After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 70594 - puzzling png loader crash
puzzling png loader crash
Status: RESOLVED NOTGNOME
Product: gdk-pixbuf
Classification: Platform
Component: general
git master
Other other
: Normal normal
: ---
Assigned To: gtk-bugs
gtk-bugs
Depends on:
Blocks:
 
 
Reported: 2002-02-05 14:00 UTC by Matthias Clasen
Modified: 2010-07-10 04:04 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
the patch adding (!) the bug (37.44 KB, patch)
2002-02-05 14:01 UTC, Matthias Clasen 		none Details | Review
The offending file, as a PNG (2.69 KB, image/png)
2002-02-05 16:30 UTC, Owen Taylor 		  Details

Description Matthias Clasen 2002-02-05 14:00:52 UTC 
I'm fighting with a png loader segfault which I can't nail down.
If you apply the patch below to test-loaders, it will start by loading
two bad pngs. They are so bad that any attempt to load a further png
(even a good one) leads to a segfault which comes up from libz somehow.

Here is a stacktrace (you'll notice that I modified io-png to make libpng
use the g_ malloc functions rather than its defaults, but that didn't
change anything.

I have no idea how to go on with this...

limited_free (mem=0x40759004) at test-loaders.c:91
91        current_allocation -= GPOINTER_TO_INT (*(void**)real);
(gdb) bt

+ Trace 17305

  • #0 limited_free
    at test-loaders.c line 91
  • #1 g_free
    at gmem.c line 187
  • #2 _png_free
    at io-png.c line 395
  • #3 png_free
    from /usr/local/lib/libpng.so.3
  • #4 png_zfree
    from /usr/local/lib/libpng.so.3
  • #5 inflate_blocks_free
    from /lib/libz.so.1
  • #6 inflateEnd
    from /lib/libz.so.1
  • #7 png_read_destroy
    from /usr/local/lib/libpng.so.3
  • #8 png_destroy_read_struct
    from /usr/local/lib/libpng.so.3
  • #9 gdk_pixbuf__png_image_stop_load
    at io-png.c line 501
  • #10 gdk_pixbuf_loader_close
    at gdk-pixbuf-loader.c line 542
  • #11 test_loader
    at test-loaders.c line 156
  • #12 main
    at test-loaders.c line 387
  • #13 __libc_start_main
    from /lib/libc.so.6 






Comment 1


Matthias Clasen





          2002-02-05 14:01:40 UTC
        



Created attachment 6604 [details] [review]
the patch adding (!) the bug






Comment 2


Owen Taylor





          2002-02-05 16:30:09 UTC
        



Created attachment 6607 [details]
The offending file, as a PNG






Comment 3


Owen Taylor





          2002-02-05 16:31:00 UTC
        



I can get convert to double-free (revealed by export MALLOC_CHECK_=2)
with bad_png_1, so it's pretty clearly a libpng bug.






Comment 4


Owen Taylor





          2002-02-05 16:31:54 UTC
        



Oh yeah, and mozilla too ;-(






Comment 5


Owen Taylor





          2002-02-05 16:36:56 UTC
        



Problem occurs with both libpng-1.0.12 and libpng-1.2.1.






Comment 6


Owen Taylor





          2002-02-05 19:46:55 UTC
        



Turns out to be a libz bug. Have tracked it down now, investigating
further action. (Shouldn't need to do anything more in gdk-pixbuf.)