summary: Kolourpaint susceptible to a billion laughs

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	kolourpaint
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Debian testing Other

Importance:	NOR normal
Target Milestone:	---
Assignee:	kolourpaint-support

URL:	http://pastebin.com/XqcV3eHM
Keywords:

Depends on:
Blocks:

Reported:	2013-01-08 22:01 UTC by stud4
Modified:	2013-01-09 13:39 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Prepared svg file (1.06 KB, image/svg+xml) 2013-01-08 22:03 UTC, stud4	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description stud4 2013-01-08 22:01:31 UTC

Kolourpaint allocates several gigabytes of memory and then crashes when opening a preperated SVG (see link) with a billion laughs (http://en.wikipedia.org/wiki/Billion_laughs)



Reproducible: Always

Steps to Reproduce:
1. open the svg file
Actual Results:  
Program crashes when starting up

Expected Results:  
An error message about a broken file

kcrash file: http://pastebin.com/Ljx4PRjf

Comment 1 stud4 2013-01-08 22:03:08 UTC

Created attachment 76322 [details]
Prepared svg file

Comment 2 Christoph Feck 2013-01-08 23:38:01 UTC

Also happens when using a pure Qt based viewer. Please report this issue to Qt developers via http://qt-project.org/

Comment 3 stud4 2013-01-09 13:39:03 UTC

https://bugreports.qt-project.org/browse/QTBUG-29019