Bug 1993193
Summary: | Segfaults on s390x | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Vít Ondruch <vondruch> |
Component: | ImageMagick | Assignee: | Vít Ondruch <vondruch> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | fedora, mike, nforro, pahan, phracek |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ImageMagick-6.9.11.27-8.fc36 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-08-31 15:14:41 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vít Ondruch
2021-08-12 13:57:40 UTC
@dhorak since this seems to be platform specific and rather strange that IM would be that broken, could you please take a look? Doing quick check, the convert command above worked on Fedora 33 with ImageMagick-1:6.9.11.27-1.fc33.s390x + libtiff-4.1.0-8.fc33.s390x, but it does not work in: * Fedora 34 with ImageMagick-1:6.9.11.27-3.fc34.s390x + libtiff-4.2.0-1.fc34.s390x * Fedora 35 with ImageMagick-1:6.9.11.27-6.fc35.s390x + libtiff-4.3.0-2.fc35.s390x * Fedora Rawhide with ImageMagick-1:6.9.11.27-7.fc36.s390x + libtiff-4.3.0-2.fc35.s390x So this really might be libtiff issue. This is not a libtiff issue. The problem is in coders/tiff.c: 637 #if defined(TIFFTAG_RICHTIFFIPTC) && (TIFFLIB_VERSION >= 20191103) 638 if ((TIFFGetField(tiff,TIFFTAG_RICHTIFFIPTC,&length,&profile) == 1) && 639 (profile != (unsigned char *) NULL)) 640 { 641 const TIFFField 642 *field; 643 644 if (TIFFIsByteSwapped(tiff) != 0) 645 TIFFSwabArrayOfLong((uint32 *) profile,(size_t) length); 646 field=TIFFFieldWithTag(tiff,TIFFTAG_RICHTIFFIPTC); 647 if (TIFFFieldDataType(field) == TIFF_LONG) 648 status=ReadProfile(image,"iptc",profile,4L*length); 649 else 650 status=ReadProfile(image,"iptc",profile,length); 651 } 652 #endif TIFFSwabArrayOfLong() expects as its second argument the length of an array of 4-byte elements, but in this case the length variable represents a length in bytes, because the input image contains TIFFTAG_RICHTIFFIPTC with associated profile data stored as TIFF_UNDEFINED, not TIFF_LONG. So the function accesses and modifies memory it's not supposed to and that later leads to the crash. It's already fixed upstream: https://github.com/ImageMagick/ImageMagick/commit/d1b3b2513f8fb48a3958230e3a1de0e3c21913a0 If someone wants to take primary ownership of ImageMagick please step forward. I do not have the time to dedicate to this package. I only picked it up because it was going to be orphaned and so many applications rely on it. There is also ImageMagick6 fix: https://github.com/ImageMagick/ImageMagick6/commit/112051a709f83f13ca2b9ab63007d4a41b0a9beb I have opened PR: https://src.fedoraproject.org/rpms/ImageMagick/pull-request/4 I'll merge ~Monday if nobody objects. (In reply to Nikola Forró from comment #3) BTW thx a lot for your analysis! I took the liberty and merged the PR myself. The build is underway. FEDORA-2021-7f3753c9e8 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2021-7f3753c9e8 FEDORA-2021-7f3753c9e8 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. |