Segmentation fault with huge jpg image #2219
Description
The system used is Debian testing/sid (current) and the version of geegie is 2.7 GTK3
When trying to display a very large jpg image, geeqie crashes. Take for example The Garden of Earthly Delights by H. Bosch a jpg file with resolution 39137x22279 and of size 175 MB. Geeqie crashes when scaling the image to 1 and moving to an image border.
A gdb run results now in:
$ gdb geeqie
...
(gdb) run
...
Thread 1 "geeqie" received signal SIGSEGV, Segmentation fault.
(anonymous namespace)::rt_tile_get_region (has_alpha=0,
ignore_alpha=<optimized out>, src=<optimized out>, dest=0x5555566b9e00,
pb_rect=..., offset_x=-37760, offset_y=-21248, scale_x=<optimized out>,
scale_y=<optimized out>, interp_type=GDK_INTERP_NEAREST, check_x=37760,
check_y=21248, wide_image=1) at ../src/renderer-tiles.cc:1245
⚠️ warning: 1245 ../src/renderer-tiles.cc: No such file or directory
(gdb) bt
#0 (anonymous namespace)::rt_tile_get_region (has_alpha=0,
ignore_alpha=<optimized out>, src=<optimized out>, dest=0x5555566b9e00,
pb_rect=..., offset_x=-37760, offset_y=-21248, scale_x=<optimized out>,
scale_y=<optimized out>, interp_type=GDK_INTERP_NEAREST, check_x=37760,
check_y=21248, wide_image=1) at ../src/renderer-tiles.cc:1245
#1 0x000055555565a5ac in (anonymous namespace)::rt_tile_render (
rt=0x555555a03ef0, it=0x5555567558f0, x=<optimized out>,
y=<optimized out>, w=<optimized out>, h=<optimized out>, new_data=0,
fast=<optimized out>) at ../src/renderer-tiles.cc:1423
#2 0x000055555565ba33 in (anonymous namespace)::rt_tile_expose (
rt=0x555555a03ef0, it=0x5555567558f0, x=64, y=56, w=64, h=72,
new_data=<optimized out>, fast=1) at ../src/renderer-tiles.cc:1492
#3 (anonymous namespace)::rt_queue_draw_idle_cb (data=0x555555a03ef0)
at ../src/renderer-tiles.cc:1625
#4 0x00007ffff71d25ee in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#5 0x00007ffff71d597f in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#6 0x00007ffff71d6110 in g_main_context_iteration ()
from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#7 0x00007ffff74244bd in g_application_run ()
from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#8 0x00005555555ad9b4 in main (argc=1, argv=0x7fffffffde68)
at ../src/main.cc:1142
(gdb)
As an (untested) patch I would suggest:
--- src/renderer-tiles.cc.orig 2026-02-27 15:41:35.000000000 +0100
+++ src/renderer-tiles.cc 2026-03-07 19:33:10.929723740 +0100
@@ -1189,14 +1189,20 @@
if (wide_image)
{
const gint srs = gdk_pixbuf_get_rowstride(src);
+ const gint sw = gdk_pixbuf_get_width(src);
+ const gint sh = gdk_pixbuf_get_height(src);
const gint drs = gdk_pixbuf_get_rowstride(dest);
+ const gint dw = gdk_pixbuf_get_width(dest);
+ const gint dh = gdk_pixbuf_get_height(dest);
const guchar *s_pix = gdk_pixbuf_get_pixels(src);
guchar *d_pix = gdk_pixbuf_get_pixels(dest);
- for (gint y = 0; y < pb_rect.height; y++)
+ /* make sure that y < dh and sy < sh ; see https://docs.gtk.org/gdk-pixbuf/class.Pixbuf.html#image-data */
+ for (gint y = 0; y < std::min({pb_rect.height, dh, static_cast<int>(offset_y) - pb_rect.y + sh}); y++)
{
const gint sy = -static_cast<int>(offset_y) + pb_rect.y + y;
- for (gint x = 0; x < pb_rect.width; x++)
+ /* make sure that x < dw and sx < sw */
+ for (gint x = 0; x < std::min({pb_rect.width, dw, static_cast<int>(offset_x) - pb_rect.x + sw}); x++)
{
const gint sx = -static_cast<int>(offset_x) + pb_rect.x + x;
const guchar *sp = s_pix + (sy * srs) + (sx * COLOR_BYTES);
Any comments?
Regards,
Jörg.