SEGV/ABRT - lt-convert - coders/png.c:8431 - c990c15b

[JodieC]

This one seems to ABRT when I run from the command line and SEGV in GDB... odd. This is another one that makes some huge core dumps, even with the resource limits... tried MB and MiB.

Source file:
https://www.dropbox.com/s/4cmnki2bgajth8g/c990c15b?dl=0

To reproduce:

Code: Select all

convert -limit memory 128MB -limit map 50MB -limit disk 50MB c990c15b png:/dev/null

BT:

Code: Select all

#0  0x00007ffff7a29e66 in WriteOnePNGImage (mng_info=mng_info@entry=0x7ffff0010380, image_info=image_info@entry=0x7ffff000c1e0,
    image=image@entry=0x643720) at coders/png.c:8431
#1  0x00007ffff7a3247e in WritePNGImage (image_info=0x7ffff000c1e0, image=0x643720) at coders/png.c:12051
#2  0x00007ffff780edbd in WriteImage (image_info=image_info@entry=0x7ffff0008040, image=image@entry=0x643720) at magick/constitute.c:1181
#3  0x00007ffff780f61a in WriteImages (image_info=image_info@entry=0x609330, images=<optimized out>, images@entry=0x643720,
    filename=<optimized out>, exception=exception@entry=0x605010) at magick/constitute.c:1321
#4  0x00007ffff7479779 in ConvertImageCommand (image_info=0x609330, argc=12, argv=0x603680, metadata=0x0, exception=0x605010)
    at wand/convert.c:3215
#5  0x00007ffff74e5a98 in MagickCommandGenesis (image_info=image_info@entry=0x605190, command=0x400880 <ConvertImageCommand@plt>,
    argc=argc@entry=12, argv=argv@entry=0x7fffffffdd48, metadata=metadata@entry=0x0, exception=exception@entry=0x605010) at wand/mogrify.c:168
#6  0x0000000000400907 in ConvertMain (argv=0x7fffffffdd48, argc=12) at utilities/convert.c:81
#7  main (argc=12, argv=0x7fffffffdd48) at utilities/convert.c:92

If I set it to aai:/dev/null instead of png:/dev/null then it dies on another line:

Code: Select all

convert -limit memory 128MB -limit map 50MB -limit disk 50MB c990c15b aai:/dev/null

Code: Select all

#0  WriteAAIImage (image_info=0x7ffff000c1e0, image=0x643720) at coders/aai.c:387
#1  0x00007ffff780edbd in WriteImage (image_info=image_info@entry=0x7ffff0008040, image=image@entry=0x643720) at magick/constitute.c:1181
#2  0x00007ffff780f61a in WriteImages (image_info=image_info@entry=0x609330, images=<optimized out>, images@entry=0x643720, 
    filename=<optimized out>, exception=exception@entry=0x605010) at magick/constitute.c:1321
#3  0x00007ffff7479779 in ConvertImageCommand (image_info=0x609330, argc=12, argv=0x603680, metadata=0x0, exception=0x605010)
    at wand/convert.c:3215
#4  0x00007ffff74e5a98 in MagickCommandGenesis (image_info=image_info@entry=0x605190, command=0x400810 <ConvertImageCommand@plt>, 
    argc=argc@entry=12, argv=argv@entry=0x7fffffffdd58, metadata=metadata@entry=0x0, exception=exception@entry=0x605010) at wand/mogrify.c:168
#5  0x0000000000400887 in ConvertMain (argv=0x7fffffffdd58, argc=12) at utilities/convert.c:81
#6  main (argc=12, argv=0x7fffffffdd58) at utilities/convert.c:92

System Details:
AMD64
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty

ImageMagick 6 compiled from SVN checkout (don't have the viff.c patch from 20141231 but otherwise up to date).

Found with American Fuzzy Lop ( http://lcamtuf.coredump.cx/afl/ )

[magick]

Do you have the address sanitizer enabled? If so, it intercepts large memory allocations and throws an exception. Without it, ImageMagick attempts to allocate the pixel cache in memory and if it fails, allocates the cache on disk instead. We tried your image without the address sanitizer and it completes without complaint.

[JodieC]

I haven't enabled asan on these.

I ran it again and it worked okay this time (?) ... closing this out.