SVG creates corrupt JPG and SegFaults (let's call it arcane)

[posterChild]

I tried posting this in the Users forums, and then decided that this probably fell into the 'arcane' area of usage and might get some help here instead. Here's my original post:

viewtopic.php?f=1&t=17562

I've now gotten to the point where I'm doing things well beyond my comfort zone in Linux trying to get to the root of what's causing the segmentation fault. I've learned very little about using strace, etc. and almost have it narrowed down, but I'm not sure what I'll do even if I do narrow it down. It's been a very long time since my C days. However, here's where I'm at:

It looks like something is failing after the UnmapBlob in blob.c (line 3906) (this cold TOTALLY be a red-herring). From what I can tell using strace, that succeeds and something shortly after it fails. I don't have any sort of IDE or debugger that I can step through the code on, so this has all been deduced with strace and -debug all. Here's the end of my strace (FWIW):

Code: Select all

write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
3731) = 3731
close(4)                                = 0
munmap(0x2b8339327000, 4096)            = 0
munmap(0x2b8339de1000, 13381632)        = 0
munmap(0x2b833911e000, 2133784)         = 0
munmap(0x2b833839f000, 2158368)         = 0
munmap(0x3891000000, 2304352)           = 0
munmap(0x3890c00000, 2190296)           = 0
munmap(0x3890800000, 2578928)           = 0
munmap(0x388b400000, 2308352)           = 0
munmap(0x2b83385bb000, 2331992)         = 0
munmap(0x388bc00000, 3395256)           = 0
munmap(0x388f000000, 2339696)           = 0
munmap(0x388e400000, 2537704)           = 0
munmap(0x388d000000, 2112120)           = 0
munmap(0x3892e00000, 2131912)           = 0
munmap(0x3893200000, 2525912)           = 0
munmap(0x388f800000, 2242264)           = 0
munmap(0x388c800000, 2224928)           = 0
munmap(0x388fc00000, 2160704)           = 0
munmap(0x3889400000, 2336968)           = 0
munmap(0x388a400000, 2407792)           = 0
munmap(0x3888800000, 3475344)           = 0
munmap(0x3890000000, 2106240)           = 0
munmap(0x388f400000, 2141000)           = 0
munmap(0x388ec00000, 2105616)           = 0
munmap(0x388cc00000, 2160784)           = 0
munmap(0x3892000000, 2131736)           = 0
munmap(0x3888400000, 2194096)           = 0
munmap(0x3889000000, 2111000)           = 0
munmap(0x388a000000, 2283888)           = 0
munmap(0x388ac00000, 2706624)           = 0
munmap(0x388c000000, 2247432)           = 0
munmap(0x388c400000, 2128592)           = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

Oddly, if I include an <image> tag in the SVG, regardless of how it's rendered, it does NOT segfault. Here's its strace:

Code: Select all

write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1621) = 1621
close(4)                                = 0
munmap(0x2b76cf793000, 4096)            = 0
munmap(0x2b76d048e000, 13381632)        = 0
munmap(0x2b76cf58a000, 2133784)         = 0
munmap(0x2b76ce3a0000, 2158368)         = 0
munmap(0x3891000000, 2304352)           = 0
munmap(0x388b400000, 2308352)           = 0
munmap(0x2b76ce5bc000, 2331992)         = 0
munmap(0x3892e00000, 2131912)           = 0
munmap(0x3893200000, 2525912)           = 0
munmap(0x388f800000, 2242264)           = 0
munmap(0x388cc00000, 2160784)           = 0
munmap(0x3892000000, 2131736)           = 0
writev(13, [{"GIOP\1\2\1\5\0\0\0\0", 12}], 1) = 12
close(13)                               = 0
writev(5, [{"GIOP\1\2\1\5\0\0\0\0", 12}], 1) = 12
close(5)                                = 0
close(12)                               = 0
close(11)                               = 0
unlink("/tmp/orbit-posterChild/linc-311d-0-24543cd81aa89") = 0
close(6)                                = 0
exit_group(0)                           = ?

Anyone have any ideas? Shots in the dark? Recommendations on what I can run to get closer to what's causing the segfault so I can avoid it/patch it?

posterChild

[magick]

We tried reproducing the fault and cannot. We're using ImageMagick 6.6.6 and RSVG 2.32.0. Post the output of gdb:

• gdb convert
  run segfault.svg jpg:segfaultsvg.jpg
  where

[posterChild]

FWIW, this happens with rSVG and the 'built in' SVG render. Just wanted to throw that out there.

Okay, I had them install gdb and here's what I'm getting:

Code: Select all

[posterChild:web-dev bin]$ gdb convert
GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-23.el5_5.2)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/sites/imagemagick-666/bin/convert...done.
(gdb) run ~/segfault.svg ~/segfault.jpg
Starting program: /usr/local/sites/imagemagick-666/bin/convert ~/segfault.svg ~/segfault.jpg
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x00000038908365f8 in ?? ()
(gdb) where
#0  0x00000038908365f8 in ?? ()
#1  0x00000038860333a5 in exit () from /lib64/libc.so.6
#2  0x000000388601d99b in __libc_start_main () from /lib64/libc.so.6
#3  0x0000000000400829 in _start ()
(gdb)

Unfortunately, that looks like a system library. This seems to have turned into more of a 'support' request instead of a feature or bug fix. So, here's my server information:

Code: Select all

Red Hat Enterprise Linux Server release 5.5 (Tikanga)

Linux web-dev 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux

Version: ImageMagick 6.6.6-1 2010-11-30 Q8 http://www.imagemagick.org
Copyright: Copyright (C) 1999-2010 ImageMagick Studio LLC
Features:

I have this happening in a development and production environment, and I believe there are differences between the two, which I can try to obtain if it will help. I'll gladly run anything else that's deemed helpful. Hell, I'll even go get you a coffee

Thanks for the response and I'm certainly appreciate the help.

posterChild

[magick]

We've seen this problem before. It has nothing to do with ImageMagick other than we call rsync_term() when we unload the SVG module and RSVG has and atexit() method that causes the fault (atexit() is not recommended for a library). You can get around the problem by upgrading the RSVG delegate library, commenting out the rsync_term() call in coders/svg.c, or building ImageMagick without modules (add --without-modules to the configure script command line) or buliding statically.