Segmentation fault: PNG

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
vladimir_ff
Posts: 18
Joined: 2011-11-18T05:12:05-07:00
Authentication code: 8675308

Segmentation fault: PNG

Post by vladimir_ff »

Segmentation fault on image http://volnistiki.narod.ru/banner2.png
Version 6.7.3
User avatar
glennrp
Posts: 1147
Joined: 2006-04-01T08:16:32-07:00
Location: Maryland 39.26.30N 76.16.01W

Re: Segmentation fault: MNG

Post by glennrp »

pngcrush -n -v says about the file:
  • Opening file banner2.PNG for length measurement
    Allocating read structure
    Allocating read_info, end_info structures
    Reading MHDR chunk.
    width=88
    height=31
    ticksps=100
    nomlayc=4
    nomfram=3
    nomplay=600
    profile=15
    Reading TERM chunk, length = 10.
    Reading PLTE chunk, length = 768.
    Reading tRNS chunk, length = 32.
    Reading FRAM chunk, length = 10.
    Reading DEFI chunk, length = 12.
    Reading IHDR chunk, length = 13.
    Reading PLTE chunk, length = 0.
    Reading IDAT chunk, length = 826.
    Reading IEND chunk, length = 0.
    Reading FRAM chunk, length = 0.
    Reading DEFI chunk, length = 12.
    Reading IHDR chunk, length = 13.
    Reading PLTE chunk, length = 0.
    Reading IDAT chunk, length = 722.
    Reading IEND chunk, length = 0.
    Reading FRAM chunk, length = 0.
    Reading DEFI chunk, length = 12.
    Reading IHDR chunk, length = 13.
    Reading PLTE chunk, length = 0.
    Reading IDAT chunk, length = 582.
    Reading IEND chunk, length = 0.
    Reading MEND chunk, length = 0.
pngcheck says:
  • File: banner2.PNG (3337 bytes)
    chunk MHDR at offset 0x0000c, length 28
    88 x 31 frame size, 100 ticks per second, 4 layers,
    3 frames, 600-tick play time (6 seconds), valid profile:
    simple MNG features, complex MNG features, critical transparency
    chunk TERM at offset 0x00034, length 10
    action = repeat sequence between TERM and MEND
    action after iterations = show first frame after TERM
    inter-iteration delay = 200 ticks, max iterations = infinite
    chunk PLTE at offset 0x0004a, length 768: 256 palette entries
    chunk tRNS at offset 0x00356, length 32: 32 transparency entries
    chunk FRAM at offset 0x00382, length 10: mode 1
    no background layer; interframe delay before each image displayed
    change interframe delay and make default
    new delay = 200 ticks
    no change in timeout and termination
    no change in subframe clipping boundaries
    no change in sync ID list
    chunk DEFI at offset 0x00398, length 12
    object ID = 0, potentially visible, abstract, x = 0, y = 0
    chunk IHDR at offset 0x003b0, length 13
    88 x 31 image, 8-bit colormap, non-interlaced
    chunk PLTE at offset 0x003c9, length 0: 0 palette entries
    chunk IDAT at offset 0x003d5, length 826
    zlib: deflated, 32K window, maximum compression
    zlib line filters (0 none, 1 sub, 2 up, 3 avg, 4 paeth):
    0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
    0 0 0 0 0 0 (31 out of 31)
    chunk IEND at offset 0x0071b, length 0
    chunk FRAM at offset 0x00727, length 0: empty
    chunk DEFI at offset 0x00733, length 12
    object ID = 0, potentially visible, abstract, x = 30, y = 0
    chunk IHDR at offset 0x0074b, length 13
    52 x 30 image, 8-bit colormap, non-interlaced
    chunk PLTE at offset 0x00764, length 0: 0 palette entries
    chunk IDAT at offset 0x00770, length 722
    zlib: deflated, 32K window, maximum compression
    zlib line filters (0 none, 1 sub, 2 up, 3 avg, 4 paeth):
    0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
    0 0 0 0 0 (30 out of 30)
    chunk IEND at offset 0x00a4e, length 0
    chunk FRAM at offset 0x00a5a, length 0: empty
    chunk DEFI at offset 0x00a66, length 12
    object ID = 0, potentially visible, abstract, x = 0, y = 0
    chunk IHDR at offset 0x00a7e, length 13
    84 x 30 image, 8-bit colormap, non-interlaced
    chunk PLTE at offset 0x00a97, length 0: 0 palette entries
    chunk IDAT at offset 0x00aa3, length 582
    zlib: deflated, 32K window, maximum compression
    zlib line filters (0 none, 1 sub, 2 up, 3 avg, 4 paeth):
    0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
    0 0 0 0 0 (30 out of 30)
    chunk IEND at offset 0x00cf5, length 0
    chunk MEND at offset 0x00d01, length 0
    No errors detected in banner2.PNG (23 chunks).
ImageMagick (various versions as far back as 6.4.8 ) segfault on the file while processing the first frame.

A derivative of ImageMagick-5.5.7 displays an animation, so it appears that the file contains a valid MNG datastream. It has the proper MNG signature bytes:
  • od -c *.PNG | head -1
    0000000 212 M N G \r \n 032 \n \0 \0 \0 034 M H D R
The file should actually have a MNG extension instead of PNG, but that is not the cause of the segfault.

Glenn
vladimir_ff
Posts: 18
Joined: 2011-11-18T05:12:05-07:00
Authentication code: 8675308

Re: Segmentation fault: PNG

Post by vladimir_ff »

So am i right, is it an IM bug?
User avatar
glennrp
Posts: 1147
Joined: 2006-04-01T08:16:32-07:00
Location: Maryland 39.26.30N 76.16.01W

Re: Segmentation fault: PNG

Post by glennrp »

vladimir_ff wrote:So am i right, is it an IM bug?
Yes, so it seems. A very old one. IM should be recognizing
MNG files, even if they have the wrong extension.
Post Reply