Created attachment 324068 [details] ImageMagick-6.2.8-svg.patch General Escalation Information State the problem 1. Provide time and date of the problem Easily Reproducible 2. Indicate the platform(s) (architectures) the problem is being reported against. RHEL 5.2 x86_64 3. Provide clear and concise problem description as it is understood at the time of escalation * Observed behavior $ convert 1.svg 2.png Segmentation fault Segfault occurs after succesful conversion during exit code afaict. * Desired behavior No segfault 4. State specific action requested of SEG Determine cause of segfault, and fix it. 5. State whether or not a defect in the product is suspected A defect is suspected, I did not find any relevant BZs 6. If there is a proposed patch, make sure it is in unified diff format (diff -pruN) Found a patch, but after testing, I'm not sure if it's really relevant to the issue. Details in ticket. 7. Refrain from using the word "hang", as it can mean different things to different people in different contexts. Use a better and more specific description of your problem. N/A 8. This is especially important for severity one and two issues. What is the impact to the customer when they experience this problem? * For example: "This system houses our accounts payable database. When the system crashes we are unable to process payroll, and other payable functions. This is especially critical as we approach end of our quarter." Provide supporting info 1. State other actions already taken in working the problem: Reproduced the problem in gdb, attempted to find the fault 2. Attach sosreport attached 3. Attach other supporting data 1.svg is attched 4. Provide issue repro information: $ gdb convert GNU gdb Red Hat Linux (6.5-37.el5_2.2rh) Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db library "/lib64/libthread_db.so.1". (gdb) break convert.c:118 Breakpoint 1 at 0x400c8a: file utilities/convert.c, line 118. (gdb) run 1.svg 2.png Starting program: /usr/bin/convert 1.svg 2.png [Thread debugging using libthread_db enabled] [New Thread 47210843027024 (LWP 18913)] [Switching to Thread 47210843027024 (LWP 18913)] Breakpoint 1, main (argc=3, argv=0x7fff898d9ea8) at utilities/convert.c:119 119 } (gdb) where #0 main (argc=3, argv=0x7fff898d9ea8) at utilities/convert.c:119 #1 0x00000033d2e1d8b4 in __libc_start_main (main=0x400b40 <main>, argc=3, ubp_av=0x7fff898d9ea8, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fff898d9e98) at libc-start.c:231 #2 0x0000000000400a89 in _start () (gdb) list 114 } 115 image_info=DestroyImageInfo(image_info); 116 (void) DestroyExceptionInfo(&exception); 117 DestroyMagick(); 118 return(status == MagickFalse ? 1 : 0); 119 } (gdb) next __libc_start_main (main=0x400b40 <main>, argc=3, ubp_av=0x7fff898d9ea8, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fff898d9e98) at libc-start.c:262 262 exit (result); (gdb) Program received signal SIGSEGV, Segmentation fault. 0x00000030cb83637c in 5. List any known hot-fix packages on the system N/A 6. List any customer applied changes from the last 30 days N/A SEG NOTES: atexit seems to be the culprit here. set a breakpoint on atexit and I get. Breakpoint 2, 0x0000003802a56870 in atexit () from /lib64/libglib-2.0.so.0 (gdb) bt #0 0x0000003802a56870 in atexit () from /lib64/libglib-2.0.so.0 #1 0x0000003802a53219 in IA__g_atexit (func=0x3416e3637c <free_stack_tables_to_free>) at gutils.c:269 #2 0x0000003416e36524 in _gnome_vfs_module_callback_private_init () at gnome-vfs-module-callback.c:464 #3 0x0000003416e29327 in gnome_vfs_thread_init () at gnome-vfs-init.c:89 #4 0x0000003416e2940d in gnome_vfs_init () at gnome-vfs-init.c:127 #5 0x00002abe07f7e761 in RegisterSVGImage () from /usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/svg.so #6 0x000000389e6c0597 in OpenModule () from /usr/lib64/libMagick.so.10 #7 0x000000389e6be7b1 in GetMagickInfo () from /usr/lib64/libMagick.so.10 #8 0x000000389e6b1c6e in SetImageInfo () from /usr/lib64/libMagick.so.10 #9 0x000000389e65a1ba in ReadImage () from /usr/lib64/libMagick.so.10 #10 0x000000389e228476 in ConvertImageCommand () from /usr/lib64/libWand.so.10 #11 0x0000000000400c5e in ?? () #12 0x00000037fca1d8b4 in __libc_start_main () from /lib64/libc.so.6 #13 0x0000000000400a89 in ?? () #14 0x00007fffa614c9c8 in ?? () #15 0x0000000000000000 in ?? () (gdb) There's a call to rsvg_init() in RegisterSVGImage that doesn't show up with x86_64 but does on i386. rsvg_init() calls gnome_vfs_init() so it actually dies inside gnome_vfs code. sigh..the bug described is a similar on to the one referred to in the ImageMagick forum. In this case we get... (gdb) cont Continuing. warning: Temporarily disabling breakpoints for unloaded shared library "/usr/lib64/librsvg-2.so.2" warning: Temporarily disabling breakpoints for unloaded shared library "/usr/lib64/libgnomevfs-2.so.0" Program received signal SIGSEGV, Segmentation fault. 0x0000003416e3637c in ?? () (gdb) bt #0 0x0000003416e3637c in ?? () #1 0x00000037fca32fa5 in exit () from /lib64/libc.so.6 #2 0x00000037fca1d8bb in __libc_start_main () from /lib64/libc.so.6 #3 0x0000000000400a89 in ?? () #4 0x00007fff50be6168 in ?? () #5 0x0000000000000000 in ?? () (gdb) since libgnomevfs-2.so.0 has been unloaded.. crash. ugh. there's a way around this that involves some special casing. ImageMagick calls librsvg which was originally meant for gnome. The way it is built for RHEL means that for some reason or other it calls gnome_vfs_init(). gnome_vfs_init makes a call to atexit which is the real source of the problem. The reason for the SEGFAULT is that the library has been unloaded and the function that was registered by the atexit call in gnome_vfs_init() is no longer resident. The svg module appears to be the only ImageMagick module that has a secondary dependency. The shared libs that were dynamically loaded can be kept resident by making a call to lt_dlmakeresident just after the call to ld_dlopen. This negates the purpose of having loadable modules but if it's special cased just for .svg it may be a little more palatable. This patch is a horrible hack but it does work. see attachment Customer reports that test packages works.
Created attachment 324069 [details] 1.svg
Created attachment 324070 [details] core file from failed test case
This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?".
setting flags for 5.5
Created attachment 378803 [details] Patch for gnome-vfs2 Actually the root cause of the problem is gnome-vfs2 using atexit() which breaks on exit after the DSO has been unloaded. The following patch fixes the issue in gnome-vfs2 by using __attribute__((destructor)) instead of atexit(). Tests show that the functions are still called on normal exit and also on unload of the DSO. ImageMagick works fine with that patch in gnome-vfs2.
I also experienced this bug in CentOS (i386). Applied the patch to gnome-vfs2 and so far have not had any more issues with convert and SVG.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: ImageMagick uses librsvg which initializes gnome libs, whose in turn install atexit handler. But since librsvg gets unloaded after use, program then crashes due to exit handler trying to access an unloaded code. Consequence: segfault occurs after succesful conversion during exit code Fix: __attribute__((destructor)) has been used instead of atexit() Result: ImageMagick tools no longer crash on exit
Hi, Could you please send me a hotfix (.rpm)? I need to send it to the customer ASAP. Regards, Thiago Sobral
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0441.html