Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 607534 - media-gfx/imagemagick-6.9.7.4 double free or corruption
Summary: media-gfx/imagemagick-6.9.7.4 double free or corruption
Status: RESOLVED NEEDINFO
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Andreas K. Hüttel
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-29 04:38 UTC by Xuefer
Modified: 2020-10-16 19:21 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
emerge --info (emerge-info.txt,7.11 KB, text/plain)
2017-01-29 04:40 UTC, Xuefer 		Details
sample file to reproduce the bug (00021.png,2.63 KB, image/png)
2017-01-29 09:05 UTC, Xuefer 		Details
00460.png (00460.png,38.46 KB, image/png)
2017-01-29 09:05 UTC, Xuefer 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Xuefer 2017-01-29 04:38:22 UTC 
convert 00460.png -verbose -resize '540x180' png8:a.png
produce [1]    32177 abort (core dumped)  convert 00460.png -verbose -resize '540x180' png8:a.png

i tried to recompile imagemagick using gcc instead of clang, same problem. i have no idea if this is affected by clang. i have almost all packages compile using clang except those fail



$ valgrind  convert 00460.png -verbose -resize '540x180' png8:a.png                                                                                                                     134 ↵
==32114== Memcheck, a memory error detector
==32114== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==32114== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==32114== Command: convert 00460.png -verbose -resize 540x180 png8:a.png
==32114==
==32114== Syscall param sched_setaffinity(mask) points to unaddressable byte(s)
==32114==    at 0x4F8A5C9: syscall (in /lib64/libc-2.23.so)
==32114==    by 0x58AE283: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x5867449: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x585AF96: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x585AC67: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x5851BA5: __kmpc_global_thread_num (in /usr/lib64/libomp.so)
==32114==    by 0x4BC859E: AcquireResizeFilter (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x4BCC7FE: ResizeImage (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x40E4324: MogrifyImage (in /usr/lib64/libMagickWand-6.Q16.so.3.0.0)
==32114==    by 0x4113FC1: MogrifyImages (in /usr/lib64/libMagickWand-6.Q16.so.3.0.0)
==32114==    by 0x408F131: ConvertImageCommand (in /usr/lib64/libMagickWand-6.Q16.so.3.0.0)
==32114==    by 0x40E2EA5: MagickCommandGenesis (in /usr/lib64/libMagickWand-6.Q16.so.3.0.0)
==32114==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==32114==
==32114== Thread 4:
==32114== Argument 'size' of function memalign has a fishy (possibly negative) value: -2233408
==32114==    at 0x402CFA0: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x402D257: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x4A6EAA2: ??? (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x4A6C56E: GetVirtualPixelsFromNexus (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x4A75DCA: GetCacheViewVirtualPixels (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x4BD0B64: ??? (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x58BB5F2: __kmp_invoke_microtask (in /usr/lib64/libomp.so)
==32114==    by 0x5865BA9: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x5864B71: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x58AF601: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x4C92443: start_thread (in /lib64/libpthread-2.23.so)
==32114==    by 0x4F8EABC: clone (in /lib64/libc-2.23.so)
==32114==
00460.png=>a.png PNG 1620x540 1620x540+0+0 8-bit sRGB 17c 9.99KB 2.720u 0:02.710
convert: memory allocation failed `00460.png[0]' @ error/cache.c/AcquireCacheNexusPixels/4998.
==32114==
==32114== HEAP SUMMARY:
==32114==     in use at exit: 898 bytes in 27 blocks
==32114==   total heap usage: 5,727 allocs, 5,700 frees, 22,695,831 bytes allocated
==32114==
==32114== Thread 1:
==32114== 4 bytes in 1 blocks are still reachable in loss record 1 of 17
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x58671D0: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x585AF96: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x585AC67: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x5851BA5: __kmpc_global_thread_num (in /usr/lib64/libomp.so)
==32114==    by 0x4BC859E: AcquireResizeFilter (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x4BCC7FE: ResizeImage (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x40E4324: MogrifyImage (in /usr/lib64/libMagickWand-6.Q16.so.3.0.0)
==32114==    by 0x4113FC1: MogrifyImages (in /usr/lib64/libMagickWand-6.Q16.so.3.0.0)
==32114==    by 0x408F131: ConvertImageCommand (in /usr/lib64/libMagickWand-6.Q16.so.3.0.0)
==32114==    by 0x40E2EA5: MagickCommandGenesis (in /usr/lib64/libMagickWand-6.Q16.so.3.0.0)
==32114==    by 0x400932: ??? (in /usr/bin/convert)
==32114==
==32114== 7 bytes in 1 blocks are still reachable in loss record 2 of 17
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x41E391F: ??? (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x41E2569: lt_dlpreload_open (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x4B5EF61: ??? (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x4B595A5: MagickCoreGenesis (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x400909: ??? (in /usr/bin/convert)
==32114==    by 0x4EC770F: (below main) (in /lib64/libc-2.23.so)
==32114==
==32114== 8 bytes in 1 blocks are still reachable in loss record 3 of 17
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x560CBC8: ??? (in /usr/lib64/gcc/x86_64-pc-linux-gnu/5.4.0/libgomp.so.1.0.0)
==32114==    by 0x5615AA7: ??? (in /usr/lib64/gcc/x86_64-pc-linux-gnu/5.4.0/libgomp.so.1.0.0)
==32114==    by 0x560B231: ??? (in /usr/lib64/gcc/x86_64-pc-linux-gnu/5.4.0/libgomp.so.1.0.0)
==32114==    by 0x400F2B9: call_init.part.0 (in /lib64/ld-2.23.so)
==32114==    by 0x400F3CA: _dl_init (in /lib64/ld-2.23.so)
==32114==    by 0x4000CB9: ??? (in /lib64/ld-2.23.so)
==32114==    by 0x5: ???
==32114==    by 0xFFEFFF7FE: ???
==32114==    by 0xFFEFFF806: ???
==32114==    by 0xFFEFFF810: ???
==32114==    by 0xFFEFFF819: ???
==32114==
==32114== 9 bytes in 1 blocks are still reachable in loss record 4 of 17
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x41E478A: ??? (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x41E3B97: ??? (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x41E2569: lt_dlpreload_open (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x4B5EF61: ??? (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x4B595A5: MagickCoreGenesis (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x400909: ??? (in /usr/bin/convert)
==32114==    by 0x4EC770F: (below main) (in /lib64/libc-2.23.so)
==32114==
==32114== 16 bytes in 1 blocks are still reachable in loss record 5 of 17
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x41E2771: lt_dlloader_add (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x41E2E30: lt_dlinit (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x4B5EF61: ??? (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x4B595A5: MagickCoreGenesis (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x400909: ??? (in /usr/bin/convert)
==32114==    by 0x4EC770F: (below main) (in /lib64/libc-2.23.so)
==32114==
==32114== 16 bytes in 1 blocks are still reachable in loss record 6 of 17
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x41E2EA7: lt_dlinit (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x4B5EF61: ??? (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x4B595A5: MagickCoreGenesis (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x400909: ??? (in /usr/bin/convert)
==32114==    by 0x4EC770F: (below main) (in /lib64/libc-2.23.so)
==32114==
==32114== 16 bytes in 1 blocks are still reachable in loss record 7 of 17
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x41E2771: lt_dlloader_add (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x41E2F54: ??? (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x41E257B: lt_dlpreload_open (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x4B5EF61: ??? (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x4B595A5: MagickCoreGenesis (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x400909: ??? (in /usr/bin/convert)
==32114==    by 0x4EC770F: (below main) (in /lib64/libc-2.23.so)
==32114== 21 bytes in 1 blocks are still reachable in loss record 8 of 17                                                                                                           [46/14556]
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x4F25D79: strdup (in /lib64/libc-2.23.so)
==32114==    by 0x58413B0: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x5841575: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x585738F: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x585BC2C: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x585B157: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x585AC67: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x5851BA5: __kmpc_global_thread_num (in /usr/lib64/libomp.so)
==32114==    by 0x4BC859E: AcquireResizeFilter (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x4BCC7FE: ResizeImage (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x40E4324: MogrifyImage (in /usr/lib64/libMagickWand-6.Q16.so.3.0.0)
==32114==
==32114== 21 bytes in 1 blocks are still reachable in loss record 9 of 17
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x4F25D79: strdup (in /lib64/libc-2.23.so)
==32114==    by 0x584139D: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x5841575: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x585738F: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x58AF47E: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x4C92443: start_thread (in /lib64/libpthread-2.23.so)
==32114==
==32114== 48 bytes in 1 blocks are still reachable in loss record 11 of 17
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x584137F: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x5841575: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x585738F: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x58AF47E: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x4C92443: start_thread (in /lib64/libpthread-2.23.so)
==32114==
==32114== 72 bytes in 1 blocks are still reachable in loss record 13 of 17
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x41E2D49: lt_dlinit (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x4B5EF61: ??? (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x4B595A5: MagickCoreGenesis (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x400909: ??? (in /usr/bin/convert)
==32114==    by 0x4EC770F: (below main) (in /lib64/libc-2.23.so)
==32114==
==32114== 72 bytes in 1 blocks are still reachable in loss record 14 of 17
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x41E63A9: dlopen_LTX_get_vtable (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x41E2F49: ??? (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x41E257B: lt_dlpreload_open (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x4B5EF61: ??? (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x4B595A5: MagickCoreGenesis (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x400909: ??? (in /usr/bin/convert)
==32114==    by 0x4EC770F: (below main) (in /lib64/libc-2.23.so)
==32114== 88 bytes in 1 blocks are still reachable in loss record 15 of 17
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x41E3ABE: ??? (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x41E2569: lt_dlpreload_open (in /usr/lib64/libltdl.so.7.3.1)
==32114==    by 0x4B5EF61: ??? (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x4B595A5: MagickCoreGenesis (in /usr/lib64/libMagickCore-6.Q16.so.3.0.0)
==32114==    by 0x400909: ??? (in /usr/bin/convert)
==32114==    by 0x4EC770F: (below main) (in /lib64/libc-2.23.so)
==32114==
==32114== 126 bytes in 6 blocks are still reachable in loss record 16 of 17
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x4F25D79: strdup (in /lib64/libc-2.23.so)
==32114==    by 0x584139D: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x5841575: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x585738F: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x58AF47E: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x4C92443: start_thread (in /lib64/libpthread-2.23.so)
==32114==    by 0x4F8EABC: clone (in /lib64/libc-2.23.so)
==32114==
==32114== 288 bytes in 6 blocks are still reachable in loss record 17 of 17
==32114==    at 0x4029951: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==32114==    by 0x584137F: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x5841575: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x585738F: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x58AF47E: ??? (in /usr/lib64/libomp.so)
==32114==    by 0x4C92443: start_thread (in /lib64/libpthread-2.23.so)
==32114==    by 0x4F8EABC: clone (in /lib64/libc-2.23.so)
==32114==
==32114== LEAK SUMMARY:
==32114==    definitely lost: 0 bytes in 0 blocks
==32114==    indirectly lost: 0 bytes in 0 blocks
==32114==      possibly lost: 0 bytes in 0 blocks
==32114==    still reachable: 812 bytes in 25 blocks
==32114==         suppressed: 86 bytes in 2 blocks
==32114==
==32114== For counts of detected and suppressed errors, rerun with: -v
==32114== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Comment 1 Xuefer 2017-01-29 04:40:09 UTC 
Created attachment 461798 [details]
emerge --info
Comment 2 Xuefer 2017-01-29 09:05:43 UTC 
Created attachment 461808 [details]
sample file to reproduce the bug
Comment 3 Xuefer 2017-01-29 09:05:58 UTC 
Created attachment 461810 [details]
00460.png
Comment 4 Jonas Stein gentoo-dev 2020-03-28 17:35:04 UTC 
media-gfx/imagemagick-6.9.7.4 is no longer in the tree.
Are current versions affected too?
Comment 5 Andreas K. Hüttel archtester gentoo-dev 2020-10-16 19:21:52 UTC 
(In reply to Jonas Stein from comment #4)
> media-gfx/imagemagick-6.9.7.4 is no longer in the tree.
> Are current versions affected too?