Bug 830794 - segmentation fault in ppmtopict
segmentation fault in ppmtopict
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: netpbm (Show other bugs)
7.0
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Jindrich Novy
BaseOS QE - Apps
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-11 08:43 EDT by Iveta Wiedermann
Modified: 2013-07-02 19:56 EDT (History)
1 user (show)

See Also:
Fixed In Version: netpbm-10.58.01-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-15 10:04:47 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File to convert (29.31 KB, image/x-portable-pixmap)
2012-06-11 08:43 EDT, Iveta Wiedermann
no flags Details

  None (edit)
Description Iveta Wiedermann 2012-06-11 08:43:05 EDT
Created attachment 590919 [details]
File to convert

Description of problem:
ppmtopict crashes when running ppmtopict <test.ppm

# gdb ppmtopict
GNU gdb (GDB) Red Hat Enterprise Linux (7.4.50.20120120-46.el7)
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/ppmtopict...Reading symbols from /usr/lib/debug/usr/bin/ppmtopict.debug...done.
done.
(gdb) run <test.ppm 
Starting program: /usr/bin/ppmtopict <test.ppm
ppmtopict: computing colormap...
ppmtopict: 16 colors found
dd�
     ����dd
dd��dddHWW����������������������������66��CC��AA??��AA�wwrryy	wwqq��

Program received signal SIGSEGV, Segmentation fault.
putRow (packed=<optimized out>, rowpixels=<optimized out>, cols=<optimized out>, row=0, 
    ifP=<optimized out>) at ppmtopict.c:217
217	        if (PPM_EQUAL(lastp, *pP))
(gdb) backtrace
#0  putRow (packed=<optimized out>, rowpixels=<optimized out>, cols=<optimized out>, row=0, 
    ifP=<optimized out>) at ppmtopict.c:217
#1  main (argc=1, argv=<optimized out>) at ppmtopict.c:448
(gdb) 


Version-Release number of selected component (if applicable):
netpbm-progs-10.57.01-1.el7

How reproducible:
100%

Steps to Reproduce:
1. ppmtopict <test.ppm
2.
3.
  
Actual results:
Segmentation fault

Expected results:
Conversion pass, no segmentation fault

Additional info:
Comment 2 Jindrich Novy 2012-06-13 10:55:09 EDT
Fixed in rawhide, i.e. patch available.

This bug is caused by incorrect type for loop variable i. It is declared to be unsigned int but the loop termination condition is i >= 0 which is always true. Using this variable for walking through an array causes index underflow.
Comment 3 Jindrich Novy 2012-06-15 10:04:47 EDT
netpbm-10.58.01 with fix for this issue has been imported to RHEL-7.

Note You need to log in before you can comment on or make changes to this bug.