Bug 905638 - mri_convert in freesurfer 5.2.0 beta segment fail in
Summary: mri_convert in freesurfer 5.2.0 beta segment fail in
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: 18
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Patsy Griffin
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-01-29 20:01 UTC by Knut J BJuland
Modified: 2016-11-24 15:45 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-10-17 18:00:05 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Knut J BJuland 2013-01-29 20:01:51 UTC
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:
install freesurfer 5.2 beta from
ftp://surfer.nmr.mgh.harvard.edu/pub/dist/freesurfer/5.2.0-BETA/

Steps to Reproduce:
1. Set up 
2. mri_convert  /usr/local/freesurfer/subjects/sample-001.mgz ernie/mri/001.mgz

3.
  
Actual results:

mri_convert[7494]: segfault at 0 ip 00000037e092fbda sp 00007fff0eefaaa8 error 4 in libc-2.16.so[37e0800000+1ad000]

Expected results:
should run and convert sammple-001.mgz to 001.mgz

Additional info:

Comment 1 Carlos O'Donell 2013-01-29 20:46:42 UTC
This doesn't show a conslusive problem in glibc. Passing invalid arguments to many glibc functions can result in a segfault, and they would be the fault of the application.

Could you please run valgrind on this program and see what it says?

Comment 2 Knut J BJuland 2013-01-30 04:05:04 UTC
==28741== Memcheck, a memory error detector
==28741== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==28741== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==28741== Command: /usr/local/freesurfer_centos6/bin/mri_convert
==28741== 
==28741== Warning: set address range perms: large range [0x400000, 0x26dc7000) (noaccess)
==28741== Warning: set address range perms: large range [0x10c8000, 0x26dc7000) (defined)
==28741== Invalid read of size 4
==28741==    at 0x7D0C68: ???
==28741==  Address 0x74 is not stack'd, malloc'd or (recently) free'd
==28741== 
==28741== 
==28741== Process terminating with default action of signal 11 (SIGSEGV)
==28741==  Access not within mapped region at address 0x74
==28741==    at 0x7D0C68: ???
==28741==  If you believe this happened as a result of a stack
==28741==  overflow in your program's main thread (unlikely but
==28741==  possible), you can try to increase the size of the
==28741==  main thread stack using the --main-stacksize= flag.
==28741==  The main thread stack size used in this run was 8388608.
==28741== 
==28741== HEAP SUMMARY:
==28741==     in use at exit: 0 bytes in 0 blocks
==28741==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==28741== 
==28741== All heap blocks were freed -- no leaks are possible
==28741== 
==28741== For counts of detected and suppressed errors, rerun with: -v
==28741== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
Segmentation fault

Comment 3 Knut J BJuland 2013-01-30 07:20:17 UTC
GNU gdb (GDB) Fedora (7.5.1-32.fc18)
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/freesurfer/bin/mri_convert...
warning: no loadable sections found in added symbol-file /usr/local/freesurfer/bin/mri_convert
(no debugging symbols found)...done.
(gdb) run /usr/local/freesurfer/subjects/sample-001.mgz /home/knutjbj/freesurfer/ernie/mri/001.mgz
Starting program: /usr/local/freesurfer/bin/mri_convert /usr/local/freesurfer/subjects/sample-001.mgz /home/knutjbj/freesurfer/ernie/mri/001.mgz
/usr/local/freesurfer/bin/mri_convert /usr/local/freesurfer/subjects/sample-001.mgz /home/knutjbj/freesurfer/ernie/mri/001.mgz 
$Id: mri_convert.c,v 1.179.2.7 2012/09/05 21:55:16 mreuter Exp $
reading from /usr/local/freesurfer/subjects/sample-001.mgz...

Program received signal SIGSEGV, Segmentation fault.
0x00000037e092fbda in ?? ()
(gdb) 

[knutjbj@super-knut ~]$ valgrind --leak-check=full -v  --read-var-info=yes mri_convert
==29197== Memcheck, a memory error detector
==29197== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==29197== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==29197== Command: mri_convert
==29197== 
--29197-- Valgrind options:
--29197--    --leak-check=full
--29197--    -v
--29197--    --read-var-info=yes
--29197-- Contents of /proc/version:
--29197--   Linux version 3.7.4-204.fc18.x86_64 (mockbuild.fedoraproject.org) (gcc version 4.7.2 20121109 (Red Hat 4.7.2-8) (GCC) ) #1 SMP Wed Jan 23 16:44:29 UTC 2013
--29197-- Arch and hwcaps: AMD64, amd64-sse3-cx16
--29197-- Page sizes: currently 4096, max supported 4096
--29197-- Valgrind library directory: /usr/lib64/valgrind
--29197-- Reading syms from /usr/lib64/valgrind/memcheck-amd64-linux
--29197--    object doesn't have a dynamic symbol table
--29197-- warning: addVar: unknown size (ips)
--29197-- warning: addVar: unknown size (buf)
--29197-- warning: addVar: unknown size (buf)
--29197-- warning: addVar: unknown size (buf)
--29197-- warning: addVar: unknown size (comps)
--29197-- warning: addVar: unknown size (comps)
--29197-- warning: addVar: unknown size (comps)
--29197-- warning: addVar: unknown size (comps)
--29197-- warning: addVar: unknown size (comps)
--29197-- warning: addVar: unknown size (comps)
--29197-- Scheduler: using generic scheduler lock implementation.
--29197-- Reading suppressions file: /usr/lib64/valgrind/default.supp
==29197== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-29197-by-knutjbj-on-super-knut
==29197== embedded gdbserver: writing to   /tmp/vgdb-pipe-to-vgdb-from-29197-by-knutjbj-on-super-knut
==29197== embedded gdbserver: shared mem   /tmp/vgdb-pipe-shared-mem-vgdb-29197-by-knutjbj-on-super-knut
==29197== 
==29197== TO CONTROL THIS PROCESS USING vgdb (which you probably
==29197== don't want to do, unless you know exactly what you're doing,
==29197== or are doing some strange experiment):
==29197==   /usr/lib64/valgrind/../../bin/vgdb --pid=29197 ...command...
==29197== 
==29197== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==29197==   /path/to/gdb mri_convert
==29197== and then give GDB the following command
==29197==   target remote | /usr/lib64/valgrind/../../bin/vgdb --pid=29197
==29197== --pid is optional if only one valgrind process is running
==29197== 
==29197== Warning: set address range perms: large range [0x400000, 0x26dc7000) (noaccess)
==29197== Warning: set address range perms: large range [0x10c8000, 0x26dc7000) (defined)
--29197-- Reading syms from /usr/lib64/ld-2.16.so
--29197--   Considering /usr/lib/debug/.build-id/c6/a5584d4a0fe34d3a93fee4a25715e77740d7ac.debug ..
--29197--   .. build-id is valid
--29197-- REDIR: 0x37e0017f90 (strlen) redirected to 0x3806db01 (vgPlain_amd64_linux_REDIR_FOR_strlen)
--29197-- Reading syms from /usr/lib64/valgrind/vgpreload_core-amd64-linux.so
--29197-- Reading syms from /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so
--29197-- REDIR: 0x37e0017e00 (index) redirected to 0x26fcfe40 (index)
--29197-- REDIR: 0x37e0017e80 (strcmp) redirected to 0x26fd0e50 (strcmp)
--29197-- Reading syms from /usr/lib64/libz.so.1.2.7
--29197--    object doesn't have a symbol table
--29197-- Reading syms from /usr/lib64/libcrypt-2.16.so
--29197--   Considering /usr/lib/debug/.build-id/40/1d6ba71d8ec74de001c1c8db627c3b65429a8a.debug ..
--29197--   .. build-id is valid
--29197-- Reading syms from /usr/lib64/libdl-2.16.so
--29197--   Considering /usr/lib/debug/.build-id/01/51493ff63734f4ebc1b955044172f1c7cd93b6.debug ..
--29197--   .. build-id is valid
--29197-- Reading syms from /usr/lib64/libpthread-2.16.so
--29197--   Considering /usr/lib/debug/.build-id/60/3674cde330c29071d75821f9b0cde68823d548.debug ..
--29197--   .. build-id is valid
--29197-- Reading syms from /usr/lib64/libstdc++.so.6.0.17
--29197--    object doesn't have a symbol table
--29197-- Reading syms from /usr/lib64/libm-2.16.so
--29197--   Considering /usr/lib/debug/.build-id/a7/c9196f90ed36e17340a835554a98125787bbbe.debug ..
--29197--   .. build-id is valid
--29197-- Reading syms from /usr/lib64/libgomp.so.1.0.0
--29197--    object doesn't have a symbol table
--29197-- Reading syms from /usr/lib64/libgcc_s-4.7.2-20121109.so.1
--29197--    object doesn't have a symbol table
--29197-- Reading syms from /usr/lib64/libc-2.16.so
--29197--   Considering /usr/lib/debug/.build-id/b7/b62d4d01e98c8b31d95895cbede393b8b0c6e8.debug ..
--29197--   .. build-id is valid
--29197-- Reading syms from /usr/lib64/libfreebl3.so
--29197--   Considering /usr/lib/debug/.build-id/91/c9c77b5f38e04496150ca131cbfd421f07f065.debug ..
--29197--   .. build-id is valid
--29197--   Considering /usr/lib/debug/.build-id/d6/3850fc0440bdc35bf7b45efe4833cad97a813e.debug ..
--29197--   .. build-id is valid
--29197-- Reading syms from /usr/lib64/librt-2.16.so
--29197--   Considering /usr/lib/debug/.build-id/df/a359d66944cb5dd2d09f3d2a4bab034df328ca.debug ..
--29197--   .. build-id is valid
--29197-- REDIR: 0x37e0889e60 (strcasecmp) redirected to 0x26dc870e (_vgnU_ifunc_wrapper)
--29197-- REDIR: 0x37e08861c0 (strnlen) redirected to 0x26dc870e (_vgnU_ifunc_wrapper)
--29197-- REDIR: 0x37e088c130 (strncasecmp) redirected to 0x26dc870e (_vgnU_ifunc_wrapper)
--29197-- REDIR: 0x37e0887bb0 (__GI_strrchr) redirected to 0x26fcfc60 (__GI_strrchr)
--29197-- REDIR: 0x37e08860e0 (__GI_strlen) redirected to 0x26fd01c0 (__GI_strlen)
--29197-- REDIR: 0x37e0888c40 (memset) redirected to 0x26dc870e (_vgnU_ifunc_wrapper)
--29197-- REDIR: 0x37e0888c80 (__GI_memset) redirected to 0x26fd2280 (memset)
==29197== Invalid read of size 4
==29197==    at 0x7D0C68: ???
==29197==  Address 0x74 is not stack'd, malloc'd or (recently) free'd
==29197== 
==29197== 
==29197== Process terminating with default action of signal 11 (SIGSEGV)
==29197==  Access not within mapped region at address 0x74
==29197==    at 0x7D0C68: ???
==29197==  If you believe this happened as a result of a stack
==29197==  overflow in your program's main thread (unlikely but
==29197==  possible), you can try to increase the size of the
==29197==  main thread stack using the --main-stacksize= flag.
==29197==  The main thread stack size used in this run was 8388608.
--29197-- REDIR: 0x37e087f8d0 (free) redirected to 0x26fce71f (free)
==29197== 
==29197== HEAP SUMMARY:
==29197==     in use at exit: 0 bytes in 0 blocks
==29197==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==29197== 
==29197== All heap blocks were freed -- no leaks are possible
==29197== 
==29197== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
==29197== 
==29197== 1 errors in context 1 of 1:
==29197== Invalid read of size 4
==29197==    at 0x7D0C68: ???
==29197==  Address 0x74 is not stack'd, malloc'd or (recently) free'd
==29197== 
--29197-- 
--29197-- used_suppression:      2 glibc-2.5.x-on-SUSE-10.2-(PPC)-2a
==29197== 
==29197== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
Segmentation fault
[knutjbj@super-knut ~]$ valgrind --leak-check=full -v  --read-var-info=yes mri_convert /usr/local/freesurfer/subjects/sample-001.mgz freesurfer/ernie/mri/001.mgz
==31214== Memcheck, a memory error detector
==31214== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==31214== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==31214== Command: mri_convert /usr/local/freesurfer/subjects/sample-001.mgz freesurfer/ernie/mri/001.mgz
==31214== 
--31214-- Valgrind options:
--31214--    --leak-check=full
--31214--    -v
--31214--    --read-var-info=yes
--31214-- Contents of /proc/version:
--31214--   Linux version 3.7.4-204.fc18.x86_64 (mockbuild.fedoraproject.org) (gcc version 4.7.2 20121109 (Red Hat 4.7.2-8) (GCC) ) #1 SMP Wed Jan 23 16:44:29 UTC 2013
--31214-- Arch and hwcaps: AMD64, amd64-sse3-cx16
--31214-- Page sizes: currently 4096, max supported 4096
--31214-- Valgrind library directory: /usr/lib64/valgrind
--31214-- Reading syms from /usr/lib64/valgrind/memcheck-amd64-linux
--31214--    object doesn't have a dynamic symbol table
--31214-- warning: addVar: unknown size (ips)
--31214-- warning: addVar: unknown size (buf)
--31214-- warning: addVar: unknown size (buf)
--31214-- warning: addVar: unknown size (buf)
--31214-- warning: addVar: unknown size (comps)
--31214-- warning: addVar: unknown size (comps)
--31214-- warning: addVar: unknown size (comps)
--31214-- warning: addVar: unknown size (comps)
--31214-- warning: addVar: unknown size (comps)
--31214-- warning: addVar: unknown size (comps)
--31214-- Scheduler: using generic scheduler lock implementation.
--31214-- Reading suppressions file: /usr/lib64/valgrind/default.supp
==31214== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-31214-by-knutjbj-on-super-knut
==31214== embedded gdbserver: writing to   /tmp/vgdb-pipe-to-vgdb-from-31214-by-knutjbj-on-super-knut
==31214== embedded gdbserver: shared mem   /tmp/vgdb-pipe-shared-mem-vgdb-31214-by-knutjbj-on-super-knut
==31214== 
==31214== TO CONTROL THIS PROCESS USING vgdb (which you probably
==31214== don't want to do, unless you know exactly what you're doing,
==31214== or are doing some strange experiment):
==31214==   /usr/lib64/valgrind/../../bin/vgdb --pid=31214 ...command...
==31214== 
==31214== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==31214==   /path/to/gdb mri_convert
==31214== and then give GDB the following command
==31214==   target remote | /usr/lib64/valgrind/../../bin/vgdb --pid=31214
==31214== --pid is optional if only one valgrind process is running
==31214== 
==31214== Warning: set address range perms: large range [0x400000, 0x26dc7000) (noaccess)
==31214== Warning: set address range perms: large range [0x10c8000, 0x26dc7000) (defined)
--31214-- Reading syms from /usr/lib64/ld-2.16.so
--31214--   Considering /usr/lib/debug/.build-id/c6/a5584d4a0fe34d3a93fee4a25715e77740d7ac.debug ..
--31214--   .. build-id is valid
--31214-- REDIR: 0x37e0017f90 (strlen) redirected to 0x3806db01 (vgPlain_amd64_linux_REDIR_FOR_strlen)
--31214-- Reading syms from /usr/lib64/valgrind/vgpreload_core-amd64-linux.so
--31214-- Reading syms from /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so
--31214-- REDIR: 0x37e0017e00 (index) redirected to 0x26fcfe40 (index)
--31214-- REDIR: 0x37e0017e80 (strcmp) redirected to 0x26fd0e50 (strcmp)
--31214-- Reading syms from /usr/lib64/libz.so.1.2.7
--31214--    object doesn't have a symbol table
--31214-- Reading syms from /usr/lib64/libcrypt-2.16.so
--31214--   Considering /usr/lib/debug/.build-id/40/1d6ba71d8ec74de001c1c8db627c3b65429a8a.debug ..
--31214--   .. build-id is valid
--31214-- Reading syms from /usr/lib64/libdl-2.16.so
--31214--   Considering /usr/lib/debug/.build-id/01/51493ff63734f4ebc1b955044172f1c7cd93b6.debug ..
--31214--   .. build-id is valid
--31214-- Reading syms from /usr/lib64/libpthread-2.16.so
--31214--   Considering /usr/lib/debug/.build-id/60/3674cde330c29071d75821f9b0cde68823d548.debug ..
--31214--   .. build-id is valid
--31214-- Reading syms from /usr/lib64/libstdc++.so.6.0.17
--31214--    object doesn't have a symbol table
--31214-- Reading syms from /usr/lib64/libm-2.16.so
--31214--   Considering /usr/lib/debug/.build-id/a7/c9196f90ed36e17340a835554a98125787bbbe.debug ..
--31214--   .. build-id is valid
--31214-- Reading syms from /usr/lib64/libgomp.so.1.0.0
--31214--    object doesn't have a symbol table
--31214-- Reading syms from /usr/lib64/libgcc_s-4.7.2-20121109.so.1
--31214--    object doesn't have a symbol table
--31214-- Reading syms from /usr/lib64/libc-2.16.so
--31214--   Considering /usr/lib/debug/.build-id/b7/b62d4d01e98c8b31d95895cbede393b8b0c6e8.debug ..
--31214--   .. build-id is valid
--31214-- Reading syms from /usr/lib64/libfreebl3.so
--31214--   Considering /usr/lib/debug/.build-id/91/c9c77b5f38e04496150ca131cbfd421f07f065.debug ..
--31214--   .. build-id is valid
--31214--   Considering /usr/lib/debug/.build-id/d6/3850fc0440bdc35bf7b45efe4833cad97a813e.debug ..
--31214--   .. build-id is valid
--31214-- Reading syms from /usr/lib64/librt-2.16.so
--31214--   Considering /usr/lib/debug/.build-id/df/a359d66944cb5dd2d09f3d2a4bab034df328ca.debug ..
--31214--   .. build-id is valid
--31214-- REDIR: 0x37e0889e60 (strcasecmp) redirected to 0x26dc870e (_vgnU_ifunc_wrapper)
--31214-- REDIR: 0x37e08861c0 (strnlen) redirected to 0x26dc870e (_vgnU_ifunc_wrapper)
--31214-- REDIR: 0x37e088c130 (strncasecmp) redirected to 0x26dc870e (_vgnU_ifunc_wrapper)
--31214-- REDIR: 0x37e0887bb0 (__GI_strrchr) redirected to 0x26fcfc60 (__GI_strrchr)
--31214-- REDIR: 0x37e08860e0 (__GI_strlen) redirected to 0x26fd01c0 (__GI_strlen)
--31214-- REDIR: 0x37e0888c40 (memset) redirected to 0x26dc870e (_vgnU_ifunc_wrapper)
--31214-- REDIR: 0x37e0888c80 (__GI_memset) redirected to 0x26fd2280 (memset)
==31214== Invalid read of size 4
==31214==    at 0x7D0C68: ???
==31214==    by 0x2: ???
==31214==    by 0x7FEFFF91A: ???
==31214==    by 0x7FEFFF926: ???
==31214==    by 0x7FEFFF954: ???
==31214==  Address 0x74 is not stack'd, malloc'd or (recently) free'd
==31214== 
==31214== 
==31214== Process terminating with default action of signal 11 (SIGSEGV)
==31214==  Access not within mapped region at address 0x74
==31214==    at 0x7D0C68: ???
==31214==    by 0x2: ???
==31214==    by 0x7FEFFF91A: ???
==31214==    by 0x7FEFFF926: ???
==31214==    by 0x7FEFFF954: ???
==31214==  If you believe this happened as a result of a stack
==31214==  overflow in your program's main thread (unlikely but
==31214==  possible), you can try to increase the size of the
==31214==  main thread stack using the --main-stacksize= flag.
==31214==  The main thread stack size used in this run was 8388608.
--31214-- REDIR: 0x37e087f8d0 (free) redirected to 0x26fce71f (free)
==31214== 
==31214== HEAP SUMMARY:
==31214==     in use at exit: 0 bytes in 0 blocks
==31214==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==31214== 
==31214== All heap blocks were freed -- no leaks are possible
==31214== 
==31214== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
==31214== 
==31214== 1 errors in context 1 of 1:
==31214== Invalid read of size 4
==31214==    at 0x7D0C68: ???
==31214==    by 0x2: ???
==31214==    by 0x7FEFFF91A: ???
==31214==    by 0x7FEFFF926: ???
==31214==    by 0x7FEFFF954: ???
==31214==  Address 0x74 is not stack'd, malloc'd or (recently) free'd
==31214== 
--31214-- 
--31214-- used_suppression:      2 glibc-2.5.x-on-SUSE-10.2-(PPC)-2a
==31214== 
==31214== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
Segmentation fault

Comment 4 Carlos O'Donell 2013-01-30 14:28:07 UTC
I see that FreeSurfer is a 4.0GB download.

Is this a binary package?

Which binary package are you using?

(1) Can you get a build of mri_convert with debug symbols and try valgrind/gdb again?

My guess is that "Invalid read of size 4" which is "at 0x7D0C68: ???" is within the text segment of the program and is therefore an invalid read by the program.

(2) Can you get a memory map of the program just before the crash?

Comment 5 Knut J BJuland 2013-01-30 16:05:13 UTC
I used the binary package since I have been unable to compile the program myself. I have used the this package ftp://surfer.nmr.mgh.harvard.edu/pub/dist/freesurfer/5.2.0-BETA/freesurfer-Linux-centos6_x86_64-stable-pub-v5.2.0.tar.gz . You can get the source http://surfer.nmr.mgh.harvard.edu/fswiki/ReadOnlyCVS. Could you please write which option I should use with valgrind.

Comment 6 Knut J BJuland 2013-01-30 20:21:14 UTC
MRI_convert with debug information. It seem to run better.

[knutjbj@super-knut freesurfer]$ valgrind -v --leak-check=full ./mri_convert  /usr/local/freesurfer/subjects/sample-001.mgz ernie/mri/001.mgz  >error.log
==30054== Memcheck, a memory error detector
==30054== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==30054== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==30054== Command: ./mri_convert /usr/local/freesurfer/subjects/sample-001.mgz ernie/mri/001.mgz
==30054== 
--30054-- Valgrind options:
--30054--    -v
--30054--    --leak-check=full
--30054-- Contents of /proc/version:
--30054--   Linux version 3.7.4-204.fc18.x86_64 (mockbuild.fedoraproject.org) (gcc version 4.7.2 20121109 (Red Hat 4.7.2-8) (GCC) ) #1 SMP Wed Jan 23 16:44:29 UTC 2013
--30054-- Arch and hwcaps: AMD64, amd64-sse3-cx16
--30054-- Page sizes: currently 4096, max supported 4096
--30054-- Valgrind library directory: /usr/lib64/valgrind
--30054-- Reading syms from /home/knutjbj/freesurfer/mri_convert
--30054-- Reading syms from /usr/lib64/valgrind/memcheck-amd64-linux
--30054--    object doesn't have a dynamic symbol table
--30054-- Reading syms from /usr/lib64/ld-2.16.so
--30054--   Considering /usr/lib/debug/.build-id/c6/a5584d4a0fe34d3a93fee4a25715e77740d7ac.debug ..
--30054--   .. build-id is valid
--30054-- Scheduler: using generic scheduler lock implementation.
==30054== Warning: set address range perms: large range [0x10ed000, 0x26deb000) (defined)
--30054-- Reading suppressions file: /usr/lib64/valgrind/default.supp
==30054== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-30054-by-knutjbj-on-super-knut
==30054== embedded gdbserver: writing to   /tmp/vgdb-pipe-to-vgdb-from-30054-by-knutjbj-on-super-knut
==30054== embedded gdbserver: shared mem   /tmp/vgdb-pipe-shared-mem-vgdb-30054-by-knutjbj-on-super-knut
==30054== 
==30054== TO CONTROL THIS PROCESS USING vgdb (which you probably
==30054== don't want to do, unless you know exactly what you're doing,
==30054== or are doing some strange experiment):
==30054==   /usr/lib64/valgrind/../../bin/vgdb --pid=30054 ...command...
==30054== 
==30054== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==30054==   /path/to/gdb ./mri_convert
==30054== and then give GDB the following command
==30054==   target remote | /usr/lib64/valgrind/../../bin/vgdb --pid=30054
==30054== --pid is optional if only one valgrind process is running
==30054== 
--30054-- REDIR: 0x37e0017f90 (strlen) redirected to 0x3806db01 (vgPlain_amd64_linux_REDIR_FOR_strlen)
--30054-- Reading syms from /usr/lib64/valgrind/vgpreload_core-amd64-linux.so
--30054-- Reading syms from /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so
--30054-- REDIR: 0x37e0017e00 (index) redirected to 0x277f3e40 (index)
--30054-- REDIR: 0x37e0017e80 (strcmp) redirected to 0x277f4e50 (strcmp)
--30054-- Reading syms from /usr/lib64/libz.so.1.2.7
--30054--    object doesn't have a symbol table
--30054-- Reading syms from /usr/lib64/libcrypt-2.16.so
--30054--   Considering /usr/lib/debug/.build-id/40/1d6ba71d8ec74de001c1c8db627c3b65429a8a.debug ..
--30054--   .. build-id is valid
--30054-- Reading syms from /usr/lib64/libdl-2.16.so
--30054--   Considering /usr/lib/debug/.build-id/01/51493ff63734f4ebc1b955044172f1c7cd93b6.debug ..
--30054--   .. build-id is valid
--30054-- Reading syms from /usr/lib64/libpthread-2.16.so
--30054--   Considering /usr/lib/debug/.build-id/60/3674cde330c29071d75821f9b0cde68823d548.debug ..
--30054--   .. build-id is valid
--30054-- Reading syms from /usr/lib64/libstdc++.so.6.0.17
--30054--    object doesn't have a symbol table
--30054-- Reading syms from /usr/lib64/libm-2.16.so
--30054--   Considering /usr/lib/debug/.build-id/a7/c9196f90ed36e17340a835554a98125787bbbe.debug ..
--30054--   .. build-id is valid
--30054-- Reading syms from /usr/lib64/libgomp.so.1.0.0
--30054--    object doesn't have a symbol table
--30054-- Reading syms from /usr/lib64/libgcc_s-4.7.2-20121109.so.1
--30054--    object doesn't have a symbol table
--30054-- Reading syms from /usr/lib64/libc-2.16.so
--30054--   Considering /usr/lib/debug/.build-id/b7/b62d4d01e98c8b31d95895cbede393b8b0c6e8.debug ..
--30054--   .. build-id is valid
--30054-- Reading syms from /usr/lib64/libfreebl3.so
--30054--   Considering /usr/lib/debug/.build-id/91/c9c77b5f38e04496150ca131cbfd421f07f065.debug ..
--30054--   .. build-id is valid
--30054--   Considering /usr/lib/debug/.build-id/d6/3850fc0440bdc35bf7b45efe4833cad97a813e.debug ..
--30054--   .. build-id is valid
--30054-- Reading syms from /usr/lib64/librt-2.16.so
--30054--   Considering /usr/lib/debug/.build-id/df/a359d66944cb5dd2d09f3d2a4bab034df328ca.debug ..
--30054--   .. build-id is valid
--30054-- REDIR: 0x37e0889e60 (strcasecmp) redirected to 0x275ec70e (_vgnU_ifunc_wrapper)
--30054-- REDIR: 0x37e08861c0 (strnlen) redirected to 0x275ec70e (_vgnU_ifunc_wrapper)
--30054-- REDIR: 0x37e088c130 (strncasecmp) redirected to 0x275ec70e (_vgnU_ifunc_wrapper)
--30054-- REDIR: 0x37e0887bb0 (__GI_strrchr) redirected to 0x277f3c60 (__GI_strrchr)
--30054-- REDIR: 0x37e08860e0 (__GI_strlen) redirected to 0x277f41c0 (__GI_strlen)
--30054-- REDIR: 0x37e0888c40 (memset) redirected to 0x275ec70e (_vgnU_ifunc_wrapper)
--30054-- REDIR: 0x37e0888c80 (__GI_memset) redirected to 0x277f6280 (memset)
--30054-- REDIR: 0x37e08845a0 (strcmp) redirected to 0x275ec70e (_vgnU_ifunc_wrapper)
--30054-- REDIR: 0x37e092fbc0 (__strcmp_sse42) redirected to 0x277f4db0 (strcmp)
--30054-- REDIR: 0x37e087ffa0 (calloc) redirected to 0x277f1a99 (calloc)
--30054-- REDIR: 0x37e0886090 (strlen) redirected to 0x275ec70e (_vgnU_ifunc_wrapper)
--30054-- REDIR: 0x37e0960680 (__strlen_sse2_pminub) redirected to 0x277f41a0 (strlen)
--30054-- REDIR: 0x37e245f580 (operator new(unsigned long)) redirected to 0x277f329f (operator new(unsigned long))
--30054-- REDIR: 0x37e088e810 (memcpy@@GLIBC_2.14) redirected to 0x275ec70e (_vgnU_ifunc_wrapper)
--30054-- REDIR: 0x37e0945a40 (__memcpy_ssse3_back) redirected to 0x277f5180 (memcpy@@GLIBC_2.14)
--30054-- REDIR: 0x37e08862e0 (__GI_strncmp) redirected to 0x277f4690 (__GI_strncmp)
--30054-- REDIR: 0x37e245d890 (operator delete(void*)) redirected to 0x277f2305 (operator delete(void*))
--30054-- REDIR: 0x37e087f3e0 (malloc) redirected to 0x277f37ba (malloc)
--30054-- REDIR: 0x37e087f8d0 (free) redirected to 0x277f271f (free)
--30054-- REDIR: 0x37e088ff00 (strchrnul) redirected to 0x277f67d0 (strchrnul)
--30054-- REDIR: 0x37e0888600 (bcmp) redirected to 0x275ec70e (_vgnU_ifunc_wrapper)
--30054-- REDIR: 0x37e095afb0 (__memcmp_sse4_1) redirected to 0x277f5ea0 (bcmp)
--30054-- REDIR: 0xffffffffff600400 (???) redirected to 0x3806daed (vgPlain_amd64_linux_REDIR_FOR_vtime)
--30054-- REDIR: 0x37e08845e0 (__GI_strcmp) redirected to 0x277f4e00 (__GI_strcmp)
--30054-- REDIR: 0x37e0884520 (__GI_strchr) redirected to 0x277f3d40 (__GI_strchr)
--30054-- REDIR: 0x37e0889d00 (__GI_stpcpy) redirected to 0x277f6010 (__GI_stpcpy)
--30054-- REDIR: 0x37e0885a30 (strcpy) redirected to 0x275ec70e (_vgnU_ifunc_wrapper)
--30054-- REDIR: 0x37e0893f40 (__strcpy_sse2_unaligned) redirected to 0x277f41e0 (strcpy)
--30054-- REDIR: 0x37e0887b30 (strncpy) redirected to 0x275ec70e (_vgnU_ifunc_wrapper)
--30054-- REDIR: 0x37e0894570 (__strncpy_sse2_unaligned) redirected to 0x277f4380 (strncpy)
--30054-- REDIR: 0x37e08842e0 (strcat) redirected to 0x275ec70e (_vgnU_ifunc_wrapper)
--30054-- REDIR: 0x37e0896d60 (__strcat_sse2_unaligned) redirected to 0x277f3e80 (strcat)
--30054-- REDIR: 0x37e0885a70 (__GI_strcpy) redirected to 0x277f42b0 (__GI_strcpy)
--30054-- REDIR: 0x37e08882b0 (memchr) redirected to 0x277f4ef0 (memchr)
--30054-- REDIR: 0x37e0933d00 (__strncasecmp_sse42) redirected to 0x277f47e0 (strncasecmp)
--30054-- Reading syms from /usr/lib64/libnss_files-2.16.so
--30054--   Considering /usr/lib/debug/.build-id/52/50faf4f4c8d50c6a3b488c1b34b6a0e332d0bd.debug ..
--30054--   .. build-id is valid
--30054-- REDIR: 0x37e0887b70 (rindex) redirected to 0x275ec70e (_vgnU_ifunc_wrapper)
--30054-- REDIR: 0x37e0931950 (__strrchr_sse42) redirected to 0x277f3c30 (rindex)
--30054-- REDIR: 0x37e089d830 (strstr) redirected to 0x275ec70e (_vgnU_ifunc_wrapper)
--30054-- REDIR: 0x37e0931af0 (__strstr_sse42) redirected to 0x277f6bd0 (strstr)
--30054-- REDIR: 0x37e08844e0 (index) redirected to 0x275ec70e (_vgnU_ifunc_wrapper)
--30054-- REDIR: 0x37e092fb10 (__strchr_sse42) redirected to 0x277f3d00 (index)
--30054-- REDIR: 0x37e0881950 (posix_memalign) redirected to 0x277f191d (posix_memalign)
--30054-- REDIR: 0x37e245f690 (operator new[](unsigned long)) redirected to 0x277f2c22 (operator new[](unsigned long))
--30054-- REDIR: 0x37e245d8c0 (operator delete[](void*)) redirected to 0x277f1e55 (operator delete[](void*))
--30054-- Discarding syms at 0x2e2411e0-0x2e24867c in /usr/lib64/libnss_files-2.16.so due to munmap()
==30054== 
==30054== HEAP SUMMARY:
==30054==     in use at exit: 17,071,868 bytes in 269 blocks
==30054==   total heap usage: 14,173 allocs, 13,904 frees, 18,216,677 bytes allocated
==30054== 
==30054== Searching for pointers to 269 not-freed blocks
==30054== Checked 652,640,232 bytes
==30054== 
==30054== 72 bytes in 1 blocks are possibly lost in loss record 4 of 15
==30054==    at 0x277F1B2F: calloc (vg_replace_malloc.c:593)
==30054==    by 0x49E60C: MatrixAlloc (matrix.c:270)
==30054==    by 0x4A6027: MatrixInverse (matrix.c:131)
==30054==    by 0x4B9F28: extract_r_to_i (mri.c:291)
==30054==    by 0x51BEFF: mri_read (mriio.c:873)
==30054==    by 0x522F3D: MRIread (mriio.c:1078)
==30054==    by 0x418129: main (mri_convert.c:1805)
==30054== 
==30054== 4,512 bytes in 1 blocks are possibly lost in loss record 10 of 15
==30054==    at 0x277F1B2F: calloc (vg_replace_malloc.c:593)
==30054==    by 0x4B5110: MRIallocIndices (mri.c:6042)
==30054==    by 0x4BF86A: MRIallocSequence (mri.c:6192)
==30054==    by 0x5195D1: mghRead.clone.0 (mriio.c:12614)
==30054==    by 0x51C9DF: mri_read (mriio.c:781)
==30054==    by 0x522F3D: MRIread (mriio.c:1078)
==30054==    by 0x418129: main (mri_convert.c:1805)
==30054== 
==30054== 5,024 bytes in 1 blocks are possibly lost in loss record 11 of 15
==30054==    at 0x277F1B2F: calloc (vg_replace_malloc.c:593)
==30054==    by 0x4B50C8: MRIallocIndices (mri.c:6032)
==30054==    by 0x4BF86A: MRIallocSequence (mri.c:6192)
==30054==    by 0x5195D1: mghRead.clone.0 (mriio.c:12614)
==30054==    by 0x51C9DF: mri_read (mriio.c:781)
==30054==    by 0x522F3D: MRIread (mriio.c:1078)
==30054==    by 0x418129: main (mri_convert.c:1805)
==30054== 
==30054== 5,024 bytes in 1 blocks are possibly lost in loss record 12 of 15
==30054==    at 0x277F1B2F: calloc (vg_replace_malloc.c:593)
==30054==    by 0x4B50EC: MRIallocIndices (mri.c:6037)
==30054==    by 0x4BF86A: MRIallocSequence (mri.c:6192)
==30054==    by 0x5195D1: mghRead.clone.0 (mriio.c:12614)
==30054==    by 0x51C9DF: mri_read (mriio.c:781)
==30054==    by 0x522F3D: MRIread (mriio.c:1078)
==30054==    by 0x418129: main (mri_convert.c:1805)
==30054== 
==30054== LEAK SUMMARY:
==30054==    definitely lost: 0 bytes in 0 blocks
==30054==    indirectly lost: 0 bytes in 0 blocks
==30054==      possibly lost: 14,632 bytes in 4 blocks
==30054==    still reachable: 17,057,236 bytes in 265 blocks
==30054==         suppressed: 0 bytes in 0 blocks
==30054== Reachable blocks (those to which a pointer was found) are not shown.
==30054== To see them, rerun with: --leak-check=full --show-reachable=yes
==30054== 
==30054== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 2 from 2)
--30054-- 
--30054-- used_suppression:      2 glibc-2.5.x-on-SUSE-10.2-(PPC)-2a
==30054== 
==30054== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 2 from 2)

Comment 7 Carlos O'Donell 2013-01-30 22:45:36 UTC
Knut,

Can you confirm that your rebuilt MRI_convert on your FC18 system with debug information now runs correctly (aside from the leaks detected by valgrind)?

What does `ldd MRI_convert` print? I'd like to get a feel for how many dependencies that executable has on system libraries.

Thanks.

Comment 8 Knut J BJuland 2013-01-31 06:25:57 UTC
I did not rebuild it but got a debug version from freesurfer homepage.
http://www.mail-archive.com/freesurfer@nmr.mgh.harvard.edu/msg26374.html
The normal freesurfer build are statical linked.

ldd ./mri_convert 
	linux-vdso.so.1 =>  (0x00007fff9cbff000)
	libz.so.1 => /lib64/libz.so.1 (0x00000037e1800000)
	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00000037f7200000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00000037e1000000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00000037e1400000)
	libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00000037e2400000)
	libm.so.6 => /lib64/libm.so.6 (0x00000037e0c00000)
	libgomp.so.1 => /lib64/libgomp.so.1 (0x0000003809400000)
	libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00000037e2000000)
	libc.so.6 => /lib64/libc.so.6 (0x00000037e0800000)
	libfreebl3.so => /lib64/libfreebl3.so (0x00000037f7a00000)
	/lib64/ld-linux-x86-64.so.2 (0x00000037e0000000)
	librt.so.1 => /lib64/librt.so.1 (0x00000037e1c00000)

Comment 9 Knut J BJuland 2013-01-31 14:21:23 UTC
It worked as dynamic linked program but not as statical linked program. The program were compiled on Centos 6.0 pc.

Comment 15 Eric Smith 2013-02-18 17:12:23 UTC
Jeff Law assigned it to me as owner of the Free42 component, but this has nothing whatsoever to do with Free42, so I'd recommend figuring out the correct component/person to whom to assign it. If it remains assigned to Free42, I'll just close it as NOTABUG/WONTFIX.

Comment 16 Jeff Law 2013-02-18 17:15:05 UTC
Eric, sorry about that, it was totally unintentional...  The component should have stayed as glibc.

Comment 20 David J. Herzfeld 2013-02-21 15:23:12 UTC
I can confirm this bug on Fedora 3.7.6-201.fc18.x86_64 (glibc 2.16-28.fc18). I see segmentation faults for the majority of the simple (testing) examples as well:
http://surfer.nmr.mgh.harvard.edu/fswiki/TestingFreeSurfer


I get a segmentation fault on
tkmedit bert orig.mgz
with a .xdebug_tkmedit that shows

tkmedit started: Thu Feb 21 10:15:09 2013

	/home/herzfeldd/Downloads/freesurfer/tktools/tkmedit.bin bert orig.mgz 

$Id: tkmedit.c,v 1.343 2011/03/01 01:41:22 nicks Exp $ $Name: stable5 $
Set user home dir to /home/herzfeldd/Downloads/freesurfer
Set subject home dir to /home/herzfeldd/Downloads/freesurfer/subjects/bert

Segfault
Importing volume with MRIread
xDebug stack (length: 5)
          04: Volm_ImportData( this=0x2804c590, isSource=/home/herzfeldd/Downloa
ds/freesurfer/subjects/bert/mri/orig.mgz )
          04: Importing volume with MRIread
        03: LoadVolume( iType=0, isName=orig.mgz, ibConform = 0 )
        03: Reading data into volume
      02: ParseCmdLineArgs( argc=3, argv=/home/herzfeldd/Downloads/freesurfer/tk
tools/tkmedit.bin )
      02: Loading volume orig.mgz
    01: main()
    01: Parsing command line arguments
  00: 
  00: 

tkmedit is statically linked, just as the standard distribution of mri_convert was above.
recon-all -s bert -all
also ends with a segmentation fault when reading reading the source image (as does mri_convert as the OP shows).

I can provide additional information if desired.

Comment 22 Knut J BJuland 2013-02-26 16:13:33 UTC
It is still present with latest beta.

Comment 23 Patsy Griffin 2013-02-27 20:55:30 UTC
The current crash is caused by passing an invalid NULL pointer to
the C library string functions.

The invalid NULL pointer is the result of a call to the crypt function
which has been passed an invalid salt value. The caller should have
checked the return for NULL and noticed the error instead of crashing.

The C library previously allowed out-of-spec salt values to be used,
but with recent changes the interface has become stricter about checking
that salt values are valid.

There are two workarounds:

Use Fedora 17 with this application to avoid the strict salt checking.

Preload a shared library that provides custom crypt and crypt_r
routines that support out-of-spec salt values.

We are tracking down the caller of crypt to determine if it is
an error in our core libraries or a problem with the application.
If it's an error in our distribution provided libraries we will
be working to fix the issue.

We will provide another update once we have tracked
this further.

Comment 27 Patsy Griffin 2013-03-19 23:50:52 UTC
The most immediate solution is for the application to be
changed to use a compliant crypt salt value.

After further investigation, we found that the application is passing unsupported,
nonstandard salt to crypt().  This will result in crypt() returning NULL and
setting errno to EINVAL.   It does not appear that the application is
checking for a NULL return value from crypt.   It also appears that the
application is using this NULL return value in a subsequent function call resulting in a segmentation fault.

Previously glibc would accept unsupported salt values, but newer versions
of the library have become stricter.

We are currently reviewing the implementation to see if the accepted salt
values can be expanded while still meeting our standards compliance requirements.

Comment 28 smfaall 2013-04-09 09:15:46 UTC
Hi,

Do you think that this problem is fixed?

Thanks in advance for your response.

Comment 29 Marcos Martins da Silva 2013-04-09 20:57:31 UTC
Freesurfers developers did not released a fix. At least, I see no comment about it at newsletter and the current stable release available for download is the same (5.2). I tried to build a virtual machine using CentOS6 under Fedora 18 and all main functions worked, except recon-all. I am not aware if Fedora developers decided to change glibc to accept the nonstandard salt to crypt (see comment 27). Perhaps Freesurfer works well under Fedora 17. I decided to download a complete virtual machine (Centos4 + Freesurfer 5.1) from their website to improve my chances to run this application. There is no such vdi file for Linux x64 and Freesurfer 5.2.

Comment 30 Patsy Griffin 2013-04-10 16:07:32 UTC
We have not completed the review of the current implementation to see if the
accepted salt values can be expanded while still meeting our standards compliance
requirements.  We will post an update when this review is completed.

However, you can use Fedora 17 with this application to avoid strict salt checking.

Comment 31 Marcos Martins da Silva 2013-04-10 18:50:46 UTC
Just to correct myself (comment 29). The virtual machine I got is not with CentOS but Xubuntu O.o

Comment 32 Marcos Martins da Silva 2013-04-15 20:57:33 UTC
I installed Freesurfer under Fedora 17 and it works great and out of the box. So I can confirm Fedora 17 is the best option for Freesurfer users at the moment.

Comment 33 Knut J BJuland 2013-05-25 17:16:40 UTC
Fix in Freesurfer 5.3. Pleas close.


Note You need to log in before you can comment on or make changes to this bug.