ImageMagick crash when drawing text with large font size

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
persanker1
Posts: 2
Joined: 2011-06-26T05:47:03-07:00
Authentication code: 8675308

ImageMagick crash when drawing text with large font size

Post by persanker1 »

ImageMagick crash when drawing some text with large font point size like 700.
running on Windows. using DLL version of ImageMagick and Magick++ compiled myself on Visual Studio 2010.
Here's the modules loaded when crashed:

Code: Select all

	TestFont.exe	D:\Projects\2011-06-18_PhotoBatch\src\Debug\TestFont.exe	N/A	N/A	Symbols loaded.	D:\Projects\2011-06-18_PhotoBatch\src\Debug\TestFont.pdb	1		28/06/2011 13:23	00400000-00420000	[9572] TestFont.exe: Native	
	ntdll.dll	C:\WINDOWS\system32\ntdll.dll	N/A	N/A	Cannot find or open the PDB file		2	5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)	09/12/2010 23:15	7C920000-7C9B6000	[9572] TestFont.exe: Native	
	kernel32.dll	C:\WINDOWS\system32\kernel32.dll	N/A	N/A	Cannot find or open the PDB file		3	5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)	21/03/2009 22:06	7C800000-7C91E000	[9572] TestFont.exe: Native	
	user32.dll	C:\WINDOWS\system32\user32.dll	N/A	N/A	Cannot find or open the PDB file		4	5.1.2600.5512 (xpsp.080413-2105)	14/04/2008 10:13	77D10000-77DA0000	[9572] TestFont.exe: Native	
	gdi32.dll	C:\WINDOWS\system32\gdi32.dll	N/A	N/A	Cannot find or open the PDB file		5	5.1.2600.5698 (xpsp_sp3_gdr.081022-1932)	23/10/2008 20:38	77EF0000-77F39000	[9572] TestFont.exe: Native	
	Magick.dll	D:\Projects\2011-06-18_PhotoBatch\src\Debug\Magick.dll	N/A	N/A	Symbols loaded.	D:\Projects\2011-06-18_PhotoBatch\src\Debug\Magick.pdb	6		28/06/2011 15:48	10000000-10968000	[9572] TestFont.exe: Native	
	zlib1d.dll	D:\Projects\2011-06-18_PhotoBatch\src\Debug\zlib1d.dll	N/A	N/A	Symbols loaded.	D:\Projects\2011-06-18_PhotoBatch\lib\zlib-1.2.3-src\src\zlib\1.2.3\zlib-1.2.3\projects\visualc6\Win32_DLL_Debug\zlib.pdb	7	1.02.2.0	28/06/2011 13:14	003A0000-003D4000*	[9572] TestFont.exe: Native	
	msvcr100d.dll	C:\WINDOWS\system32\msvcr100d.dll	N/A	N/A	Cannot find or open the PDB file		8	10.00.40219.1	19/02/2011 08:18	00420000-00593000*	[9572] TestFont.exe: Native	
	advapi32.dll	C:\WINDOWS\system32\advapi32.dll	N/A	N/A	Cannot find or open the PDB file		9	5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)	09/02/2009 18:52	77DA0000-77E49000	[9572] TestFont.exe: Native	
	rpcrt4.dll	C:\WINDOWS\system32\rpcrt4.dll	N/A	N/A	Cannot find or open the PDB file		10	5.1.2600.6022 (xpsp_sp3_gdr.100813-1643)	16/08/2010 16:44	77E50000-77EE3000	[9572] TestFont.exe: Native	
	secur32.dll	C:\WINDOWS\system32\secur32.dll	N/A	N/A	Cannot find or open the PDB file		11	5.1.2600.5834 (xpsp_sp3_gdr.090624-1305)	25/06/2009 16:24	77FC0000-77FD1000	[9572] TestFont.exe: Native	
	libpng15.dll	D:\Projects\2011-06-18_PhotoBatch\src\Debug\libpng15.dll	N/A	N/A	Symbols loaded.	D:\Projects\2011-06-18_PhotoBatch\src\Debug\libpng15.pdb	12	1.05.2.0	28/06/2011 13:23	005A0000-005D2000*	[9572] TestFont.exe: Native	
	Magick++.dll	D:\Projects\2011-06-18_PhotoBatch\src\Debug\Magick++.dll	N/A	N/A	Symbols loaded.	D:\Projects\2011-06-18_PhotoBatch\src\Debug\Magick++.pdb	13		28/06/2011 13:23	005E0000-006E6000*	[9572] TestFont.exe: Native	
	msvcp100d.dll	C:\WINDOWS\system32\msvcp100d.dll	N/A	N/A	Cannot find or open the PDB file		14	10.00.40219.1	19/02/2011 08:18	00700000-007B7000*	[9572] TestFont.exe: Native	
	imm32.dll	C:\WINDOWS\system32\imm32.dll	N/A	N/A	Cannot find or open the PDB file		15	5.1.2600.5512 (xpsp.080413-2105)	14/04/2008 10:13	76300000-7631D000	[9572] TestFont.exe: Native	
	lpk.dll	C:\WINDOWS\system32\lpk.dll	N/A	N/A	Cannot find or open the PDB file		16	5.1.2600.5512 (xpsp.080413-2105)	14/04/2008 10:12	62C20000-62C29000	[9572] TestFont.exe: Native	
	usp10.dll	C:\WINDOWS\system32\usp10.dll	N/A	N/A	Cannot find or open the PDB file		17	1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716)	16/04/2010 23:37	73FA0000-7400B000	[9572] TestFont.exe: Native	
Here's the call stack:

Code: Select all

 	ntdll.dll!7c93a343() 	
 	[Frames below may be incorrect and/or missing, no symbols loaded for ntdll.dll]	
 	ntdll.dll!7c990552() 	
 	ntdll.dll!7c96bafc() 	
 	ntdll.dll!7c93a1ba() 	
 	ntdll.dll!7c9830b4() 	
 	msvcr100d.dll!00527f59() 	
 	msvcr100d.dll!00537a4e() 	
 	msvcr100d.dll!00537560() 	
 	msvcr100d.dll!00539c80() 	
>	Magick.dll!RelinquishMagickMemory(void * memory=0x00dce7b0)  Line 754 + 0xc bytes	C++
 	Magick.dll!TraceBezier(_PrimitiveInfo * primitive_info=0x00e1d088, const unsigned int number_coordinates=3)  Line 5101 + 0x9 bytes	C++
 	Magick.dll!TracePath(_PrimitiveInfo * primitive_info=0x00e1b228, const char * path=0x00dcb248)  Line 5433 + 0xe bytes	C++
 	Magick.dll!DrawImage(_Image * image=0x00d155f0, const _DrawInfo * draw_info=0x00df1768)  Line 3033 + 0x1c bytes	C++
 	Magick.dll!RenderFreetype(_Image * image=0x00d155f0, const _DrawInfo * draw_info=0x00cf44d8, const char * encoding=0x00000000, const _PointInfo * offset=0x00120284, _TypeMetric * metrics=0x001201d4)  Line 1460 + 0xd bytes	C++
 	Magick.dll!RenderType(_Image * image=0x00d155f0, const _DrawInfo * draw_info=0x00cdfce8, const _PointInfo * offset=0x00120284, _TypeMetric * metrics=0x001201d4)  Line 905 + 0x1c bytes	C++
 	Magick.dll!AnnotateImage(_Image * image=0x00d155f0, const _DrawInfo * draw_info=0x00d45db8)  Line 481 + 0x1e bytes	C++
 	Magick.dll!DrawPrimitive(_Image * image=0x00d155f0, const _DrawInfo * draw_info=0x00cf4008, const _PrimitiveInfo * primitive_info=0x00d31c50)  Line 4416 + 0x10 bytes	C++
 	Magick.dll!DrawImage(_Image * image=0x00d155f0, const _DrawInfo * draw_info=0x00cf3da0)  Line 3121 + 0x20 bytes	C++
 	Magick.dll!DrawRender(_DrawingWand * wand=0x00cf2610)  Line 4321 + 0x25 bytes	C++
 	Magick++.dll!Magick::Image::draw(const Magick::Drawable & drawable_={...})  Line 799 + 0xc bytes	C++
 	TestFont.exe!main(int argc=1, char * * argv=0x00cd5e00)  Line 33 + 0x90 bytes	C++
 	TestFont.exe!__tmainCRTStartup()  Line 555 + 0x19 bytes	C
 	TestFont.exe!mainCRTStartup()  Line 371	C
 	kernel32.dll!7c817077() 	
 	msvcp100d.dll!00770074() 	
 	msvcp100d.dll!00770074() 	
 	msvcp100d.dll!00770074() 	
 	msvcp100d.dll!00770074() 	
 	msvcp100d.dll!00770074() 	
 	msvcp100d.dll!00770074() 	
 	msvcp100d.dll!00770074() 	
 	msvcp100d.dll!00770074() 	
 	msvcp100d.dll!00770074() 	
 	msvcp100d.dll!00770074() 	
 	msvcp100d.dll!00770074() 	
 	msvcp100d.dll!00770074() 	
 	msvcp100d.dll!00780064() 	
 	msvcp100d.dll!00780064() 	
 	msvcp100d.dll!00780064() 	
 	msvcp100d.dll!00780064() 	
 	msvcp100d.dll!00780064() 	
 	msvcp100d.dll!00780064() 	
 	msvcp100d.dll!00780064() 	
 	msvcp100d.dll!00780064() 	
I debugged this problem and just fount the free() function write more bytes over the end of what we allocated and cause an output of Heap Crruption:

Code: Select all

'TestFont.exe': Loaded 'C:\WINDOWS\system32\usp10.dll', Cannot find or open the PDB file
Heap corruption detected at 00DCEBC0
First-chance exception at 0x7c93a343 in TestFont.exe: 0xC0000005: Access violation writing location 0xfeeefeee.
the variables value in TraceBezier() are as follows:

Code: Select all

+		primitive_info	0x00e1d088 {point={...} coordinates=64 primitive=-842150451 ...}	_PrimitiveInfo *
		number_coordinates	3	const unsigned int
		j	3	int
+		points	0x00dce7b0 {x=-2.6569842580370804e+303 y=-2.6569842580370804e+303 }	_PointInfo *
		control_points	63	unsigned int
+		end	{x=1928.0000000000000 y=-126.07800000000000 }	_PointInfo
		weight	0.99999999999999822	double
		i	64	int
		quantum	21	unsigned int
		alpha	60.047367094979315	double
+		coefficients	0x00cf3928	double *
+		point	{x=1928.0026026706978 y=-127.40640841521808 }	_PointInfo
+		p	0x00e1d088 {point={...} coordinates=64 primitive=-842150451 ...}	_PrimitiveInfo *
Note that "points"==0x00dce7b0 and the memory allocated is control_points*sizeof(*points)==63*16=1008.But the address 00DCEBC0 is 1040 offset the base address of "points".
I need your help. Thanks.
User avatar
magick
Site Admin
Posts: 11064
Joined: 2003-05-31T11:32:55-07:00

Re: ImageMagick crash when drawing text with large font size

Post by magick »

Thanks for the problem report and debugging. We can reproduce the problem and will get a patch in ImageMagick 6.7-0-10 Beta within a few days.
Post Reply