Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#244 Fix crash when performing in-place JPEG transformations

None
closed
Hervé Drolon
None
5
2015-03-15
2014-08-19
Kontinuation
No

Calling FreeImage_JPEGTransform with same source and target file would lead to a crash on Linux. The following code could reproduce this problem when compiled against FreeImage 3.16:

#include "FreeImage.h"
#include <stdio.h>

int main(void)
{
    FreeImage_Initialise();
    // in-place rotation of test.jpg, this leads to a crash on Linux
    FreeImage_JPEGTransform("test.jpg", "test.jpg", FIJPEG_OP_ROTATE_90);
    FreeImage_DeInitialise();
    return 0;
}

Running this code would generate an assertion failure:

~/documents/FreeImage/FreeImage_3160/hacks $ ./run 
*** Error in `/home/kontinuation/documents/FreeImage/FreeImage_3160/hacks/run': double free or corruption (top): 0x098a8a88 ***
aborted

The problem is caused by closing the same file handle twice: file handles for source file and target file were allocated in openStdIO(), when src_file equals dst_file, it opens the file only once and make src_file and dst_file share the same file handle, while closeStdIO() is not aware of this case and it simply calls fclose() on both file handles, which leads to an assertion failure in libc and caused the problem.

The patch fixes this problem by not calling fclose() on dst_handle when src_handle == dst_handle.

1 Attachments

Discussion

  • Kontinuation
    Kontinuation
    2014-08-19

    Seems that this problem is already fixed in [Revision 1.11], maybe the next release would contain this fix.

     
  • Hervé Drolon
    Hervé Drolon
    2014-08-20

    • status: open --> pending
    • assigned_to: Hervé Drolon
    • Group: -->
     
  • Hervé Drolon
    Hervé Drolon
    2014-08-20

    Hi,

    This bug was recently fixed in the CVS.
    See the post-scriptum in
    http://sourceforge.net/p/freeimage/patches/88/

    The bug fix will be available in the next release.

    Hervé

     
  • Hervé Drolon
    Hervé Drolon
    2014-08-20

    Ticket moved from /p/freeimage/patches/94/

     
  • Hervé Drolon
    Hervé Drolon
    2015-03-15

    • status: pending --> closed
     
  • Hervé Drolon
    Hervé Drolon
    2015-03-15

    fixed in release 3.17.0