Bug 194864 - media-libs/libpng-1.2.21 causes several KDE apps to crash/not start
Bug#: 194864 Product:  Gentoo Linux Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: base-system@gentoo.org Reported By: teidakankan@gmail.com
Component: Library
URL: 
Summary: media-libs/libpng-1.2.21 causes several KDE apps to crash/not start
Keywords:  
Status Whiteboard: 
Opened: 2007-10-05 23:57 0000
Description:   Opened: 2007-10-05 23:57 0000 
1.  skim won't start
2.  krusader use to start with: krusader -caption "%c" %i %m but now only
starts 
    with krusader -caption "%c"
3.  ktorrent won't start

Okay after reinstalling media-libs/libpng-1.2.20

Reproducible: Always

------- Comment #1 From teidakankan@gmail.com 2007-10-05 23:57:43 0000 ------- 
Created an attachment (id=132689) [details]
emerge info

------- Comment #2 From Norberto Bensa 2007-10-06 01:27:14 0000 ------- 
add yakuake to the list

------- Comment #3 From Peter Henriksson 2007-10-06 10:42:43 0000 ------- 
Not having seen what error you get I can't say if it's the same issue but.
bmpx crashes with libpng-1.2.21 with the following message.

swany@gentoo ~ $ /usr/libexec/beep-media-player-2-bin 
** Message: sm.cc:270: Connection opened, client id is
11c0a80001000119166709100000019680007
** Message: sm.cc:53: XSMP Version: 1  Revision: 0
** Message: sm.cc:56: Session manager: GnomeSM 
** Message: sm.cc:60: Release: 2.20.0
*** glibc detected *** /usr/libexec/beep-media-player-2-bin: malloc(): memory
corruption: 0x088889b8 ***
======= Backtrace: =========
/lib/libc.so.6[0xb6e54a8f]
/lib/libc.so.6[0xb6e56d20]
/lib/libc.so.6(__libc_malloc+0x90)[0xb6e58410]
/usr/lib/libglib-2.0.so.0(g_try_malloc+0x33)[0xb70a6563]
/usr/lib/libpng12.so.0(png_malloc+0x3d)[0xb6b5eb7d]

Works fine with libpng-1.2.20

------- Comment #4 From Peter Henriksson 2007-10-06 10:50:24 0000 ------- 
It's probably this bug.
http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com&forum_name=png-mng-implement

It will be fixed for 1.2.22. libpng-1.2.21 should probably be masked.

------- Comment #5 From SpanKY 2007-10-06 14:05:19 0000 ------- 
thanks for the link, ive added the one-liner fix to 1.2.21-r1

------- Comment #6 From teidakankan@gmail.com 2007-10-06 21:03:05 0000 ------- 
1.2.21-r1 didn't resolve anything here.  I'll just wait for 1.2.22.

------- Comment #7 From Peter Henriksson 2007-10-06 21:38:06 0000 ------- 
Created an attachment (id=132772) [details]
Altered patch

The attached patch works for me.

Shamelessly copied from the 1.2.21 => 1.2.22beta changes.   :D

------- Comment #8 From teidakankan@gmail.com 2007-10-06 22:52:29 0000 ------- 
(In reply to comment #7)
> Created an attachment (id=132772) [edit] [details]
> Altered patch
> 
> The attached patch works for me.
> 
> Shamelessly copied from the 1.2.21 => 1.2.22beta changes.   :D
> 

That fixed it.  Many thanks!

------- Comment #9 From SpanKY 2007-10-06 22:57:21 0000 ------- 
unfortunately, the mailing list only showed the one change, and libpng doesnt
have a public scm for me to check, so i just went with what was on the mailing
list

ive updated the patch for 1.2.21-r2, thanks

------- Comment #10 From SpanKY 2007-10-08 22:13:55 0000 ------- 
*** Bug 195147 has been marked as a duplicate of this bug. ***

------- Comment #11 From Kovid Goyal 2007-10-09 01:34:57 0000 ------- 
1.2.21-r2 still causes crashes for me in several apps, kopete being the most
prominent.

------- Comment #12 From Doug Goldstein 2007-10-09 15:16:48 0000 ------- 
That patch can't be right.

------- Comment #13 From Doug Goldstein 2007-10-09 15:28:28 0000 ------- 
Created an attachment (id=133005) [details]
libpng-1.2.21-null-termination.patch

Looks a bit better and should solve all issues.

------- Comment #14 From Doug Goldstein 2007-10-10 21:35:21 0000 ------- 
I committed this patch as -r3

------- Comment #15 From Pierre Poissinger 2007-10-14 17:36:08 0000 ------- 
Created an attachment (id=133460) [details]
Correct the typo but nothing more

Ok, fall with same bug with nautilus
(cf http://bugs.gentoo.org/show_bug.cgi?id=195536)
==> the original patch seems a little bit too paranoid for me:
first hunk: strncpy of xxx with strlen(xxx)+1 will set a trailing null, no need
to 2 call to strlen
second hunk: IMHO, not needed...