RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 830801 - pnmtopclxl is aborted when converting pbm file
Summary: pnmtopclxl is aborted when converting pbm file
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: netpbm
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Jindrich Novy
QA Contact: BaseOS QE - Apps
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-06-11 12:52 UTC by Iveta Wiedermann
Modified: 2013-07-02 23:56 UTC (History)
1 user (show)

Fixed In Version: netpbm-10.58.01-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-15 14:03:56 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
File to convert (1.28 KB, image/x-portable-bitmap)
2012-06-11 12:52 UTC, Iveta Wiedermann 		no flags Details
View All

Description Iveta Wiedermann 2012-06-11 12:52:57 UTC 
Created attachment 590922 [details]
File to convert

Description of problem:
when running pnmtopclxl on test.pbm, it gets aborted

# pnmtopclxl <test.pbm
%-12345X@PJL ENTER LANGUAGE=PCLXL
) HP-PCL XL;1;1;Generated by Netpbm Pnmtopclxl
�,,�������������Hpnmtopclxl: Processing File 1, Page 1
��(��%C��j��Lk��d��b�d�l�d�k�dd�g���m��c��e�������������������������]����������n���������Z����������t�]]�����j�UW�����������ڪ>������	�J�j˷������
�ꪫUU��������
���mZ��������
�%$���U^������
�R��UV��������
ʤI$��կ�����
ԕ$�I�US������
�)UIVKZ�����
            ��RD�R�UV�����
                          ��H�$�J���������m��c��e�*** glibc detected *** pnmtopclxl: free(): invalid next size (normal): 0x0000000001ebb580 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3c2a87c80e]
pnmtopclxl[0x4023f9]
pnmtopclxl[0x4017de]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x3c2a821735]
pnmtopclxl[0x401a5d]
======= Memory map: ========
00400000-00403000 r-xp 00000000 fd:01 1472221                            /usr/bin/pnmtopclxl
00603000-00604000 rw-p 00003000 fd:01 1472221                            /usr/bin/pnmtopclxl
01eba000-01edc000 rw-p 00000000 00:00 0                                  [heap]
3c2a400000-3c2a420000 r-xp 00000000 fd:01 1443060                        /usr/lib64/ld-2.15.so
3c2a61f000-3c2a620000 r--p 0001f000 fd:01 1443060                        /usr/lib64/ld-2.15.so
3c2a620000-3c2a621000 rw-p 00020000 fd:01 1443060                        /usr/lib64/ld-2.15.so
3c2a621000-3c2a622000 rw-p 00000000 00:00 0 
3c2a800000-3c2a9ac000 r-xp 00000000 fd:01 1465706                        /usr/lib64/libc-2.15.so
3c2a9ac000-3c2abac000 ---p 001ac000 fd:01 1465706                        /usr/lib64/libc-2.15.so
3c2abac000-3c2abb0000 r--p 001ac000 fd:01 1465706                        /usr/lib64/libc-2.15.so
3c2abb0000-3c2abb2000 rw-p 001b0000 fd:01 1465706                        /usr/lib64/libc-2.15.so
3c2abb2000-3c2abb7000 rw-p 00000000 00:00 0 
3c2bc00000-3c2bcfa000 r-xp 00000000 fd:01 1465712                        /usr/lib64/libm-2.15.so
3c2bcfa000-3c2bef9000 ---p 000fa000 fd:01 1465712                        /usr/lib64/libm-2.15.so
3c2bef9000-3c2befa000 r--p 000f9000 fd:01 1465712                        /usr/lib64/libm-2.15.so
3c2befa000-3c2befb000 rw-p 000fa000 fd:01 1465712                        /usr/lib64/libm-2.15.so
3c2d800000-3c2d815000 r-xp 00000000 fd:01 1469192                        /usr/lib64/libgcc_s-4.7.0-20120507.so.1
3c2d815000-3c2da14000 ---p 00015000 fd:01 1469192                        /usr/lib64/libgcc_s-4.7.0-20120507.so.1
3c2da14000-3c2da15000 r--p 00014000 fd:01 1469192                        /usr/lib64/libgcc_s-4.7.0-20120507.so.1
3c2da15000-3c2da16000 rw-p 00015000 fd:01 1469192                        /usr/lib64/libgcc_s-4.7.0-20120507.so.1
7ffb97f82000-7ffb97f85000 rw-p 00000000 00:00 0 
7ffb97f85000-7ffb97fbb000 r-xp 00000000 fd:01 1471981                    /usr/lib64/libnetpbm.so.11.57
7ffb97fbb000-7ffb981bb000 ---p 00036000 fd:01 1471981                    /usr/lib64/libnetpbm.so.11.57
7ffb981bb000-7ffb981bf000 rw-p 00036000 fd:01 1471981                    /usr/lib64/libnetpbm.so.11.57
7ffb981ce000-7ffb981d1000 rw-p 00000000 00:00 0 
7fffc0075000-7fffc0096000 rw-p 00000000 00:00 0                          [stack]
7fffc0147000-7fffc0148000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)


Version-Release number of selected component (if applicable):
netpbm-progs-10.57.01-1.el7

How reproducible:
100%

Steps to Reproduce:
1. pnmtopclxl <test.pbm
2.
3.
  
Actual results:
Prints backtrace and is aborted

Expected results:
Converts file

Additional info:
Comment 2 Jindrich Novy 2012-06-13 14:50:32 UTC 
It is caused by a stupid thinko of pnmtopclxl author:

        rleP->fbuf = malloc(size);

        if (rleP->fbuf) {
            rleP->fbufsize = MAX(1024, size);
            retval = rleP;

what triggers memory corruption if size is lesser than 1024. Patch is applied in rawhide netpbm-10.58.01-3.
Comment 3 Jindrich Novy 2012-06-15 14:03:56 UTC 
netpbm-10.58.01 with fix for this issue has been imported to RHEL-7.
Note You need to log in before you can comment on or make changes to this bug.