Menu
▾
▴
[Tkimg-bugs] [ tkimg-Bugs-3016150 ] crash when loading JPEG data on 64-bit systems
|
From: SourceForge.net <no...@so...> - 2010-09-28 05:54:48
|
Bugs item #3016150, was opened at 2010-06-14 23:11 Message generated for change (Settings changed) made by nijtmans You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=465492&aid=3016150&group_id=52039 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: JPEG format Group: 1.4.0 >Status: Closed Resolution: Works For Me Priority: 5 Private: No Submitted By: Konstantin Khomoutov (flatworm) Assigned to: Jan Nijtmans (nijtmans) Summary: crash when loading JPEG data on 64-bit systems Initial Comment: Img 1.4 crashes on 64-bit Linux when attempting to load (any) JPEG data. It seems that the crash also happens when Img attempts to interpret the data (that is, when the data format is unknown and Img attempts to deduce it) and so it also can crash on images to interpret whose format JPEG handler is tried before their native one (PNG seems to fall into this group). The crash was reported by three Gentoo users of Tkabber as Gentoo now distributes Img 1.4; the crash only happens on 64-bit platforms. The most recent crash reported occured on the system with `uname -a`: Linux polaris 2.6.34 #3 PREEMPT Mon Jun 7 23:29:30 MSD 2010 x86_64 AMD Athlon(tm) 64 Processor 3200+ AuthenticAMD GNU/Linux and Tcl/Tk 8.5.8. The stack trace was: ~ % gdb --args /usr/bin/wish8.5 /usr/local/share/tkabber/tkabber.tcl GNU gdb (Gentoo 7.1 p1) 7.1 Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". For bug reporting instructions, please see: <http://bugs.gentoo.org/>... Reading symbols from /usr/bin/wish8.5...done. (gdb) r Starting program: /usr/bin/wish8.5 /usr/local/share/tkabber/tkabber.tcl warning: no loadable sections found in added symbol-file /usr/lib64/debug/lib64/ld-2.11.2.so.debug Program received signal SIGSEGV, Segmentation fault. 0x00007ffff4d5159c in ObjRead (interp=0x606110, data=0x1b590a0, format=0x0, imageHandle=0x1b03e90, destX=0, destY=0, width=215, height=300, srcX=0, srcY=0) at jpeg.c:475 475 cinfo.err = jpeg_std_error(&jerror.pub); (gdb) bt #0 0x00007ffff4d5159c in ObjRead (interp=0x606110, data=0x1b590a0, format=0x0, imageHandle=0x1b03e90, destX=0, destY=0, width=215, height=300, srcX=0, srcY=0) at jpeg.c:475 #1 0x00007ffff7b1ba54 in ImgPhotoCmd (clientData=0x1b03e90, interp=0x606110, objc=3, objv=0x8e68c0) at /var/tmp/portage/dev-lang/tk-8.5.8/work/tk8.5.8/unix/../generic/tkImgPhoto.c:1083 #2 0x00007ffff77201cd in TclEvalObjvInternal (interp=0x606110, objc=3, objv=0x8e68c0, command=0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, length=-1, flags=0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:3689 #3 0x00007ffff77878e3 in TclExecuteByteCode (interp=0x606110, codePtr=0x1ba1c50) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclExecute.c:2327 #4 0x00007ffff77e1935 in TclObjInterpProcCore (interp=0x606110, procNameObj=0x1b57670, skip=1, errorProc=0x7ffff77e1fe0 <MakeProcError>) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclProc.c:1758 #5 0x00007ffff77e186e in TclObjInterpProc (clientData=0xd18750, interp=0x606110, objc=3, objv=0x8e6730) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclProc.c:1652 #6 0x00007ffff77201cd in TclEvalObjvInternal (interp=0x606110, objc=3, objv=0x8e6730, command=0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, length=-1, flags=0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:3689 #7 0x00007ffff77878e3 in TclExecuteByteCode (interp=0x606110, codePtr=0x1b57800) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclExecute.c:2327 #8 0x00007ffff77e1935 in TclObjInterpProcCore (interp=0x606110, procNameObj=0x1b572b0, skip=1, errorProc=0x7ffff77e1fe0 <MakeProcError>) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclProc.c:1758 #9 0x00007ffff77e186e in TclObjInterpProc (clientData=0xd17c20, interp=0x606110, objc=3, objv=0x8e65c0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclProc.c:1652 #10 0x00007ffff77201cd in TclEvalObjvInternal (interp=0x606110, objc=3, objv=0x8e65c0, command=0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, length=-1, flags=0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:3689 #11 0x00007ffff77878e3 in TclExecuteByteCode (interp=0x606110, codePtr=0x1ba4520) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclExecute.c:2327 #12 0x00007ffff77e1935 in TclObjInterpProcCore (interp=0x606110, procNameObj=0x1a727d0, skip=1, errorProc=0x7ffff77e1fe0 <MakeProcError>) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclProc.c:1758 #13 0x00007ffff77e186e in TclObjInterpProc (clientData=0xcc2780, interp=0x606110, objc=4, objv=0x19cc210) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclProc.c:1652 #14 0x00007ffff77201cd in TclEvalObjvInternal (interp=0x606110, objc=4, objv=0x19cc210, command=0x0, length=0, flags=262144) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:3689 #15 0x00007ffff77208ad in Tcl_EvalObjv (interp=0x606110, objc=4, objv=0x19cc210, flags=262144) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:3885 #16 0x00007ffff77223c2 in TclEvalObjEx (interp=0x606110, objPtr=0x1b13c90, flags=262144, invoker=0x0, word=0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:5115 #17 0x00007ffff7722257 in Tcl_EvalObjEx (interp=0x606110, objPtr=0x0, flags=262144) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:5035 #18 0x00007ffff77e0944 in Tcl_UplevelObjCmd (dummy=0x0, interp=0x606110, objc=2, objv=0x8e6410) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclProc.c:959 #19 0x00007ffff77201cd in TclEvalObjvInternal (interp=0x606110, objc=4, objv=0x8e6400, command=0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, length=-1, flags=0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:3689 #20 0x00007ffff77878e3 in TclExecuteByteCode (interp=0x606110, codePtr=0x17e88a0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclExecute.c:2327 #21 0x00007ffff77e1935 in TclObjInterpProcCore (interp=0x606110, procNameObj=0x14aeb00, skip=1, errorProc=0x7ffff77e1fe0 <MakeProcError>) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclProc.c:1758 #22 0x00007ffff77e186e in TclObjInterpProc (clientData=0x8e57c0, interp=0x606110, objc=3, objv=0x19c3d40) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclProc.c:1652 #23 0x00007ffff77201cd in TclEvalObjvInternal (interp=0x606110, objc=3, objv=0x19c3d40, command=0x0, length=0, flags=262144) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:3689 #24 0x00007ffff77208ad in Tcl_EvalObjv (interp=0x606110, objc=3, objv=0x19c3d40, flags=262144) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:3885 #25 0x00007ffff77223c2 in TclEvalObjEx (interp=0x606110, objPtr=0x199d770, flags=262144, invoker=0x0, word=0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:5115 #26 0x00007ffff7722257 in Tcl_EvalObjEx (interp=0x606110, objPtr=0x0, flags=262144) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:5035 #27 0x00007ffff77c6d95 in NamespaceInscopeCmd (dummy=0x0, interp=0x606110, objc=5, objv=0x1a0a270) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclNamesp.c:3735 #28 0x00007ffff77c57b8 in Tcl_NamespaceObjCmd (clientData=0x0, interp=0x606110, objc=5, objv=0x1a0a270) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclNamesp.c:2837 #29 0x00007ffff77201cd in TclEvalObjvInternal (interp=0x606110, objc=5, objv=0x1a0a270, command=0x0, length=0, flags=262144) ---Type <return> to continue, or q <return> to quit--- at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:3689 #30 0x00007ffff77208ad in Tcl_EvalObjv (interp=0x606110, objc=5, objv=0x1a0a270, flags=262144) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:3885 #31 0x00007ffff77223c2 in TclEvalObjEx (interp=0x606110, objPtr=0x1b3cd30, flags=262144, invoker=0x0, word=0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:5115 #32 0x00007ffff7722257 in Tcl_EvalObjEx (interp=0x606110, objPtr=0x0, flags=262144) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:5035 #33 0x00007ffff77e0944 in Tcl_UplevelObjCmd (dummy=0x0, interp=0x606110, objc=2, objv=0x8e60a8) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclProc.c:959 #34 0x00007ffff77201cd in TclEvalObjvInternal (interp=0x606110, objc=4, objv=0x8e6098, command=0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, length=-1, flags=0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:3689 #35 0x00007ffff77878e3 in TclExecuteByteCode (interp=0x606110, codePtr=0x1749fc0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclExecute.c:2327 #36 0x00007ffff77e1935 in TclObjInterpProcCore (interp=0x606110, procNameObj=0x1a2caf0, skip=1, errorProc=0x7ffff77e1fe0 <MakeProcError>) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclProc.c:1758 #37 0x00007ffff77e186e in TclObjInterpProc (clientData=0x8e4090, interp=0x606110, objc=3, objv=0x8e5e00) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclProc.c:1652 #38 0x00007ffff77201cd in TclEvalObjvInternal (interp=0x606110, objc=3, objv=0x8e5e00, command=0x1b63530 "Parse ::xmpp::1 {iq jabber:client {from tk...@co.../BrennendeR_Komet to abi...@ja.../tkabber id 26:249717 type result} {{vCard vcard-temp {} {{NICKNAME vcard-temp {} {} Brenn"..., length=14673, flags=0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:3689 #39 0x00007ffff7721654 in TclEvalEx (interp=0x606110, script=0x1b63530 "Parse ::xmpp::1 {iq jabber:client {from tk...@co.../BrennendeR_Komet to abi...@ja.../tkabber id 26:249717 type result} {{vCard vcard-temp {} {{NICKNAME vcard-temp {} {} Brenn"..., numBytes=14673, flags=262144, line=1, clNextOuter=0x0, outerScript=0x1b63530 "Parse ::xmpp::1 {iq jabber:client {from tk...@co.../BrennendeR_Komet to abi...@ja.../tkabber id 26:249717 type result} {{vCard vcard-temp {} {{NICKNAME vcard-temp {} {} Brenn"...) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:4386 #40 0x00007ffff7720a96 in Tcl_EvalEx (interp=0x606110, script=0x1b63530 "Parse ::xmpp::1 {iq jabber:client {from tk...@co.../BrennendeR_Komet to abi...@ja.../tkabber id 26:249717 type result} {{vCard vcard-temp {} {{NICKNAME vcard-temp {} {} Brenn"..., numBytes=14673, flags=262144) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:4043 #41 0x00007ffff77224cc in TclEvalObjEx (interp=0x606110, objPtr=0x1888290, flags=262144, invoker=0x0, word=0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:5177 #42 0x00007ffff7722257 in Tcl_EvalObjEx (interp=0x606110, objPtr=0x0, flags=262144) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:5035 #43 0x00007ffff77c6d95 in NamespaceInscopeCmd (dummy=0x0, interp=0x606110, objc=5, objv=0x8e5ab8) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclNamesp.c:3735 #44 0x00007ffff77c57b8 in Tcl_NamespaceObjCmd (clientData=0x0, interp=0x606110, objc=5, objv=0x8e5ab8) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclNamesp.c:2837 #45 0x00007ffff77201cd in TclEvalObjvInternal (interp=0x606110, objc=5, objv=0x8e5ab8, command=0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, length=-1, flags=0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:3689 #46 0x00007ffff77878e3 in TclExecuteByteCode (interp=0x606110, codePtr=0x1ba1a00) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclExecute.c:2327 #47 0x00007ffff7785920 in TclCompEvalObj (interp=0x606110, objPtr=0x1ba40e0, invoker=0x0, word=0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclExecute.c:1450 #48 0x00007ffff77226c7 in TclEvalObjEx (interp=0x606110, objPtr=0x1ba40e0, flags=131072, invoker=0x0, word=0) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:5264 #49 0x00007ffff7722257 in Tcl_EvalObjEx (interp=0x606110, objPtr=0x0, flags=131072) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclBasic.c:5035 #50 0x00007ffff77f234c in AfterProc (clientData=0x1ba4750) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclTimer.c:1147 #51 0x00007ffff77f1610 in TclServiceIdle () at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclTimer.c:738 #52 0x00007ffff77cd5d1 in Tcl_DoOneEvent (flags=-3) at /var/tmp/portage/dev-lang/tcl-8.5.8/work/tcl8.5.8/unix/../generic/tclNotify.c:993 #53 0x00007ffff7a98444 in Tk_MainLoop () at /var/tmp/portage/dev-lang/tk-8.5.8/work/tk8.5.8/unix/../generic/tkEvent.c:2139 #54 0x00007ffff7aaa7f5 in Tk_MainEx (argc=-1, argv=0x7fffffffdef8, appInitProc=0x400b53 <Tcl_AppInit>, interp=0x606110) at /var/tmp/portage/dev-lang/tk-8.5.8/work/tk8.5.8/unix/../generic/tkMain.c:321 #55 0x0000000000400b47 in main (argc=2, argv=0x7fffffffdee8) at /var/tmp/portage/dev-lang/tk-8.5.8/work/tk8.5.8/unix/../unix/tkAppInit.c:68 (gdb) s Program terminated with signal SIGSEGV, Segmentation fault. The program no longer exists. (gdb) q To trigger the crash it suffices to run this minimal snippet: $ wish8.5 % package require Img 1.4 % image create photo -file /tmp/vuvuzela.jpg I should stress that Tkabber devs did not yet receive any reports from users of 32-bit Gentoo systems, so quite possibly this bug mainfests itself only on 64-bit platforms. ---------------------------------------------------------------------- Comment By: Jan Nijtmans (nijtmans) Date: 2010-09-28 07:54 Message: > Jan, from your first comment it seems > that you actually looked at that bug after it > was filed (I was sure this bug was unnoticed) It was unnoticed, until you added your comment in #2975451, asking for this to be fixed for the tkImg 1.4 release. Only then I looked at the stack-trace, and added my comment. >and I think if you added some comment that from > your point of view this is not a bug in Img Allow me a suggestion for you as well. If I am unsure where the bug is, I just file two bug reports and reference one to another. ---------------------------------------------------------------------- Comment By: Konstantin Khomoutov (flatworm) Date: 2010-09-27 15:33 Message: I contacted the reporters of this bug, of them just one responded and told me that from his point of view the problem was gone after he built Img from HEAD. Searching Gentoo bugtracker for bugs in tkImg and libjpeg packages also yielded nothing related to this problem. Due to such apparent volatility of Gentoo environment, my proposition is to close the bug; if someone still has this problem they would re-open it after all. Let me add one remark as well. Jan, from your first comment it seems that you actually looked at that bug after it was filed (I was sure this bug was unnoticed), and I think if you added some comment that from your point of view this is not a bug in Img, I would be able to quickly get back to the original reporters and the whole thing would be resolved much faster. ---------------------------------------------------------------------- Comment By: Jan Nijtmans (nijtmans) Date: 2010-09-27 11:15 Message: Since we cannot reproduce this, it looks like a problem in the Gentoo build. Please report the problem there (if it hasn´t already been done). Paul´s builds are OK, even for 64/bit systems, and ActiveState succeeded to provide 64/bit binaries for various systems as well (it´s part of ActiveTcl 8.5.9). ---------------------------------------------------------------------- Comment By: Paul Obermeier (obermeier) Date: 2010-09-26 16:52 Message: I have tested with several hundred JPEG images on my SuSE 11.2 64-bit system without encoutering any errors using the code of the official 1.4 release. The test suites (in tests/visualtests) also run perfectly. P.S.: I supply binaries of tkImg on http://www.posoft.de/html/extTkImg.html. Paul ---------------------------------------------------------------------- Comment By: Jan Nijtmans (nijtmans) Date: 2010-09-24 23:30 Message: Since jpeg_std_error is the first jpeg function executed, even before starting to read the image, I suspect this is a build problem. Between tkImg 1.3 and 1.4, the jpeg code is not changed at all (except for some cleanup and the handling of out-of-memory), but a bigger change is the upgrade from libjpeg 6 to 8b. So, it's much more likely that the real problem is in libjpeg, not in tkImg. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=465492&aid=3016150&group_id=52039 |