GNOME Bugzilla – Bug 524216
incremental PNG loader should detect incomplete images
Last modified: 2014-10-22 12:33:30 UTC
Steps to reproduce: 1. Open the attached broken png (hex dumped here) 0000000: 8950 4e47 0d0a 1a0a 0000 000d 4948 4452 .PNG........IHDR 0000010: 0000 0780 0000 04b0 0802 0000 0095 52c0 ..............R. 0000020: a100 0000 0467 414d 4100 00b1 8f0b fc61 .....gAMA......a 0000030: 0500 0000 0373 4249 5408 0808 dbe1 4fe0 .....sBIT.....O. 2. Crash. Stack trace: GNU gdb 6.7.1-debian Copyright (C) 2007 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu"... Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". (gdb) run test.png Starting program: /usr/bin/eog test.png [Thread debugging using libthread_db enabled] [New Thread 0xb6a72720 (LWP 11966)] [New Thread 0xb6933b90 (LWP 11969)] [New Thread 0xb54ffb90 (LWP 11970)] ** ** EOG:ERROR:(eog-image.c:1154):eog_image_real_load: assertion failed: (priv->image != NULL) Program received signal SIGABRT, Aborted.
+ Trace 193253
Thread 3063102352 (LWP 11969)
Other information: Using version 2.22.0-1ubuntu1.
Created attachment 107959 [details] the image in question
For some strange reason, I cannot download the attached image.
It's there all right. It's only 64 bytes long; as I mentioned, it's a broken image (actually, it's what povray uses as a temporary file, but I tried to open it with eog which is why I filed this bug)
Hmm, indeed we shouldn't abort when loading that image. I need to check if this a bug with libpng's incremental loader as bug 519514 (which apparently will be fixed once libpng-1.2.26 is out) or if it is a problem with gdk-pixbuf (I think it is this time). I somehow feel like removing that g_assert in our loading code and return a generic error message instead as this produces most of EOG's "crashes" nowadays (although it makes problems with gdk-pixbuf nicely visible).
Yes, this time it is a problem with gdk-pixbuf. libpng's incremental loader provides measures to let gdk-pixbuf detect this problem. Reassigning.
Created attachment 108108 [details] [review] check if loading finished This patch uses libpng's progressive end signal to detect if the loader actually finished loading the image. If it hasn't when stopping the loader it will set an error. This also works as an internal counter-measure against bug 519514 if no fixed libpng (>= 1.2.26b2) is installed.
*ping*? Can someone review my patch, please? I'd like to see that fixed in one of the next gtk+ releases if possible. After all it's two bugs for one. ;-)
*** Bug 533457 has been marked as a duplicate of this bug. ***
*** Bug 543065 has been marked as a duplicate of this bug. ***
*** Bug 539810 has been marked as a duplicate of this bug. ***
*** Bug 533225 has been marked as a duplicate of this bug. ***
Created attachment 117443 [details] [review] check if pixbuf was created Oh, I totally forgot this. Thanks for the noise Claudio. ;-) So, I had a chat with mclasen at the beginning of June which concluded with a less strict check being probably a more appropriate fix. The reason being people that only load parts of an image (and thus don't input a complete PNG file). This leads to this patch which only checks if the destination pixbuf has been created once the loader is closed which seems to fix this and bug 519514 (if libpng <= 1.2.25) as well.
And added the file to the tests