[Pkg-xfce-devel] Bug#827427: tumbler: Large image file causes system denial-of-service
Daniel Richard G.
skunk at iSKUNK.ORG
Thu Jun 16 02:07:42 UTC 2016
I use ristretto to view an image file in /tmp for a few seconds, then
quit, and switch to another task. Suddenly, I notice the system is unresponsive---
Web pages no longer scroll, the mouse moves sluggishly, switching
virtual desktops takes several seconds instead of instantly.
I check the process table. Nothing hogging the CPU. I switch to sort-by-
memory, and see that a new "tumbler" process is at the top, using
something around 6GB of RAM.
I look in /proc/$PID/fd/, and see that it has open what appears to be an
old ImageMagick temp file in /tmp. A little examination...
$ file /tmp/magick-1507aN2NBN8aASXP1
/tmp/magick-1507aN2NBN8aASXP1: PNG image data, 91905 x 18168, 8-bit/color RGBA, non-interlaced
...pretty much spells out what was going on.
This tumbler daemon needs to have reasonable safeguards so that it
doesn't tank the system when it encounters an unreasonably-sized image
file like the above.
(FYI, this file is ~12MB, so it is not huge in terms of raw file size.)
More information about the Pkg-xfce-devel