498381 – Very slow image parsing in XCF plugin

Bug 498381 - Very slow image parsing in XCF plugin

Summary: Very slow image parsing in XCF plugin

Status:	RESOLVED FIXED

Alias:	None

Product:	frameworks-kimageformats
Classification:	Frameworks and Libraries
Component:	general (show other bugs)
Version:	6.9.0
Platform:	Compiled Sources All

Importance:	NOR normal
Target Milestone:	---
Assignee:	Alex Merry

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-01-08 10:15 UTC by iphydf
Modified:	2025-01-09 02:36 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:	https://invent.kde.org/frameworks/kimageformats/-/commit/f296c38daf2ba78fd20537672c6bbc28cc9443f4
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description iphydf 2025-01-08 10:15:48 UTC

The following file takes 7 seconds to parse.

Reproducer:
```
    const QByteArray data = QByteArray::fromBase64(
        "AWdpbXAgeGNmAAAwAAoAAABbAAAAAzMAAAAAAAAAAAAAAAYAcAEAAAAAAwAAAAAAAf//////bW1t"
        "bW1tbW1tbW1tbW1tbW3/////////////bW1tnZ2dnZ2dnZ2dJSFQUy1BZG9iZZ2dnZ2dnZ2dnZ2d"
        "nZ2dnZ2dnZ2dnXJycnJycnJycnJycnJycnJycnJycnJycnJtfm1tbW1tbW1tAAAAAAAAAAABMQAA"
        "7wYAAAAAAAAAAQAAAAAAAAAAAAAAAAkAAAAJ22M/");

    QImage::fromData(data.mid(1), "XCF");
```

Here's another file that takes over a minute (be sure to remove the first byte):
```
AWdpbXAgeGNmAAAwAAoAAABbAAAAAzMAAAAAAAAAAAAAAAYAcAEAAAAAAwAAAAAAAf//////bW1t
bW1tbW1tbW1tbW1tbW3/////////////bW1tnZ2dnZ2dnZ2dJSFQUy1BZG9iZZ2dnZ2dnZ2dnZ2d
nZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2d
nZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ1ycnJycnJycnJycnLJcnJy
cnJycnJycnJycnJycnJycnJtfm1tbW1tbW1tAAAAAAAAAAABMgAA7wYAAAAAAAAAAQAAAAAAAAAA
AAAAAAkAAAAJ22M/
```

Comment 1 iphydf 2025-01-08 10:16:38 UTC

A slight extension of that last example, here's one that takes over 2 minutes:

```
AWdpbXAgeGNmAAAwAAoAAABbAAAAAzMAAAAAAAAAAAAAAAYAcAEAAAAAAwAAAAAAAf//////bW1t
bW1tbW1tbW1tbW1tbW3///////////+SbW1tnZ2dnZ2dnZ2dJSFQUy1BZG9iZZ2dnZ2dnZ2dnZ2d
nZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2TnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2d
nZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ1tbW1tbW1tbW1tcnJycnJy
cnJygQACAAAAAAAYAP8BAksDAAhycnJycnJycnJycnJycnJycnJycnJycnJycnJycnJycnJycnJy
cnL/cnJycnJycnJycnJycnJycnJycnJycnJycnJycnJycnJybX5tbW1tbW1tbQAAAAAAAAAAATEA
AO8GAAAAAAAAAAEAAAAAAAAAAAAAAAAJAAAACdtjPw==
```

Comment 2 Albert Astals Cid 2025-01-08 16:12:03 UTC

Not major.

Comment 3 iphydf 2025-01-08 16:18:24 UTC

Ok. For us, this bug means we can't use the xcf parser at all, because we'd need to put it into a separate process and kill it if it exceeds some time limit. This is effectively a DoS vector.

Comment 4 Albert Astals Cid 2025-01-08 17:49:28 UTC

I don't know who "us" is in your sentence, but if it is a major problem for you, we always welcome patches to improve things.

In the grand scheme of KDE, this is not a major bug nor it is not a DOS vector either, no one will die if opening a bogus image takes 2 minutes.

Comment 5 Bug Janitor Service 2025-01-08 20:52:30 UTC

A possibly relevant merge request was started @ https://invent.kde.org/frameworks/kimageformats/-/merge_requests/309

Comment 6 Mirco Miranda 2025-01-09 02:36:00 UTC

Git commit f296c38daf2ba78fd20537672c6bbc28cc9443f4 by Mirco Miranda, on behalf of Albert Astals Cid.
Committed on 09/01/2025 at 02:33.
Pushed by mircomir into branch 'master'.

xcf: Return early if seek fails

M  +3    -1    src/imageformats/xcf.cpp

https://invent.kde.org/frameworks/kimageformats/-/commit/f296c38daf2ba78fd20537672c6bbc28cc9443f4