[Pkg-xfce-devel] Bug#827427: tumbler: Large image file causes system denial-of-service

Daniel Richard G. skunk at iSKUNK.ORG
Thu Jun 16 02:07:42 UTC 2016


Package: tumbler
Version: 0.1.30-1+b1

I use ristretto to view an image file in /tmp for a few seconds, then
quit, and switch to another task. Suddenly, I notice the system is unresponsive---
Web pages no longer scroll, the mouse moves sluggishly, switching
virtual desktops takes several seconds instead of instantly.

I check the process table. Nothing hogging the CPU. I switch to sort-by-
memory, and see that a new "tumbler" process is at the top, using
something around 6GB of RAM.

I look in /proc/$PID/fd/, and see that it has open what appears to be an
old ImageMagick temp file in /tmp. A little examination...

    $ file /tmp/magick-1507aN2NBN8aASXP1
    /tmp/magick-1507aN2NBN8aASXP1: PNG image data, 91905 x 18168, 8-bit/color RGBA, non-interlaced

...pretty much spells out what was going on.

This tumbler daemon needs to have reasonable safeguards so that it
doesn't tank the system when it encounters an unreasonably-sized image
file like the above.

(FYI, this file is ~12MB, so it is not huge in terms of raw file size.)



More information about the Pkg-xfce-devel mailing list