! Please note that this is a snapshot of our old Bugzilla server, which is read only since May 29, 2020. Please go to gitlab.xfce.org for our new server !
Critical : Bad management of cover thumbs in /tmp could result in Denial Of S...
Status:
RESOLVED: FIXED
Priority:
Very High
Severity:
critical
Product:
Parole
Component:
General

Comments

Description HYPERION 2019-10-09 21:01:24 CEST 
Created attachment 9104 
the patch

Parole 1.0.4 creates thousands of cover images thumbs in /tmp while playing audio.

This is a critical bug since it can result in denial of service on computers with small root storage.

Here's the patch :

diff -rNaud parole-1.0.4/src/misc/parole-stream.c parole-1.0.4-new/src/misc/parole-stream.c
--- parole-1.0.4/src/misc/parole-stream.c	2019-07-27 13:51:51.000000000 +0200
+++ parole-1.0.4-new/src/misc/parole-stream.c	2019-10-05 11:05:52.887860556 +0200
@@ -345,6 +345,9 @@
 
     stream = PAROLE_STREAM(object);
 
+    if (stream->priv->previous_image)
+        return;
+
     if ( stream->priv->image )
         g_object_unref(G_OBJECT(stream->priv->image));
Comment 1 Git Bot editbugs 2019-11-10 13:23:10 CET 
Sean Davis referenced this bugreport in commit 537ded1850e8802958bdd65697bdf61a33f0fd85

Fix Parole creating and not cleaning up thumbnails (bug #16026)

https://git.xfce.org/apps/parole/commit?id=537ded1850e8802958bdd65697bdf61a33f0fd85
Comment 2 Sean Davis editbugs 2019-11-10 13:25:08 CET 
Thanks for the bug report! The above patch should resolve this issue without any unintended consequences. It also reduces the amount of CPU overhead when loading any file.

Bug #16026

Reported by:
HYPERION
Reported on: 2019-10-09
Last modified on: 2019-11-10

People

Assignee:
Simon Steinbeiss
CC List:
2 users

Version

Version:
1.0.4
Target Milestone:
1.0

Attachments

the patch (461 bytes, patch)
2019-10-09 21:01 CEST , HYPERION 		no flags

Additional information