Bug 179645
Summary: | pnmtopng crashes converting pnm image | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Gabriele Turchi <turchi> |
Component: | netpbm | Assignee: | Jindrich Novy <jnovy> |
Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | CC: | pknirsch |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-02-17 06:06:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Gabriele Turchi
2006-02-01 20:51:35 UTC
Hello Gabrielle, it works for me with this sample pgm file on x86_64: P5 1 1 255 A and this ppm file: P6 1 1 255 AAA I tried this also with larger pnms but still don't see a segfault. It looks like the segfault needs an image with special properties to reproduce it. Could you please attach your testing image what shows the segfault here? Mhhh, so strange. I've tested your sample images receiving always a segfault. pnmtojpeg runs well as before. $ ldd `which pnmtopng` libnetpbm.so.10 => /usr/lib64/libnetpbm.so.10 (0x0000003a9a000000) libpng12.so.0 => /usr/lib64/libpng12.so.0 (0x00000035b2500000) libz.so.1 => /usr/lib64/libz.so.1 (0x00000035ab900000) libm.so.6 => /lib64/libm.so.6 (0x00000035ab300000) libc.so.6 => /lib64/libc.so.6 (0x00000035ab000000) /lib64/ld-linux-x86-64.so.2 (0x00000035aa300000) $ ldd `which pnmtojpeg` libnetpbm.so.10 => /usr/lib64/libnetpbm.so.10 (0x0000003a9a000000) libjpeg.so.62 => /usr/lib64/libjpeg.so.62 (0x00000035afb00000) libm.so.6 => /lib64/libm.so.6 (0x00000035ab300000) libc.so.6 => /lib64/libc.so.6 (0x00000035ab000000) /lib64/ld-linux-x86-64.so.2 (0x00000035aa300000) I still have no luck reproducing this. Could you please install netpbm-debuginfo package and run gdb and give me a backtrace of the segfault? Also the versions of libpng and zlib you have would be of some help. I have these: libpng-1.2.8-2 zlib-1.2.2.2-5.fc4 libpng-1.2.8-2, zlib-1.2.2.2-5.fc4 for me too. Strange gdb result...: $ gdb pnmtopng GNU gdb Red Hat Linux (6.3.0.0-1.84rh) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db library "/lib64/libthread_db.so.1". (gdb) run x1.pnm > x1.png Starting program: /usr/bin/pnmtopng x1.pnm > x1.png Program received signal SIGSEGV, Segmentation fault. 0x00000035ab074450 in rawmemchr () from /lib64/libc.so.6 (gdb) Re-run with glibc-debuginfo installed (glibc-2.3.5-10.3): Program received signal SIGSEGV, Segmentation fault. 0x00000035ab074450 in *__GI___rawmemchr (s=Variable "s" is not available. ) at ../sysdeps/generic/rawmemchr.c:149 149 longword = *longword_ptr++ ^ charmask; (gdb) As a double check, pnmtojpeg runs well under gdb as before. Mhhh...... Thanks for the dump of gdb session. The crash in glibc is likely to be caused by memory corrution caused by pnmtopng, could you please write here backtrace of stack (bt command in gdb) when the segfault occurs to let me see the calling sequence up to pnmtopng? Et voila': (gdb) run x1.pnm > x1.png Starting program: /usr/bin/pnmtopng x1.pnm > x1.png Program received signal SIGSEGV, Segmentation fault. 0x00000035ab074450 in *__GI___rawmemchr (s=Variable "s" is not available. ) at ../sysdeps/generic/rawmemchr.c:149 149 longword = *longword_ptr++ ^ charmask; (gdb) bt #0 0x00000035ab074450 in *__GI___rawmemchr (s=Variable "s" is not available. ) at ../sysdeps/generic/rawmemchr.c:149 #1 0x00000035ab068d1a in _IO_str_init_static_internal (sf=0x7fffff81cab0, ptr=0x0, size=Variable "size" is not available. ) at strops.c:76 #2 0x00000035ab05e6e5 in _IO_vsscanf (string=0x0, format=0x40798d "%d-%d-%d %d:%d:%d", args=0x7fffff81cbd0) at iovsscanf.c:44 #3 0x00000035ab059cf8 in *__GI_sscanf (s=Variable "s" is not available. ) at sscanf.c:34 #4 0x00000000004060b2 in main (argc=2, argv=0x7fffff81d068) at pnmtopng.c:226 #5 0x00000035ab01c3cf in __libc_start_main (main=0x40541e <main>, argc=2, ubp_av=0x7fffff81d068, init=0x4068e0 <__libc_csu_init>, fini=Variable "fini" is not available. ) at ../sysdeps/generic/libc-start.c:216 #6 0x0000000000401ba9 in _start () #7 0x00007fffff81d058 in ?? () #8 0x0000000000000000 in ?? () (gdb) The interesting thing is that the segfault is caused by sscanf() call from parseModtimeOpt() function that is only called when you pass -modtime='date and time' option to pnmtopng. I don't understand why in your case it crashes since you call pnmtopng without the -modtime option. The code within this function is apparently broken and doesn't check whether the values are successfully read from the modtime string. I'll add the checks and give you a package for testing. If it's fixed by it, I'll release an update. Ok, I found the problem and fixed it. The reason that I wasn't able to reproduce it was that the segfault depended on an uninitialized variables that had "not so bad" values in my testing cases so I wasn't able to reproduce it myself. A testing update containing the fix is now built. The testing update is now pushed: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/4/ Could you please test whether the problem is gone for you after installing it? First basic tests runs well, now pnmtopng works. Thank you! :-) From User-Agent: XML-RPC netpbm-10.31-1.FC4.2 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report. |