88710 – libpng png_set_iCCP() crash loading GTK icons

Bug 88710 - libpng png_set_iCCP() crash loading GTK icons

Summary: libpng png_set_iCCP() crash loading GTK icons

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	libpng
Sub Component:
Version:	9
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Matthias Clasen
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-04-12 05:33 UTC by Peter Zelezny
Modified:	2007-04-18 16:53 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-09-29 04:37:00 UTC
Embargoed:

Attachments	(Terms of Use)

Description Peter Zelezny 2003-04-12 05:33:52 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.9 (X11; Linux i686; U;) Gecko/20030314

Description of problem:
libpng-1.2.2-16 crashes when loading GTK icon theme png files.
A segfault doesn't occur unless running through ElectricFence.

GDB backtrace:

#0  0x404b914c in memcpy () from /lib/libc.so.6
#1  0x4564a857 in png_set_iCCP () from /usr/lib/libpng12.so.0
#2  0x4564d867 in png_handle_iCCP () from /usr/lib/libpng12.so.0
#3  0x456550a6 in png_read_info () from /usr/lib/libpng12.so.0
#4  0x411fcb7f in _init ()
   from /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-png.so
#5  0x40300b48 in _gdk_pixbuf_generic_image_load ()
   from /usr/lib/libgdk_pixbuf-2.0.so.0
#6  0x40300d7a in gdk_pixbuf_new_from_file ()
   from /usr/lib/libgdk_pixbuf-2.0.so.0
#7  0x400d0ce9 in gtk_icon_set_copy () from /usr/lib/libgtk-x11-2.0.so.0
#8  0x400d0f9b in gtk_icon_set_render_icon () from /usr/lib/libgtk-x11-2.0.so.0
#9  0x401de678 in gtk_widget_render_icon () from /usr/lib/libgtk-x11-2.0.so.0
#10 0x400d512e in gtk_image_get () from /usr/lib/libgtk-x11-2.0.so.0

Relavent parts of a strace:

open("/usr/share/icons/Bluecurve/24x24/stock/gtk-new.png", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=3212, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40cfa000
read(4, "\211PNG\r\n\32\n\0\0\0\rIHDR\0\0\0\30\0\0\0\30\10\6\0\0"..., 4096) = 3212
_llseek(4, 0, [0], SEEK_SET)            = 0
read(4, "\211PNG\r\n\32\n\0\0\0\rIHDR\0\0\0\30\0\0\0\30\10\6\0\0"..., 4096) = 3212
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++


Version-Release number of selected component (if applicable):
libpng-1.2.2-16

How reproducible:
Always

Steps to Reproduce:
1.export LD_PRELOAD=libefence.so.0.0
2.gdb /usr/bin/gnome-calculator
3.open the Help submenu
(works with practically any gtk2 app).


Actual Results:  Segfault.

Expected Results:  Not Segfault, and show the submenu normally.


Additional info:

gtk2-2.2.1-4
libpng-1.2.2-16
glibc-2.3.2-11.9

Comment 1 Matthias Clasen 2004-05-13 16:32:10 UTC

There must be something else wrong on your system. None of the theme
png files have iCCP chunks, so libpng is already confused when it goes
into handle_iCCP().

Comment 2 Matthias Clasen 2004-09-29 04:37:00 UTC

I can't reproduce this on current rawhide, therefore I'm assuming that
it must have been fixed by one of the recent libpng fixes. Please
reopen if you can still reproduce.

Note You need to log in before you can comment on or make changes to this bug.