Bug 69917

Summary: fig2dev crashes sometimes with more than 1 include picture file
Product: [Retired] Red Hat Linux Reporter: Klaus Steinberger <klaus.steinberger>
Component: transfigAssignee: Than Ngo <than>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-07-26 12:06:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Klaus Steinberger 2002-07-26 12:06:46 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020711

Description of problem:
Excerpt from a Mail dialog between on of our developer an Brian Smith,
the developer of xfig/transfig:


Date: Wed, 24 Jul 2002 10:04:00 -0700 From: Brian V. Smith <BVSmith> To:
Otto Schaile <Otto.Schaile.DE> Subject: Re: fig2dev with
more thean 2 giffiles Hello Otto, Yes, definitely a bug here. I've attached a
patch to fix this. It's strange, but on my SunOS system it didn't cause a
problem, but on my RedHat system it definitely does. Thanks for the bug report.
Brian On Wednesday 24 July 2002 09:08 am, you wrote:

> Hello Brian,
>
> I think I found the problem in fig2dev which caused it to crash when
> more than 2 gif-files are included:
>
> genps.c: 935 reads:
>
>   close_picfile(picf,filtype);
>
> This was opened at line 918, however in readgif.c:188 this file gets
> already closed and the file structure in memory is reused for "giftopcx"
> which gets also closed.
> The pointer "file" filled at readgif.c:189 which is different from
> "file" at entry of "read_gif(file" is not passed back to genps but
> close_picfile(picf,filtype) in genps sees the original structure.
>
> This behavior is documented in the attached log file of gdb session
> Note:
> line numbers there are a bit different since I added extra "fprints"
> The crash itself happens later in malloc.c
>
> Versions I use:
> fig2dev, 3.2 Patchlevel 3d
> Linux Redhat 7.2, gcc-2.96-98, glibc-2.2.4-24
>
> Cheers
> Otto




Version-Release number of selected component (if applicable):


How reproducible:
Sometimes

Steps to Reproduce:
1. See description
2.
3.
	

Additional info:

This bug is present in RH 7.1/RH7.2/RH7.2 and probably also in limbo,
here is an patch from Brian:

This fixes a bug where, when importing a GIF image, the file was closed twice.

diff -c fig2dev/dev/genps.c.orig fig2dev/dev/genps.c
*** fig2dev/dev/genps.c.orig	Tue May  7 17:08:43 2002
--- fig2dev/dev/genps.c	Wed Jul 24 09:39:01 2002
***************
*** 212,218 ****
  	    int		(*readfunc)();
  	    Boolean	pipeok;
  	}
! 	headers[]= {    {"GIF", "GIF",		    3, read_gif,	True},
  #ifdef V4_0
  			{"FIG", "#FIG",		    4, read_figure,	True},
  #endif /* V4_0 */
--- 212,218 ----
  	    int		(*readfunc)();
  	    Boolean	pipeok;
  	}
! 	headers[]= {    {"GIF", "GIF",		    3, read_gif,	False},
  #ifdef V4_0
  			{"FIG", "#FIG",		    4, read_figure,	True},
  #endif /* V4_0 */
diff -c fig2dev/dev/readgif.c.orig fig2dev/dev/readgif.c
*** fig2dev/dev/readgif.c.orig	Fri Jan 12 12:12:16 2001
--- fig2dev/dev/readgif.c	Wed Jul 24 09:56:55 2002
***************
*** 28,34 ****
  #include "fig2dev.h"
  #include "object.h"
  
! extern	int	_read_pcx();
  
  #define BUFLEN 1024
  
--- 28,35 ----
  #include "fig2dev.h"
  #include "object.h"
  
! extern	FILE	*open_picfile();
! extern	int	 _read_pcx();
  
  #define BUFLEN 1024
  
***************
*** 49,56 ****
  static Boolean	 DoGIFextension();
  static int	 GetDataBlock();
  static int	 GetCode();
- extern FILE	*open_picfile();
- extern void	 close_picfile();
  
  #define LOCALCOLORMAP		0x80
  #define	ReadOK(file,buffer,len)	(fread(buffer, len, 1, file) != 0)
--- 50,55 ----
***************
*** 80,99 ****
  */
  
  int
! read_gif(file,filetype,pic,llx,lly)
!     FILE	   *file;
      int		    filetype;
      F_pic	   *pic;
      int		   *llx, *lly;
  {
! 	char		buf[BUFLEN],pcxname[PATH_MAX];
! 	FILE		*giftopcx;
! 	int		i, stat, size;
! 	int		useGlobalColormap;
! 	unsigned int	bitPixel;
! 	unsigned char	c;
! 	char		version[4];
! 	unsigned char   transp[3]; /* RGB of transparent color (if any) */
  
  	/* first read header to look for any transparent color extension */
  
--- 79,105 ----
  */
  
  int
! read_gif(filename,filetype,pic,llx,lly)
!     char	   *filename;
      int		    filetype;
      F_pic	   *pic;
      int		   *llx, *lly;
  {
! 	char		 buf[BUFLEN],pcxname[PATH_MAX];
! 	char		 realname[PATH_MAX];
! 	FILE		*file, *giftopcx;
! 	int		 i, stat, size;
! 	int		 useGlobalColormap;
! 	unsigned int	 bitPixel;
! 	unsigned char	 c;
! 	char		 version[4];
! 	unsigned char    transp[3]; /* RGB of transparent color (if any) */
! 
! 	/* open the file */
! 	if ((file=open_picfile(filename, &filetype, False, realname)) == NULL) {
! 		fprintf(stderr,"No such GIF file: %s\n",realname);
! 		return;
! 	}
  
  	/* first read header to look for any transparent color extension */
  
***************
*** 185,192 ****
  	}
  
  	/* reposition the file at the beginning */
! 	close_picfile(file,filetype);
! 	file = open_picfile(pic->file, &filetype, True, pcxname);
  	
  	/* now call giftopnm and ppmtopcx */
  
--- 191,197 ----
  	}
  
  	/* reposition the file at the beginning */
! 	fseek(file, 0, SEEK_SET);
  	
  	/* now call giftopnm and ppmtopcx */
  
diff -c fig2dev/dev/readjpg.c.orig fig2dev/dev/readjpg.c
*** fig2dev/dev/readjpg.c.orig	Tue Apr 30 15:17:07 2002
--- fig2dev/dev/readjpg.c	Wed Jul 24 09:44:57 2002
***************
*** 28,33 ****
--- 28,36 ----
  #include "object.h"
  #include "psimage.h"
  
+ extern void	 close_picfile();
+ extern FILE	*open_picfile();
+ 
  #ifdef REQUIRES_GETOPT
  int      getopt(int nargc, char **nargv, char *ostr);
  #endif
Comment 1 Ngo Than 2002-07-31 19:57:25 UTC 
transfig-3.2.3d-7 includes now this fix. Thanks