GNOME Bugzilla – Bug 70594
puzzling png loader crash
Last modified: 2010-07-10 04:04:21 UTC
I'm fighting with a png loader segfault which I can't nail down.
If you apply the patch below to test-loaders, it will start by loading
two bad pngs. They are so bad that any attempt to load a further png
(even a good one) leads to a segfault which comes up from libz somehow.
Here is a stacktrace (you'll notice that I modified io-png to make libpng
use the g_ malloc functions rather than its defaults, but that didn't
I have no idea how to go on with this...
limited_free (mem=0x40759004) at test-loaders.c:91
91 current_allocation -= GPOINTER_TO_INT (*(void**)real);
Created attachment 6604 [details] [review]
the patch adding (!) the bug
Created attachment 6607 [details]
The offending file, as a PNG
I can get convert to double-free (revealed by export MALLOC_CHECK_=2)
with bad_png_1, so it's pretty clearly a libpng bug.
Oh yeah, and mozilla too ;-(
Problem occurs with both libpng-1.0.12 and libpng-1.2.1.
Turns out to be a libz bug. Have tracked it down now, investigating
further action. (Shouldn't need to do anything more in gdk-pixbuf.)