It always reproducible.
Please refer for Fedora bugzilla for more details and backtraces - https://bugzilla.redhat.com/show_bug.cgi?id=638352#c10
Segfault on identify -verbose -ping test.pdf
Re: Segfault on identify -verbose -ping test.pdf
- 2010-09-28 6.5.8-10 Cristy <quetzlzacatenango@image...>
* Don't permit access to pixels when pinging an image (reference
viewtopic.php?f=3&t=17194).
* Temporary files not always deleted (reference
viewtopic.php?f=2&t=15960).
Code: Select all
diff -rc ImageMagick-6.5.8-10/magick/cache.c ImageMagick-6.5.8-11/magick/cache.c
*** ImageMagick-6.5.8-10/magick/cache.c 2009-12-11 16:38:29.000000000 -0500
--- ImageMagick-6.5.8-11/magick/cache.c 2010-10-03 11:40:08.721443934 -0400
***************
*** 1757,1762 ****
--- 1757,1764 ----
MagickOffsetType
offset;
+ if (cache_info->type == PingCache)
+ return(MagickTrue);
offset=(MagickOffsetType) nexus_info->region.y*cache_info->columns+
nexus_info->region.x;
if (nexus_info->pixels != (cache_info->pixels+offset))
***************
*** 3949,3954 ****
--- 3951,3966 ----
cache_info->columns=image->columns;
cache_info->active_index_channel=((image->storage_class == PseudoClass) ||
(image->colorspace == CMYKColorspace)) ? MagickTrue : MagickFalse;
+ if (image->ping != MagickFalse)
+ {
+ cache_info->storage_class=image->storage_class;
+ cache_info->colorspace=image->colorspace;
+ cache_info->type=PingCache;
+ cache_info->pixels=(PixelPacket *) NULL;
+ cache_info->indexes=(IndexPacket *) NULL;
+ cache_info->length=0;
+ return(MagickTrue);
+ }
number_pixels=(MagickSizeType) cache_info->columns*cache_info->rows;
packet_size=sizeof(PixelPacket);
if (cache_info->active_index_channel != MagickFalse)
***************
*** 4897,4904 ****
nexus_info->region.height=region->height == 0UL ? 1UL : region->height;
nexus_info->region.x=region->x;
nexus_info->region.y=region->y;
! if ((cache_info->type != DiskCache) && (image->clip_mask == (Image *) NULL) &&
! (image->mask == (Image *) NULL))
{
offset=(MagickOffsetType) nexus_info->region.y*cache_info->columns+
nexus_info->region.x;
--- 4909,4916 ----
nexus_info->region.height=region->height == 0UL ? 1UL : region->height;
nexus_info->region.x=region->x;
nexus_info->region.y=region->y;
! if ((cache_info->type != DiskCache) && (cache_info->type != PingCache) &&
! (image->clip_mask == (Image *) NULL) && (image->mask == (Image *) NULL))
{
offset=(MagickOffsetType) nexus_info->region.y*cache_info->columns+
nexus_info->region.x;
diff -rc ImageMagick-6.5.8-10/magick/cache-private.h ImageMagick-6.5.8-11/magick/cache-private.h
*** ImageMagick-6.5.8-10/magick/cache-private.h 2009-12-11 16:38:29.000000000 -0500
--- ImageMagick-6.5.8-11/magick/cache-private.h 2010-10-03 11:40:19.996412838 -0400
***************
*** 32,38 ****
UndefinedCache,
MemoryCache,
MapCache,
! DiskCache
} CacheType;
typedef void
--- 32,39 ----
UndefinedCache,
MemoryCache,
MapCache,
! DiskCache,
! PingCache
} CacheType;
typedef void
diff -rc ImageMagick-6.5.8-10/magick/image.c ImageMagick-6.5.8-11/magick/image.c
*** ImageMagick-6.5.8-10/magick/image.c 2009-12-22 16:15:23.000000000 -0500
--- ImageMagick-6.5.8-11/magick/image.c 2010-10-03 11:41:12.982443890 -0400
***************
*** 180,185 ****
--- 180,186 ----
image->y_resolution=DefaultResolution;
image->units=PixelsPerInchResolution;
GetTimerInfo(&image->timer);
+ image->ping=MagickFalse;
image->cache=AcquirePixelCache(0);
image->blob=CloneBlobInfo((BlobInfo *) NULL);
image->debug=IsEventLogging();
***************
*** 252,257 ****
--- 253,259 ----
image->border_color=image_info->border_color;
image->matte_color=image_info->matte_color;
image->transparent_color=image_info->transparent_color;
+ image->ping=image_info->ping;
image->progress_monitor=image_info->progress_monitor;
image->client_data=image_info->client_data;
if (image_info->cache != (void *) NULL)
***************
*** 873,878 ****
--- 875,881 ----
clone_image->blob=ReferenceBlob(image->blob);
else
clone_image->blob=CloneBlobInfo((BlobInfo *) NULL);
+ clone_image->ping=image->ping;
clone_image->debug=IsEventLogging();
clone_image->semaphore=AllocateSemaphoreInfo();
if ((columns == 0) && (rows == 0))
diff -rc ImageMagick-6.5.8-10/magick/image.h ImageMagick-6.5.8-11/magick/image.h
*** ImageMagick-6.5.8-10/magick/image.h 2009-12-11 16:38:29.000000000 -0500
--- ImageMagick-6.5.8-11/magick/image.h 2010-10-03 11:41:34.698448518 -0400
***************
*** 330,335 ****
--- 330,338 ----
MagickBooleanType
dither;
+
+ MagickBooleanType
+ ping;
};
struct _ImageInfo
diff -rc ImageMagick-6.5.8-10/magick/resource.c ImageMagick-6.5.8-11/magick/resource.c
*** ImageMagick-6.5.8-10/magick/resource.c 2009-12-17 21:53:20.000000000 -0500
--- ImageMagick-6.5.8-11/magick/resource.c 2010-10-03 11:44:18.426998774 -0400
***************
*** 332,337 ****
--- 332,338 ----
static void *DestroyTemporaryResources(void *temporary_resource)
{
(void) remove((char *) temporary_resource);
+ temporary_resource=DestroyString((char *) temporary_resource);
return((void *) NULL);
}
***************
*** 477,486 ****
(void) LockSemaphoreInfo(resource_semaphore);
if (temporary_resources == (SplayTreeInfo *) NULL)
temporary_resources=NewSplayTree(CompareSplayTreeString,
! RelinquishMagickMemory,DestroyTemporaryResources);
(void) UnlockSemaphoreInfo(resource_semaphore);
resource=ConstantString(path);
! (void) AddValueToSplayTree(temporary_resources,resource,resource);
return(file);
}
--- 478,487 ----
(void) LockSemaphoreInfo(resource_semaphore);
if (temporary_resources == (SplayTreeInfo *) NULL)
temporary_resources=NewSplayTree(CompareSplayTreeString,
! DestroyTemporaryResources,(void *(*)(void *)) NULL);
(void) UnlockSemaphoreInfo(resource_semaphore);
resource=ConstantString(path);
! (void) AddValueToSplayTree(temporary_resources,resource,(const void *) NULL);
return(file);
}
-
- Posts: 66
- Joined: 2010-05-04T10:50:21-07:00
- Authentication code: 8675308
- Location: Russia, Saint-Petersburg
Re: Segfault on identify -verbose -ping test.pdf
Thank you very much for fast fix. I hope it go in next release.
Re: Segfault on identify -verbose -ping test.pdf
The problem you reported is already fixed in the current release of ImageMagick, 6.6.4-8.
Re: Segfault on identify -verbose -ping test.pdf
I guess that could fit into that topic:
I'm still getting crashes when doing "identify -verbose -ping" with PSD files (see also here).
Take that file (just a random PSD from the web - from here):
pin-full-stokpsd.zip
Windows notes for the crash: "Application Failure identify.exe 4.0.0.0 in core_rl_magick_.dll 4.0.0.0 at offset 000d35b4.."
I'm using IM v6.6.4-8 Q16, Windows XP.
I'm still getting crashes when doing "identify -verbose -ping" with PSD files (see also here).
Take that file (just a random PSD from the web - from here):
pin-full-stokpsd.zip
Windows notes for the crash: "Application Failure identify.exe 4.0.0.0 in core_rl_magick_.dll 4.0.0.0 at offset 000d35b4.."
I'm using IM v6.6.4-8 Q16, Windows XP.
Re: Segfault on identify -verbose -ping test.pdf
Here's a patch:
Code: Select all
*** magick/stream.c~ 2010-10-04 14:00:17.954718038 -0400
--- magick/stream.c 2010-10-04 13:24:53.681967998 -0400
***************
*** 152,158 ****
StreamInfo
*stream_info;
! stream_info=(StreamInfo *) AcquireAlignedMemory(1,sizeof(*stream_info));
if (stream_info == (StreamInfo *) NULL)
ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed");
(void) ResetMagickMemory(stream_info,0,sizeof(*stream_info));
--- 152,158 ----
StreamInfo
*stream_info;
! stream_info=(StreamInfo *) AcquireQuantumMemory(1,sizeof(*stream_info));
if (stream_info == (StreamInfo *) NULL)
ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed");
(void) ResetMagickMemory(stream_info,0,sizeof(*stream_info));
***************
*** 703,719 ****
/*
Pixels are stored in a temporary buffer until they are synced to the cache.
*/
number_pixels=(MagickSizeType) columns*rows;
length=(size_t) number_pixels*sizeof(PixelPacket);
! if ((image->storage_class == PseudoClass) ||
! (image->colorspace == CMYKColorspace))
length+=number_pixels*sizeof(IndexPacket);
if (cache_info->pixels == (PixelPacket *) NULL)
{
cache_info->length=length;
status=AcquireStreamPixels(cache_info,exception);
if (status == MagickFalse)
! return((PixelPacket *) NULL);
}
else
if (cache_info->length != length)
--- 703,723 ----
/*
Pixels are stored in a temporary buffer until they are synced to the cache.
*/
+ cache_info->active_index_channel=((image->storage_class == PseudoClass) ||
+ (image->colorspace == CMYKColorspace)) ? MagickTrue : MagickFalse;
number_pixels=(MagickSizeType) columns*rows;
length=(size_t) number_pixels*sizeof(PixelPacket);
! if (cache_info->active_index_channel != MagickFalse)
length+=number_pixels*sizeof(IndexPacket);
if (cache_info->pixels == (PixelPacket *) NULL)
{
cache_info->length=length;
status=AcquireStreamPixels(cache_info,exception);
if (status == MagickFalse)
! {
! cache_info->length=0;
! return((PixelPacket *) NULL);
! }
}
else
if (cache_info->length != length)
***************
*** 722,732 ****
cache_info->length=length;
status=AcquireStreamPixels(cache_info,exception);
if (status == MagickFalse)
! return((PixelPacket *) NULL);
}
cache_info->indexes=(IndexPacket *) NULL;
! if ((image->storage_class == PseudoClass) ||
! (image->colorspace == CMYKColorspace))
cache_info->indexes=(IndexPacket *) (cache_info->pixels+number_pixels);
return(cache_info->pixels);
}
--- 726,738 ----
cache_info->length=length;
status=AcquireStreamPixels(cache_info,exception);
if (status == MagickFalse)
! {
! cache_info->length=0;
! return((PixelPacket *) NULL);
! }
}
cache_info->indexes=(IndexPacket *) NULL;
! if (cache_info->active_index_channel != MagickFalse)
cache_info->indexes=(IndexPacket *) (cache_info->pixels+number_pixels);
return(cache_info->pixels);
}
***************
*** 855,866 ****
/*
Pixels are stored in a temporary buffer until they are synced to the cache.
*/
cache_info->columns=columns;
cache_info->rows=rows;
number_pixels=(MagickSizeType) columns*rows;
length=(size_t) number_pixels*sizeof(PixelPacket);
! if ((image->storage_class == PseudoClass) ||
! (image->colorspace == CMYKColorspace))
length+=number_pixels*sizeof(IndexPacket);
if (cache_info->pixels == (PixelPacket *) NULL)
{
--- 861,873 ----
/*
Pixels are stored in a temporary buffer until they are synced to the cache.
*/
+ cache_info->active_index_channel=((image->storage_class == PseudoClass) ||
+ (image->colorspace == CMYKColorspace)) ? MagickTrue : MagickFalse;
cache_info->columns=columns;
cache_info->rows=rows;
number_pixels=(MagickSizeType) columns*rows;
length=(size_t) number_pixels*sizeof(PixelPacket);
! if (cache_info->active_index_channel != MagickFalse)
length+=number_pixels*sizeof(IndexPacket);
if (cache_info->pixels == (PixelPacket *) NULL)
{
***************
*** 877,884 ****
if (cache_info->pixels == (void *) NULL)
return((PixelPacket *) NULL);
cache_info->indexes=(IndexPacket *) NULL;
! if ((image->storage_class == PseudoClass) ||
! (image->colorspace == CMYKColorspace))
cache_info->indexes=(IndexPacket *) (cache_info->pixels+number_pixels);
return(cache_info->pixels);
}
--- 884,890 ----
if (cache_info->pixels == (void *) NULL)
return((PixelPacket *) NULL);
cache_info->indexes=(IndexPacket *) NULL;
! if (cache_info->active_index_channel != MagickFalse)
cache_info->indexes=(IndexPacket *) (cache_info->pixels+number_pixels);
return(cache_info->pixels);
}