Calling FreeImage_JPEGTransform
with same source and target file would lead to a crash on Linux. The following code could reproduce this problem when compiled against FreeImage 3.16:
#include "FreeImage.h" #include <stdio.h> int main(void) { FreeImage_Initialise(); // in-place rotation of test.jpg, this leads to a crash on Linux FreeImage_JPEGTransform("test.jpg", "test.jpg", FIJPEG_OP_ROTATE_90); FreeImage_DeInitialise(); return 0; }
Running this code would generate an assertion failure:
~/documents/FreeImage/FreeImage_3160/hacks $ ./run *** Error in `/home/kontinuation/documents/FreeImage/FreeImage_3160/hacks/run': double free or corruption (top): 0x098a8a88 *** aborted
The problem is caused by closing the same file handle twice: file handles for source file and target file were allocated in openStdIO()
, when src_file
equals dst_file
, it opens the file only once and make src_file
and dst_file
share the same file handle, while closeStdIO()
is not aware of this case and it simply calls fclose()
on both file handles, which leads to an assertion failure in libc and caused the problem.
The patch fixes this problem by not calling fclose()
on dst_handle
when src_handle == dst_handle
.
Seems that this problem is already fixed in [Revision 1.11], maybe the next release would contain this fix.
Hi,
This bug was recently fixed in the CVS.
See the post-scriptum in
http://sourceforge.net/p/freeimage/patches/88/
The bug fix will be available in the next release.
Hervé
Ticket moved from /p/freeimage/patches/94/
fixed in release 3.17.0