Bug 1320643

Summary: imagemagick segfaults when trying to convert large PSD files
Product: Red Hat Enterprise Linux 6 Reporter: Joe Wright <jwright>
Component: ImageMagickAssignee: Jan Horak <jhorak>
Status: CLOSED WONTFIX QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: high    
Version: 6.7CC: jhorak, rbost, vchoudha
Target Milestone: rcKeywords: Desktop
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-19 14:13:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1269194    

Description Joe Wright 2016-03-23 16:49:18 UTC 
Description of problem:
- ImageMagick segfaults in PHP when trying to convert a PSD graphic greater than 30MB in size.

Version-Release number of selected component (if applicable):
ImageMagick-6.7.2.7-2.el6.x86_64

How reproducible:


Steps to Reproduce:
1. attempt to convert a PSD graphic 30MB or larger
2.
3.

Actual results:
- Coredump

(gdb) bt 5
#0  0x000000345ef11910 in IsEventLogging () from /usr/lib64/libMagickCore.so.5
#1  0x000000345ef11a6e in LogMagickEventList () from /usr/lib64/libMagickCore.so.5
#2  0x000000345ef126da in LogMagickEvent () from /usr/lib64/libMagickCore.so.5
#3  0x000000345efa3f58 in DestroyXMLTree () from /usr/lib64/libMagickCore.so.5
#4  0x000000345efa3f78 in DestroyXMLTree () from /usr/lib64/libMagickCore.so.5
(More stack frames follow...)
(gdb) bt -15
#156250 0x000000345efa3f78 in DestroyXMLTree () from /usr/lib64/libMagickCore.so.5
#156251 0x000000345efa3f78 in DestroyXMLTree () from /usr/lib64/libMagickCore.so.5
#156252 0x000000345efa3f66 in DestroyXMLTree () from /usr/lib64/libMagickCore.so.5
#156253 0x000000345efa3f66 in DestroyXMLTree () from /usr/lib64/libMagickCore.so.5
#156254 0x000000345efa3f66 in DestroyXMLTree () from /usr/lib64/libMagickCore.so.5
#156255 0x000000345ef37a80 in GetImageProperty () from /usr/lib64/libMagickCore.so.5
#156256 0x000000345ef3a329 in SetImageProfile () from /usr/lib64/libMagickCore.so.5
#156257 0x000000345ef3a568 in SetImageProfile () from /usr/lib64/libMagickCore.so.5
#156258 0x00007f027bb9bffa in ?? () from /usr/lib64/ImageMagick-6.7.2/modules-Q16/coders/psd.so
#156259 0x000000345ee7e61c in ReadImage () from /usr/lib64/libMagickCore.so.5
#156260 0x000000345daab090 in MagickReadImage () from /usr/lib64/libMagickWand.so.5
#156261 0x00007f02818dc9ee in ?? ()
#156262 0x0000000003608690 in ?? ()
#156263 0x000000000058cc78 in ?? ()
#156264 0x0000000000000000 in ?? ()

Expected results:
- ImageMatick doesnt crash

Additional info:
 Backporting upstream imagemagick 6.8.9-1 should fix this